Palo Alto Networks XDR Analyst (XDR-Analyst) Free Practice Test

Question 1

Which built-in dashboard would be the best option for an executive, if they were looking for the Mean Time to Resolution (MTTR) metric?

A. Security Manager Dashboard

B. Data Ingestion Dashboard

C. Incident Management Dashboard

D. Security Admin Dashboard

Correct Answer: C

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 2

Phishing belongs to which of the following MITRE ATT&CK tactics?

A. Persistence, Command and Control

B. Reconnaissance, Persistence

C. Initial Access, Persistence

D. Reconnaissance, Initial Access

Correct Answer: D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 3

When is the wss (WebSocket Secure) protocol used?

A. when the Cortex XDR agent downloads new security content

B. when the Cortex XDR agent connects to WildFire to upload files for analysis

C. when the Cortex XDR agent establishes a bidirectional communication channel

D. when the Cortex XDR agent uploads alert data

Correct Answer: C

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 4

Can you disable the ability to use the Live Terminal feature in Cortex XDR?

A. Yes, via Agent Settings Profile.

B. Yes, via the Cortex XDR console or with an installation switch.

C. No, a separate installer package without Live Terminal is required.

D. No, it is a required feature of the agent.

Correct Answer: A

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 5

Can you disable the ability to use the Live Terminal feature in Cortex XDR?

A. Yes, via Agent Settings Profile.

B. Yes, via the Cortex XDR console or with an installation switch.

C. No, a separate installer package without Live Terminal is required.

D. No, it is a required feature of the agent.

Correct Answer: A

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 6

What is the outcome of creating and implementing an alert exclusion?

A. The Cortex XDR agent will allow the process that was blocked to run on the endpoint.

B. The Cortex XDR agent will not create an alert for this event in the future.

C. The Cortex XDR console will delete those alerts and block ingestion of them in the future.

D. The Cortex XDR console will hide those alerts.

Correct Answer: D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 7

Which of the following best defines the Windows Registry as used by the Cortex XDR agent?

A. a system of files used by the operating system to commit memory that exceeds the available hardware resources. Also known as the "swap"

B. a hierarchical database that stores settings for the operating system and for applications

C. a ledger for maintaining accurate and up-to-date information on total disk usage and disk space remaining available to the operating system

D. a central system, available via the internet, for registering officially licensed versions of software to prove ownership

Correct Answer: B

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 8

What is the purpose of targeting software vendors in a supply-chain attack?

A. to steal users' login credentials.

B. to access source code.

C. to take advantage of a trusted software delivery method.

D. to report Zero-day vulnerabilities.

Correct Answer: C

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 9

What is by far the most common tactic used by ransomware to shut down a victim's operation?

A. denying traffic out of the victims network until payment is received

B. preventing the victim from being able to access APIs to cripple infrastructure

C. encrypting certain files to prevent access by the victim

D. restricting access to administrative accounts to the victim

Correct Answer: C

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 10

What is the standard installation disk space recommended to install a Broker VM?

A. 1GB disk space

B. 2GB disk space

C. 256GB disk space

D. 512GB disk space

Correct Answer: C

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Welcome to TestSimulate

Palo Alto Networks XDR Analyst (XDR-Analyst) Free Practice Test