ExamGecko
Home / Palo Alto Networks / PCDRA / List of questions
Ask Question

Palo Alto Networks PCDRA Practice Test - Questions Answers, Page 2

Add to Whishlist

List of questions

Question 11

Report Export Collapse

What is an example of an attack vector for ransomware?

Performing DNS queries for suspicious domains
Performing DNS queries for suspicious domains
Performing SSL Decryption on an endpoint
Performing SSL Decryption on an endpoint
Phishing emails containing malicious attachments
Phishing emails containing malicious attachments
A URL filtering feature enabled on a firewall
A URL filtering feature enabled on a firewall
Suggested answer: C
Explanation:

An example of an attack vector for ransomware is phishing emails containing malicious attachments. Phishing is a technique that involves sending fraudulent emails that appear to come from a legitimate source, such as a bank, a company, or a government agency. The emails typically contain a malicious attachment, such as a PDF document, a ZIP archive, or a Microsoft Office document, that contains ransomware or a ransomware downloader. When the recipient opens or downloads the attachment, the ransomware is executed and encrypts the files or data on the victim's system. The attacker then demands a ransom for the decryption key, usually in cryptocurrency.

Phishing emails are one of the most common and effective ways of delivering ransomware, as they can bypass security measures such as firewalls, antivirus software, or URL filtering. Phishing emails can also exploit the human factor, as they can trick the recipient into opening the attachment by using social engineering techniques, such as impersonating a trusted sender, creating a sense of urgency, or appealing to curiosity or greed. Phishing emails can also target specific individuals or organizations, such as executives, employees, or customers, in a technique called spear phishing, which increases the chances of success.

According to various sources, phishing emails are the main vector of ransomware attacks, accounting for more than 90% of all ransomware infections12.Some of the most notorious ransomware campaigns, such as CryptoLocker, Locky, and WannaCry, have used phishing emails as their primary delivery method3. Therefore, it is essential to educate users on how to recognize and avoid phishing emails, as well as to implement security solutions that can detect and block malicious attachments.Reference:

Top 7 Ransomware Attack Vectors & How to Avoid Becoming a Victim - Bitsight

What Is the Main Vector of Ransomware Attacks? A Definitive Guide

CryptoLocker Ransomware Information Guide and FAQ

[Locky Ransomware Information, Help Guide, and FAQ]

[WannaCry ransomware attack]

asked 23/09/2024
franck ferreira
28 questions

Question 12

Report Export Collapse

What is the Wildfire analysis file size limit for Windows PE files?

No Limit
No Limit
500MB
500MB
100MB
100MB
1GB
1GB
Suggested answer: C
Explanation:

The Wildfire analysis file size limit for Windows PE files is 100MB. Windows PE files are executable files that run on the Windows operating system, such as .exe, .dll, .sys, or .scr files. Wildfire is a cloud-based service that analyzes files and URLs for malicious behavior and generates signatures and protections for them. Wildfire can analyze various file types, such as PE, APK, PDF, MS Office, and others, but each file type has a different file size limit. The file size limit determines the maximum size of the file that can be uploaded or forwarded to Wildfire for analysis. If the file size exceeds the limit, Wildfire will not analyze the file and will return an error message.

According to the Wildfire documentation1, the file size limit for Windows PE files is 100MB. This means that any PE file that is larger than 100MB will not be analyzed by Wildfire. However, the firewall can still apply other security features, such as antivirus, anti-spyware, vulnerability protection, and file blocking, to the PE file based on the security policy settings.The firewall can also perform local analysis on the PE file using the Cortex XDR agent, which uses machine learning models to assess the file and assign it a verdict2.

WildFire File Size Limits: This document provides the file size limits for different file types that can be analyzed by Wildfire.

Local Analysis: This document explains how the Cortex XDR agent performs local analysis on files that cannot be sent to Wildfire for analysis.

asked 23/09/2024
Trevor O'Brien
43 questions

Question 13

Report Export Collapse

How can you pivot within a row to Causality view and Timeline views for further investigate?

Using the Open Card Only
Using the Open Card Only
Using the Open Card and Open Timeline actions respectively
Using the Open Card and Open Timeline actions respectively
You can't pivot within a row to Causality view and Timeline views
You can't pivot within a row to Causality view and Timeline views
Using Open Timeline Actions Only
Using Open Timeline Actions Only
Suggested answer: B
Explanation:

To pivot within a row to Causality view and Timeline views for further investigation, you can use the Open Card and Open Timeline actions respectively. The Open Card action will open a new tab with the Causality view of the selected row, showing the causal chain of events that led to the alert. The Open Timeline action will open a new tab with the Timeline view of the selected row, showing the chronological sequence of events that occurred on the affected endpoint. These actions allow you to drill down into the details of each alert and understand the root cause and impact of the incident.Reference:

Cortex XDR User Guide, Chapter 9: Investigate Alerts, Section: Pivot to Causality View and Timeline View

PCDRA Study Guide, Section 3: Investigate and Respond to Alerts, Objective 3.1: Investigate alerts using the Causality view and Timeline view


asked 23/09/2024
Reaper Gamer
56 questions

Question 14

Report Export Collapse

Which of the following Live Terminal options are available for Android systems?

Live Terminal is not supported.
Live Terminal is not supported.
Stop an app.
Stop an app.
Run APK scripts.
Run APK scripts.
Run Android commands.
Run Android commands.
Suggested answer: D
Explanation:

Cortex XDR supports Live Terminal for Android systems, which allows you to remotely access and manage Android endpoints using a command-line interface. You can use Live Terminal to run Android commands, such asadb shell,adb logcat,adb install, andadb uninstall. You can also use Live Terminal to view and modify files, directories, and permissions on the Android endpoints. Live Terminal for Android systems does not support stopping an app or running APK scripts.Reference:

Cortex XDR documentation portal

Initiate a Live Terminal Session

Live Terminal Commands

asked 23/09/2024
Kevin Zander
40 questions

Question 15

Report Export Collapse

Which search methods is supported by File Search and Destroy?

File Seek and Destroy
File Seek and Destroy
File Search and Destroy
File Search and Destroy
File Seek and Repair
File Seek and Repair
File Search and Repair
File Search and Repair
Suggested answer: B
Explanation:

File Search and Destroy is a feature of Cortex XDR that allows you to search for and remove malicious files from endpoints. You can use this feature to find files by their hash, full path, or partial path using regex parameters. You can then select the files from the search results and destroy them by hash or by path. When you destroy a file by hash, all the file instances on the endpoint are removed. File Search and Destroy is useful for quickly responding to threats and preventing further damage.Reference:

Search and Destroy Malicious Files

Cortex XDR Pro Administrator Guide

asked 23/09/2024
Renats Fasulins
43 questions

Question 16

Report Export Collapse

In the Cortex XDR console, from which two pages are you able to manually perform the agent upgrade action? (Choose two.)

Asset Management
Asset Management
Agent Installations
Agent Installations
Action Center
Action Center
Endpoint Administration
Endpoint Administration
Suggested answer: A, D
Explanation:

To manually upgrade the Cortex XDR agents, you can use theAsset Managementpage or theEndpoint Administrationpage in the Cortex XDR console. On the Asset Management page, you can select one or more endpoints and clickActions > Upgrade Agent. On the Endpoint Administration page, you can select one or more agent versions and clickUpgrade. You can also schedule automatic agent upgrades using theAgent Installationspage.Reference:

Asset Management

Endpoint Administration

Agent Installations

asked 23/09/2024
John Murphy
37 questions

Question 17

Report Export Collapse

What motivation do ransomware attackers have for returning access to systems once their victims have paid?

There is organized crime governance among attackers that requires the return of access to remain in good standing
There is organized crime governance among attackers that requires the return of access to remain in good standing
Nation-states enforce the return of system access through the use of laws and regulation.
Nation-states enforce the return of system access through the use of laws and regulation.
Failure to restore access to systems undermines the scheme because others will not believe their valuables would be returned.
Failure to restore access to systems undermines the scheme because others will not believe their valuables would be returned.
The ransomware attackers hope to trace the financial trail back and steal more from traditional banking institutions.
The ransomware attackers hope to trace the financial trail back and steal more from traditional banking institutions.
Suggested answer: C
Explanation:

Ransomware attackers have a motivation to return access to systems once their victims have paid because they want to maintain their reputation and credibility. If they fail to restore access to systems, they risk losing the trust of future victims who may not believe that paying the ransom will result in getting their data back. This would reduce the effectiveness and profitability of their scheme. Therefore, ransomware attackers have an incentive to honor their promises and decrypt the data after receiving the ransom.Reference:

What is the motivation behind ransomware? | Foresite

As Ransomware Attackers' Motives Change, So Should Your Defense - Forbes

asked 23/09/2024
Arvind Prasad S
48 questions

Question 18

Report Export Collapse

Live Terminal uses which type of protocol to communicate with the agent on the endpoint?

Become a Premium Member for full access
  Unlock Premium Member

Question 19

Report Export Collapse

You can star security events in which two ways? (Choose two.)

Become a Premium Member for full access
  Unlock Premium Member

Question 20

Report Export Collapse

Where would you go to add an exception to exclude a specific file hash from examination by the Malware profile for a Windows endpoint?

Become a Premium Member for full access
  Unlock Premium Member
Total 91 questions
Go to page: of 10