Home

Home / Palo Alto Networks / PCDRA

Question list

List of questions

Question 1

(0)

When investigating security events, which feature in Cortex XDR is useful for reverting the changes on the endpoint?

Question 2

(0)

What is the purpose of the Cortex Data Lake?

Question 3

(0)

When creating a scheduled report which is not an option?

Question 4

(0)

Which statement regarding scripts in Cortex XDR is true?

Question 5

(0)

What is the function of WildFire for Cortex XDR?

Question 6

(0)

Which profiles can the user use to configure malware protection in the Cortex XDR console?

Question 7

(0)

Which module provides the best visibility to view vulnerabilities?

Question 8

(0)

Which of the following is NOT a precanned script provided by Palo Alto Networks?

Question 9

(0)

The Cortex XDR console has triggered an incident, blocking a vitally important piece of software in your organization that is known to be benign. Which of the following options would prevent Cortex

Question 10

(0)

Which of the following paths will successfully activate Remediation Suggestions?

Open VPLUS File

Convert VPLUS to PDF

Related questions

Which of the following protection modules is checked first in the Cortex XDR Windows agent malware protection flow?

When is the wss (WebSocket Secure) protocol used?

When reaching out to TAC for additional technical support related to a Security Event; what are two critical pieces of information you need to collect from the Agent? (Choose Two)

You can star security events in which two ways? (Choose two.)

Why would one threaten to encrypt a hypervisor or, potentially, a multiple number of virtual machines running on a server?

What is the maximum number of agents one Broker VM local agent applet can support?

Where would you go to add an exception to exclude a specific file hash from examination by the Malware profile for a Windows endpoint?

What is the Wildfire analysis file size limit for Windows PE files?

In Windows and macOS you need to prevent the Cortex XDR Agent from blocking execution of a file based on the digital signer. What is one way to add an exception for the singer?

How can you pivot within a row to Causality view and Timeline views for further investigate?

Question 42 - PCDRA discussion

Report

Where would you view the WildFire report in an incident?

A.

next to relevant Key Artifacts in the incidents details page

B.

under Response --> Action Center

C.

under the gear icon --> Agent Audit Logs

D.

on the HUB page at apps.paloaltonetworks.com

Suggested answer: A

Explanation:

To view the WildFire report in an incident, you need to go to the incident details page and look for the relevant key artifacts that are related to the WildFire analysis. A key artifact is a piece of evidence that is associated with an alert or an incident, such as a file hash, a registry key, an IP address, a domain name, or a full path. If a key artifact is related to a WildFire analysis, you will see a WildFire icon next to it, indicating that there is a WildFire report available for that artifact.You can click on the WildFire icon to view the report, which will show you the detailed information about the artifact, such as the verdict, the behavior, the severity, the signatures, and the screenshots12.

Let's briefly discuss the other options to provide a comprehensive explanation:

B) under Response --> Action Center: This is not the correct answer. The Action Center is a feature that allows you to create and manage actions that you can perform on your endpoints, such as isolating, scanning, collecting files, or executing scripts.The Action Center does not show you the WildFire reports for the incidents, but it can help you to remediate the incidents by applying the appropriate actions3.

C) under the gear icon --> Agent Audit Logs: This is not the correct answer. The Agent Audit Logs are logs that show you the activities and events that occurred on the Cortex XDR agents, such as installation, upgrade, connection, policy update, or prevention.The Agent Audit Logs do not show you the WildFire reports for the incidents, but they can help you to troubleshoot the agent issues or verify the agent status4.

D) on the HUB page at apps.paloaltonetworks.com: This is not the correct answer. The HUB page is a web portal that allows you to access and manage your Palo Alto Networks applications, such as Cortex XDR, Cortex XSOAR, Prisma Cloud, or AutoFocus.The HUB page does not show you the WildFire reports for the incidents, but it can help you to navigate to the different applications or view the notifications and alerts5.

In conclusion, to view the WildFire report in an incident, you need to go to the incident details page and look for the relevant key artifacts that are related to the WildFire analysis. By viewing the WildFire report, you can gain more insights and context about the incident and the artifact.

View Incident Details

View WildFire Reports

Action Center

Agent Audit Logs

HUB

Show Answer

asked 23/09/2024

Mariusz Lewandowski

38 questions

User

Your answer: A B C D

0 comments

Sorted by

Leave a comment first