Winter Sale- Special Discount Limited Time 65% Offer - Ends in 0d 00h 00m 00s - Coupon code: netdisc

Activedumpsnet Logo
  1. Home
  2. Paloalto Networks
  3. Palo Alto Certifications and Accreditations
  4. PCDRA - Palo Alto Networks Certified Detection and Remediation Analyst

Paloalto Networks PCDRA Palo Alto Networks Certified Detection and Remediation Analyst Exam Practice Test

Page: 1 / 9
Total 91 questions
Get PCDRA Full Access Download PCDRA PDF

Palo Alto Networks Certified Detection and Remediation Analyst Questions and Answers

Question 1

Phishing belongs which of the following MITRE ATT&CK tactics?

Options:

A.

Initial Access, Persistence

B.

Persistence, Command and Control

C.

Reconnaissance, Persistence

D.

Reconnaissance, Initial Access

Question 2

Which of the following is NOT a precanned script provided by Palo Alto Networks?

Options:

A.

delete_file

B.

quarantine_file

C.

process_kill_name

D.

list_directories

Question 3

In incident-related widgets, how would you filter the display to only show incidents that were “starred”?

Options:

A.

Create a custom XQL widget

B.

This is not currently supported

C.

Create a custom report and filter on starred incidents

D.

Click the starin the widget

Question 4

In Windows and macOS you need to prevent the Cortex XDR Agent fromblocking execution of a file based on the digital signer. What is one way to add an exception for the singer?

Options:

A.

In the Restrictions Profile, add the file name and path to the Executable Files allow list.

B.

Create a new rule exception and use the singer as the characteristic.

C.

Add the signer to the allow list in the malware profile.

D.

Add the signer to the allow list under the action center page.

Question 5

Which of the following policy exceptions applies to the following description?

‘An exception allowing specific PHP files’

Options:

A.

Support exception

B.

Local file threat examination exception

C.

Behavioral threat protection rule exception

D.

Process exception

Question 6

Which of the following represents the correct relation of alerts to incidents?

Options:

A.

Only alerts with thesame host are grouped together into one Incident in a given time frame.

B.

Alerts that occur within a three hour time frame are grouped together into one Incident.

C.

Alerts with same causality chains that occur within a given time frame are grouped together into an Incident.

D.

Every alert creates a new Incident.

Question 7

After scan, how does file quarantine function work on an endpoint?

Options:

A.

Quarantine takes ownership of the files and folders and prevents execution through access control.

B.

Quarantine disables the network adapters and locks down access preventing any communications with the endpoint.

C.

Quarantine removes a specific file from its location on a local or removable drive to a protected folder and prevents it from being executed.

D.

Quarantine prevents an endpoint from communicating with anything besides the listed exceptions in the agent profile and Cortex XDR.

Question 8

When selecting multiple Incidents at a time, what options are available from the menu when a user right-clicks the incidents? (Choose two.)

Options:

A.

Assign incidents to an analyst in bulk.

B.

Change the status of multiple incidents.

C.

Investigate several Incidents at once.

D.

Delete the selected Incidents.

Question 9

Which statement regarding scripts in Cortex XDR is true?

Options:

A.

Any version of Python script can be run.

B.

The level of risk is assigned to the script upon import.

C.

Any script can be imported including Visual Basic (VB) scripts.

D.

The script is run on the machine uploading the script to ensure that it is operational.

Load More PCDRA Questions 
Page: 1 / 9
Total 91 questions
Get PCDRA Full Access Download PCDRA PDF