Home / Palo Alto Networks / PCDRA

Question list

List of questions

Question 1

(0)

When investigating security events, which feature in Cortex XDR is useful for reverting the changes on the endpoint?

Question 2

(0)

What is the purpose of the Cortex Data Lake?

Question 3

(0)

When creating a scheduled report which is not an option?

Question 4

(0)

Which statement regarding scripts in Cortex XDR is true?

Question 5

(0)

What is the function of WildFire for Cortex XDR?

Question 6

(0)

Which profiles can the user use to configure malware protection in the Cortex XDR console?

Question 7

(0)

Which module provides the best visibility to view vulnerabilities?

Question 8

(0)

Which of the following is NOT a precanned script provided by Palo Alto Networks?

Question 9

(0)

The Cortex XDR console has triggered an incident, blocking a vitally important piece of software in your organization that is known to be benign. Which of the following options would prevent Cortex

Question 10

(0)

Which of the following paths will successfully activate Remediation Suggestions?

Question 45 - PCDRA discussion

Which type of BIOC rule is currently available in Cortex XDR?

Threat Actor

Discovery

Network

Dropper

Suggested answer: B

Explanation:

The type of BIOC rule that is currently available in Cortex XDR is Discovery. A Discovery BIOC rule is a rule that detects suspicious or malicious behavior on endpoints based on the Cortex XDR data. A Discovery BIOC rule can use various event types, such as file, injection, load image, network, process, registry, or user, to define the criteria for the rule. A Discovery BIOC rule can also use operators, functions, and variables to create complex logic and conditions for the rule.A Discovery BIOC rule can generate alerts when the rule is triggered, and these alerts can be grouped into incidents for further investigation and response12.

Let's briefly discuss the other options to provide a comprehensive explanation:

A) Threat Actor: This is not the correct answer. Threat Actor is not a type of BIOC rule that is currently available in Cortex XDR. Threat Actor is a term that refers to an individual or a group that is responsible for a cyberattack or a threat campaign.Cortex XDR does not support creating BIOC rules based on threat actors, but it can provide threat intelligence and context from various sources, such as Unit 42, AutoFocus, or Cortex XSOAR3.

C) Network: This is not the correct answer. Network is not a type of BIOC rule that is currently available in Cortex XDR. Network is an event type that can be used in a Discovery BIOC rule to define the criteria based on network attributes, such as source IP, destination IP, source port, destination port, protocol, or domain.Network is not a standalone type of BIOC rule, but a part of the Discovery BIOC rule2.

D) Dropper: This is not the correct answer. Dropper is not a type of BIOC rule that is currently available in Cortex XDR. Dropper is a term that refers to a type of malware that is designed to download and install other malicious files or programs on a compromised system.Cortex XDR does not support creating BIOC rules based on droppers, but it can detect and prevent droppers using various methods, such as behavioral threat protection, exploit prevention, or WildFire analysis4.

In conclusion, the type of BIOC rule that is currently available in Cortex XDR is Discovery. By using Discovery BIOC rules, you can create custom detection rules that match your specific use cases and scenarios.

Create a BIOC Rule

BIOC Rule Event Types

Threat Intelligence and Context

Malware Prevention

Show Answer

asked 23/09/2024

Erik-Jan Brul

37 questions

Your answer: A B C D

0 comments

Sorted by