Home

Home / Palo Alto Networks / PCDRA

Question list

List of questions

Question 1

(0)

When investigating security events, which feature in Cortex XDR is useful for reverting the changes on the endpoint?

Question 2

(0)

What is the purpose of the Cortex Data Lake?

Question 3

(0)

When creating a scheduled report which is not an option?

Question 4

(0)

Which statement regarding scripts in Cortex XDR is true?

Question 5

(0)

What is the function of WildFire for Cortex XDR?

Question 6

(0)

Which profiles can the user use to configure malware protection in the Cortex XDR console?

Question 7

(0)

Which module provides the best visibility to view vulnerabilities?

Question 8

(0)

Which of the following is NOT a precanned script provided by Palo Alto Networks?

Question 9

(0)

The Cortex XDR console has triggered an incident, blocking a vitally important piece of software in your organization that is known to be benign. Which of the following options would prevent Cortex

Question 10

(0)

Which of the following paths will successfully activate Remediation Suggestions?

Open VPLUS File

Convert VPLUS to PDF

Related questions

Which of the following protection modules is checked first in the Cortex XDR Windows agent malware protection flow?

When is the wss (WebSocket Secure) protocol used?

When reaching out to TAC for additional technical support related to a Security Event; what are two critical pieces of information you need to collect from the Agent? (Choose Two)

You can star security events in which two ways? (Choose two.)

Why would one threaten to encrypt a hypervisor or, potentially, a multiple number of virtual machines running on a server?

What is the maximum number of agents one Broker VM local agent applet can support?

Where would you go to add an exception to exclude a specific file hash from examination by the Malware profile for a Windows endpoint?

What is the Wildfire analysis file size limit for Windows PE files?

In Windows and macOS you need to prevent the Cortex XDR Agent from blocking execution of a file based on the digital signer. What is one way to add an exception for the singer?

What does the following output tell us?

Question 28 - PCDRA discussion

Report

Which statement best describes how Behavioral Threat Protection (BTP) works?

A.

BTP injects into known vulnerable processes to detect malicious activity.

B.

BTP runs on the Cortex XDR and distributes behavioral signatures to all agents.

C.

BTP matches EDR data with rules provided by Cortex XDR.

D.

BTP uses machine Learning to recognize malicious activity even if it is not known.

Suggested answer: D

Explanation:

The statement that best describes how Behavioral Threat Protection (BTP) works is D, BTP uses machine learning to recognize malicious activity even if it is not known. BTP is a feature of Cortex XDR that allows you to define custom rules to detect and block malicious behaviors on endpoints. BTP uses machine learning to profile behavior and detect anomalies indicative of attack. BTP can recognize malicious activity based on file attributes, registry keys, processes, network connections, and other criteria, even if the activity is not associated with any known malware or threat. BTP rules are updated through content updates and can be managed from the Cortex XDR console.

The other statements are incorrect for the following reasons:

A is incorrect because BTP does not inject into known vulnerable processes to detect malicious activity. BTP does not rely on process injection, which is a technique used by some malware to hide or execute code within another process. BTP monitors the behavior of all processes on the endpoint, regardless of their vulnerability status, and compares them with the BTP rules.

B is incorrect because BTP does not run on the Cortex XDR and distribute behavioral signatures to all agents. BTP runs on the Cortex XDR agent, which is installed on the endpoint, and analyzes the endpoint data locally. BTP does not use behavioral signatures, which are predefined patterns of malicious behavior, but rather uses machine learning to identify anomalies and deviations from normal behavior.

C is incorrect because BTP does not match EDR data with rules provided by Cortex XDR. BTP is part of the EDR (Endpoint Detection and Response) capabilities of Cortex XDR, and uses the EDR data collected by the Cortex XDR agent to perform behavioral analysis. BTP does not match the EDR data with rules provided by Cortex XDR, but rather applies the BTP rules defined by the Cortex XDR administrator or the Palo Alto Networks threat research team.

Cortex XDR Agent Administrator Guide: Behavioral Threat Protection

Cortex XDR: Stop Breaches with AI-Powered Cybersecurity

Show Answer

asked 23/09/2024

Matthew Farrington

35 questions

User

Your answer: A B C D

0 comments

Sorted by

Leave a comment first