Palo Alto Networks Certified Detection and Remediation Analyst (PCDRA) Free Practice Test

Question 1

Which of the following paths will successfully activate Remediation Suggestions?

A. Alerts Table > Right-click on a process node > Remediation Suggestions

B. Causality View > Actions > Remediation Suggestions

C. Alerts Table > Right-click on an alert > Remediation Suggestions

D. Incident View > Actions > Remediation Suggestions

Correct Answer: B

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 2

What is the outcome of creating and implementing an alert exclusion?

A. The Cortex XDR agent will allow the process that was blocked to run on the endpoint.

B. The Cortex XDR agent will not create an alert for this event in the future.

C. The Cortex XDR console will delete those alerts and block ingestion of them in the future.

D. The Cortex XDR console will hide those alerts.

Correct Answer: D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 3

To create a BIOC rule with XQL query you must at a minimum filter on which field in order for it to be a valid BIOC rule?

A. threat_event

B. endpoint_name

C. event_type

D. causality_chain

Correct Answer: C

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 4

What are two purposes of "Respond to Malicious Causality Chains" in a Cortex XDR Windows Malware profile? (Choose two.)

A. Automatically terminate the threads involved in malicious activity.

B. Automatically kill the processes involved in malicious activity.

C. Automatically close the connections involved in malicious traffic.

D. Automatically block the IP addresses involved in malicious traffic.

Correct Answer: B,D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 5

Which statement regarding scripts in Cortex XDR is true?

A. Any version of Python script can be run.

B. The level of risk is assigned to the script upon import.

C. Any script can be imported including Visual Basic (VB) scripts.

D. The script is run on the machine uploading the script to ensure that it is operational.

Correct Answer: B

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 6

Can you disable the ability to use the Live Terminal feature in Cortex XDR?

A. Yes, via Agent Settings Profile.

B. Yes, via the Cortex XDR console or with an installation switch.

C. No, a separate installer package without Live Terminal is required.

D. No, it is a required feature of the agent.

Correct Answer: A

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 7

As a Malware Analyst working with Cortex XDR you notice an alert suggesting that there was a prevented attempt to download Cobalt Strike on one of your servers. Days later, you learn about a massive ongoing supply chain attack. Using Cortex XDR you recognize that your server was compromised by the attack and that Cortex XDR prevented it. What steps can you take to ensure that the same protection is extended to all your servers?

A. Create IOCs of the malicious files you have found to prevent their execution.

B. Create Behavioral Threat Protection (BTP) rules to recognize and prevent the activity.

C. Enable DLL Protection on all servers but there might be some false positives.

D. Enable Behavioral Threat Protection (BTP) with cytool to prevent the attack from spreading.

Correct Answer: B

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 8

Live Terminal uses which type of protocol to communicate with the agent on the endpoint?

A. UDP and a random port

B. TCP, over port 80

C. WebSocket

D. NetBIOS over TCP

Correct Answer: C

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 9

What is the difference between presets and datasets in XQL?

A. A dataset is a Cortex data lake data source only; presets are built-in data source.

B. A dataset is a database; presets is a field.

C. A dataset is a built-in orthird-partysource; presets group XDR data fields.

D. A dataset is a third-party data source; presets are built-in data source.

Correct Answer: C

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 10

When reaching out to TAC for additional technical support related to a Security Event; what are two critical pieces of information you need to collect from the Agent? (Choose Two)

A. The distribution id of the agent.

B. The prevention archive from the alert.

C. The unique agent id.

D. A list of all the current exceptions applied to the agent.

E. The agent technical support file.

Correct Answer: B,E

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Welcome to TestSimulate

Palo Alto Networks Certified Detection and Remediation Analyst (PCDRA) Free Practice Test