PCDRA: Palo Alto Networks Certified Detection And Remediation Analyst


Related questions
Which of the following protection modules is checked first in the Cortex XDR Windows agent malware protection flow?
You can star security events in which two ways? (Choose two.)
When reaching out to TAC for additional technical support related to a Security Event; what are two critical pieces of information you need to collect from the Agent? (Choose Two)
Cortex XDR is deployed in the enterprise and you notice a cobalt strike attack via an ongoing supply chain compromise was prevented on 1 server. What steps can you take to ensure the same protection is extended to all your servers?
Which statement best describes how Behavioral Threat Protection (BTP) works?
When is the wss (WebSocket Secure) protocol used?
Why would one threaten to encrypt a hypervisor or, potentially, a multiple number of virtual machines running on a server?
The Cortex XDR console has triggered an incident, blocking a vitally important piece of software in your organization that is known to be benign. Which of the following options would prevent Cortex XDR from blocking this software in the future, for all endpoints in your organization?
A global exception is a rule that allows you to exclude specific files, processes, or behaviors from being blocked or detected by Cortex XDR. A global exception applies to all endpoints in your organization that are protected by Cortex XDR. Creating a global exception for a vitally important piece of software that is known to be benign would prevent Cortex XDR from blocking this software in the future, for all endpoints in your organization.
To create a global exception, you need to follow these steps:
In the Cortex XDR management console, go toPolicy Management > Exceptionsand clickAdd Exception.
Select theGlobal Exceptionoption and clickNext.
Enter a name and description for the exception and clickNext.
Select the type of exception you want to create, such as file, process, or behavior, and clickNext.
Specify the criteria for the exception, such as file name, hash, path, process name, command line, or behavior name, and clickNext.
Review the summary of the exception and clickFinish.
Create Global Exceptions: This document explains how to create global exceptions to exclude specific files, processes, or behaviors from being blocked or detected by Cortex XDR.
Exceptions Overview: This document provides an overview of exceptions and how they can be used to fine-tune the Cortex XDR security policy.
What is the purpose of the Cortex Data Lake?
The purpose of the Cortex Data Lake is to provide a cloud-based storage facility where your firewall logs are stored. Cortex Data Lake is a service that collects, transforms, and integrates your enterprise's security data to enable Palo Alto Networks solutions. It powers AI and machine learning, detection accuracy, and app and service innovation. Cortex Data Lake automatically collects, integrates, and normalizes data across your security infrastructure, including your next-generation firewalls, Prisma Access, and Cortex XDR. With unified data, you can run advanced AI and machine learning to radically simplify security operations with apps built on Cortex. Cortex Data Lake is available in multiple regions and supports data residency and privacy requirements.Reference:
Cortex Data Lake - Palo Alto Networks
Cortex Data Lake - Palo Alto Networks
Cortex Data Lake, the technology behind Cortex XDR - Palo Alto Networks
CORTEX DATA LAKE - Palo Alto Networks
Sizing for Cortex Data Lake Storage - Palo Alto Networks
Under which conditions is Local Analysis evoked to evaluate a file before the file is allowed to run?
Question