PCDRA Dumps 2022 - New Palo Alto Networks PCDRA Exam Questions [Q35-Q52]

PCDRA Dumps 2022 - New Palo Alto Networks PCDRA Exam Questions

Free PCDRA Braindumps Download Updated on Jun 04, 2022 with 62 Questions

NEW QUESTION 35
Live Terminal uses which type of protocol to communicate with the agent on the endpoint?

• A. TCP, over port 80
• B. UDP and a random port
• C. NetBIOS over TCP
• D. WebSocket

Answer: D

 

NEW QUESTION 36
Which engine, of the following, in Cortex XDR determines the most relevant artifacts in each alert and aggregates all alerts related to an event into an incident?

• A. Causality Analysis Engine
• B. Log Stitching Engine
• C. Causality Chain Engine
• D. Sensor Engine

Answer: A

 

NEW QUESTION 37
As a Malware Analyst working with Cortex XDR you notice an alert suggesting that there was a prevented attempt to open a malicious Word document. You learn from the WildFire report and AutoFocus that this document is known to have been used in Phishing campaigns since 2018. What steps can you take to ensure that the same document is not opened by other users in your organization protected by the Cortex XDR agent?

• A. Create Behavioral Threat Protection (BTP) rules to recognize and prevent the activity.
• B. No step is required because the malicious document is already stopped.
• C. No step is required because Cortex shares IOCs with our fellow Cyber Threat Alliance members.
• D. Enable DLL Protection on all endpoints but there might be some false positives.

Answer: A

 

NEW QUESTION 38
What kind of the threat typically encrypts user files?

• A. SQL injection attacks
• B. supply-chain attacks
• C. Zero-day exploits
• D. ransomware

Answer: D

 

NEW QUESTION 39
When is the wss (WebSocket Secure) protocol used?

• A. when the Cortex XDR agent establishes a bidirectional communication channel
• B. when the Cortex XDR agent downloads new security content
• C. when the Cortex XDR agent uploads alert data
• D. when the Cortex XDR agent connects to WildFire to upload files for analysis

Answer: A

 

NEW QUESTION 40
What license would be required for ingesting external logs from various vendors?

• A. Cortex XDR Pro per TB
• B. Cortex XDR Pro per Endpoint
• C. Cortex XDR Cloud per Host
• D. Cortex XDR Vendor Agnostic Pro

Answer: A

 

NEW QUESTION 41
After scan, how does file quarantine function work on an endpoint?

• A. Quarantine removes a specific file from its location on a local or removable drive to a protected folder and prevents it from being executed.
• B. Quarantine takes ownership of the files and folders and prevents execution through access control.
• C. Quarantine prevents an endpoint from communicating with anything besides the listed exceptions in the agent profile and Cortex XDR.
• D. Quarantine disables the network adapters and locks down access preventing any communications with the endpoint.

Answer: A

 

NEW QUESTION 42
Phishing belongs which of the following MITRE ATT&CK tactics?

• A. Reconnaissance, Initial Access
• B. Reconnaissance, Persistence
• C. Persistence, Command and Control
• D. Initial Access, Persistence

Answer: A

 

NEW QUESTION 43
Network attacks follow predictable patterns. If you interfere with any portion of this pattern, the attack will be neutralized. Which of the following statements is correct?

• A. Cortex XDR Analytics does not have to interfere with the pattern as soon as it is observed on the endpoint in order to prevent the attack.
• B. Cortex XDR Analytics does not interfere with the pattern as soon as it is observed on the endpoint.
• C. Cortex XDR Analytics allows to interfere with the pattern as soon as it is observed on the firewall.
• D. Cortex XDR Analytics allows to interfere with the pattern as soon as it is observed on the endpoint.

Answer: C

 

NEW QUESTION 44
Which statement regarding scripts in Cortex XDR is true?

• A. Any version of Python script can be run.
• B. The level of risk is assigned to the script upon import.
• C. The script is run on the machine uploading the script to ensure that it is operational.
• D. Any script can be imported including Visual Basic (VB) scripts.

Answer: A

 

NEW QUESTION 45
You can star security events in which two ways? (Choose two.)

• A. Manually star an alert.
• B. Create an Incident-starring configuration.
• C. Manually star an Incident.
• D. Create an alert-starring configuration.

Answer: B,C

 

NEW QUESTION 46
An attacker tries to load dynamic libraries on macOS from an unsecure location. Which Cortex XDR module can prevent this attack?

• A. Kernel Integrity Monitor (KIM)
• B. Dylib Hijacking
• C. DDL Security
• D. Hot Patch Protection

Answer: B

Explanation:
Reference:
%20process

 

NEW QUESTION 47
What is the function of WildFire for Cortex XDR?

• A. WildFire accepts and analyses a sample to provide a verdict.
• B. WildFire is the engine that runs on the local agent and determines whether behavioural threats are occurring on the endpoint.
• C. WildFire runs in the cloud and analyses alert data from the XDR agent to check for behavioural threats.
• D. WildFire runs entirely on the agent to quickly analyse samples and provide a verdict.

Answer: A

 

NEW QUESTION 48
What is the standard installation disk space recommended to install a Broker VM?

• A. 256GB disk space
• B. 2GB disk space
• C. 512GB disk space
• D. 1GB disk space

Answer: C

 

NEW QUESTION 49
What is the purpose of targeting software vendors in a supply-chain attack?

• A. to take advantage of a trusted software delivery method.
• B. to access source code.
• C. to steal users' login credentials.
• D. to report Zero-day vulnerabilities.

Answer: C

 

NEW QUESTION 50
Which Type of IOC can you define in Cortex XDR?

• A. App-ID
• B. e-mail address
• C. full path
• D. destination port

Answer: C

 

NEW QUESTION 51
Where would you view the WildFire report in an incident?

• A. next to relevant Key Artifacts in the incidents details page
• B. under Response --> Action Center
• C. on the HUB page at apps.paloaltonetworks.com
• D. under the gear icon --> Agent Audit Logs

Answer: B

 

NEW QUESTION 52
......

Palo Alto Networks PCDRA Exam Syllabus Topics:

Topic	Details
Topic 1	Outline how Cortex XDR ingests other non-Palo Alto Networks data sources Describe how to use the Broker to activate Pathfinder
Topic 2	Identify the connection of analytic detection capabilities to MITRE List the options to highlight or suppress incidents
Topic 3	Differentiate between exploits and malware Outline ransomware threats Recognize the different types of attacks
Topic 4	Outline distributing and scheduling capabilities of Cortex XDR Identify the information needed for a given audience
Topic 5	Characterize the differences between incidents and alerts Identify the investigation capabilities of Cortex XDR
Topic 6	Identify the use of malware prevention modules (MPMs) Identify the profiles that must be configured for malware prevention
Topic 7	Characterize the differences between application protection and kernel protection Characterize the differences between malware and exploits
Topic 8	Explain the purpose and use of the query builder technique Explain the purpose and use of the IOC technique
Topic 9	Identify legitimate threats (true positives) vs. illegitimate threats (false positives) Outline incident collaboration and management using XDR
Topic 10	Define product modules that help identify threats Summarize the generally available references for vulnerabilities
Topic 11	Describe how to use the Broker as a proxy between the agents and XDR in the Cloud Describe details of the ingestion methods
Topic 12	Distinguish between automatic vs. manual remediations Describe how to fix false positives Describe basic remediation

 

Palo Alto Networks PCDRA Exam Practice Test Questions: https://vcetorrent.examtorrent.com/PCDRA-prep4sure-dumps.html