Home / Palo Alto Networks / PCDRA

Question list

List of questions

Question 1

(0)

When investigating security events, which feature in Cortex XDR is useful for reverting the changes on the endpoint?

Question 2

(0)

What is the purpose of the Cortex Data Lake?

Question 3

(0)

When creating a scheduled report which is not an option?

Question 4

(0)

Which statement regarding scripts in Cortex XDR is true?

Question 5

(0)

What is the function of WildFire for Cortex XDR?

Question 6

(0)

Which profiles can the user use to configure malware protection in the Cortex XDR console?

Question 7

(0)

Which module provides the best visibility to view vulnerabilities?

Question 8

(0)

Which of the following is NOT a precanned script provided by Palo Alto Networks?

Question 9

(0)

The Cortex XDR console has triggered an incident, blocking a vitally important piece of software in your organization that is known to be benign. Which of the following options would prevent Cortex

Question 10

(0)

Which of the following paths will successfully activate Remediation Suggestions?

Question 37 - PCDRA discussion

An attacker tries to load dynamic libraries on macOS from an unsecure location. Which Cortex XDR module can prevent this attack?

DDL Security

Hot Patch Protection

Kernel Integrity Monitor (KIM)

Dylib Hijacking

Suggested answer: D

Explanation:

The correct answer is D. Dylib Hijacking. Dylib Hijacking, also known as Dynamic Library Hijacking, is a technique used by attackers to load malicious dynamic libraries on macOS from an unsecure location. This technique takes advantage of the way macOS searches for dynamic libraries to load when an application is executed. To prevent such attacks, Palo Alto Networks offers the Dylib Hijacking prevention capability as part of their Cortex XDR platform.This capability is designed to detect and block attempts to load dynamic libraries from unauthorized or unsecure locations1.

Let's briefly discuss the other options to provide a comprehensive explanation:

A) DDL Security: This is not the correct answer. DDL Security is not specifically designed to prevent dynamic library loading attacks on macOS.DDL Security is focused on protecting against DLL (Dynamic Link Library) hijacking on Windows systems2.

B) Hot Patch Protection: Hot Patch Protection is not directly related to preventing dynamic library loading attacks.It is a security feature that protects against runtime patching or modification of code in memory, often used by advanced attackers to bypass security measures3. While Hot Patch Protection is a valuable security feature, it is not directly relevant to the scenario described.

C) Kernel Integrity Monitor (KIM): Kernel Integrity Monitor is also not the correct answer. KIM is a module in Cortex XDR that focuses on monitoring and protecting the integrity of the macOS kernel.It detects and prevents unauthorized modifications to critical kernel components4. While KIM plays an essential role in overall macOS security, it does not specifically address the prevention of dynamic library loading attacks.

In conclusion, Dylib Hijacking is the Cortex XDR module that specifically addresses the prevention of attackers loading dynamic libraries from unsecure locations on macOS. By leveraging this module, organizations can enhance their security posture and protect against this specific attack vector.

Endpoint Protection Modules

DDL Security

Hot Patch Protection

Kernel Integrity Monitor

Show Answer

asked 23/09/2024

Brandon Walters

36 questions

Your answer: A B C D

0 comments

Sorted by