
[Dec-2023] Verified Palo Alto Networks Exam Dumps with PCDRA Exam Study Guide
Best Quality Palo Alto Networks PCDRA Exam Questions Fast2test Realistic Practice Exams [2023]
The PCDRA exam is a hands-on, performance-based exam that requires candidates to demonstrate their practical skills in detecting and remediating cyber threats. Candidates are given a set of scenarios that simulate real-world cyber attacks and are required to use Palo Alto Networks' security products to identify and mitigate the threats. PCDRA exam is conducted in a virtual lab environment, which allows candidates to work with the same tools and configurations used in real-world scenarios.
NEW QUESTION # 16
What is the purpose of targeting software vendors in a supply-chain attack?
- A. to take advantage of a trusted software delivery method.
- B. to steal users' login credentials.
- C. to report Zero-day vulnerabilities.
- D. to access source code.
Answer: B
NEW QUESTION # 17
Why would one threaten to encrypt a hypervisor or, potentially, a multiple number of virtual machines running on a server?
- A. To potentially perform a Distributed Denial of Attack.
- B. To extort a payment from a victim or potentially embarrass the owners.
- C. To better understand the underlying virtual infrastructure.
- D. To gain notoriety and potentially a consulting position.
Answer: B
Explanation:
Explanation
Encrypting a hypervisor or a multiple number of virtual machines running on a server is a form of ransomware attack, which is a type of cyberattack that involves locking or encrypting the victim's data or system and demanding a ransom for its release. The attacker may threaten to encrypt the hypervisor or the virtual machines to extort a payment from the victim or potentially embarrass the owners by exposing their sensitive or confidential information. Encrypting a hypervisor or a multiple number of virtual machines can have a severe impact on the victim's business operations, as it can affect the availability, integrity, and confidentiality of their data and applications. The attacker may also use the encryption as a leverage to negotiate a higher ransom or to coerce the victim into complying with their demands. References:
* Encrypt an Existing Virtual Machine or Virtual Disk: This document explains how to encrypt an existing virtual machine or virtual disk using the vSphere Client.
* How to Encrypt an Existing or New Virtual Machine: This article provides a guide on how to encrypt an existing or new virtual machine using AOMEI Backupper.
* Ransomware: This document provides an overview of ransomware, its types, impacts, and prevention methods.
NEW QUESTION # 18
In Windows and macOS you need to prevent the Cortex XDR Agent from blocking execution of a file based on the digital signer. What is one way to add an exception for the singer?
- A. Add the signer to the allow list in the malware profile.
- B. Add the signer to the allow list under the action center page.
- C. Create a new rule exception and use the singer as the characteristic.
- D. In the Restrictions Profile, add the file name and path to the Executable Files allow list.
Answer: A
NEW QUESTION # 19
What should you do to automatically convert leads into alerts after investigating a lead?
- A. Lead threats can't be prevented in the future because they already exist in the environment.
- B. Create IOC rules based on the set of the collected attribute-value pairs over the affected entities concluded during the lead hunting.
- C. Build a search query using Query Builder or XQL using a list of lOCs.
- D. Create BIOC rules based on the set of the collected attribute-value pairs over the affected entities concluded during the lead hunting.
Answer: B
Explanation:
Explanation
To automatically convert leads into alerts after investigating a lead, you should create IOC rules based on the set of the collected attribute-value pairs over the affected entities concluded during the lead hunting. IOC rules are used to detect known threats based on indicators of compromise (IOCs) such as file hashes, IP addresses, domain names, etc. By creating IOC rules from the leads, you can prevent future occurrences of the same threats and generate alerts for them. References:
* PCDRA Study Guide, page 25
* Cortex XDR 3: Handling Cortex XDR Alerts, section 3.2
* Cortex XDR Documentation, section "Create IOC Rules"
NEW QUESTION # 20
What contains a logical schema in an XQL query?
- A. Array expand
- B. Bin
- C. Field
- D. Dataset
Answer: C
Explanation:
Explanation
A logical schema in an XQL query is a field, which is a named attribute of a dataset. A field can have a data type, such as string, integer, boolean, or array. A field can also have a modifier, such as bin or expand, that transforms the field value in the query output. A field can be used in the select, where, group by, order by, or having clauses of an XQL query. References:
* XQL Syntax
* XQL Data Types
* XQL Field Modifiers
NEW QUESTION # 21
What is the standard installation disk space recommended to install a Broker VM?
- A. 1GB disk space
- B. 256GB disk space
- C. 2GB disk space
- D. 512GB disk space
Answer: D
NEW QUESTION # 22
How does Cortex XDR agent for Windows prevent ransomware attacks from compromising the file system?
- A. by patching vulnerable applications.
- B. by utilizing decoy Files.
- C. by retrieving the encryption key.
- D. by encrypting the disk first.
Answer: B
NEW QUESTION # 23
A Linux endpoint with a Cortex XDR Pro per Endpoint license and Enhanced Endpoint Data enabled has reported malicious activity, resulting in the creation of a file that you wish to delete. Which action could you take to delete the file?
- A. Manually remediate the problem on the endpoint in question.
- B. Open X2go from the Cortex XDR console and delete the file via X2go.
- C. Initiate Remediate Suggestions to automatically delete the file.
- D. Open an NFS connection from the Cortex XDR console and delete the file.
Answer: A
NEW QUESTION # 24
Live Terminal uses which type of protocol to communicate with the agent on the endpoint?
- A. NetBIOS over TCP
- B. UDP and a random port
- C. TCP, over port 80
- D. WebSocket
Answer: D
Explanation:
Explanation
Live Terminal uses the WebSocket protocol to communicate with the agent on the endpoint. WebSocket is a full-duplex communication protocol that enables bidirectional data exchange between a client and a server over a single TCP connection. WebSocket is designed to be implemented in web browsers and web servers, but it can be used by any client or server application. WebSocket provides a persistent connection between the Cortex XDR console and the endpoint, allowing you to execute commands and receive responses in real time.
Live Terminal uses port 443 for WebSocket communication, which is the same port used for HTTPS traffic.
References:
* Initiate a Live Terminal Session
* WebSocket
NEW QUESTION # 25
When viewing the incident directly, what is the "assigned to" field value of a new Incident that was just reported to Cortex?
- A. New
- B. Unassigned
- C. Pending
- D. It is blank
Answer: A
NEW QUESTION # 26
You can star security events in which two ways? (Choose two.)
- A. Create an Incident-starring configuration.
- B. Manually star an alert.
- C. Manually star an Incident.
- D. Create an alert-starring configuration.
Answer: B,C
Explanation:
Explanation
You can star security events in Cortex XDR in two ways: manually star an alert or an incident, or create an alert-starring or incident-starring configuration. Starring security events helps you prioritize and track the events that are most important to you. You can also filter and sort the events by their star status in the Cortex XDR console.
* To manually star an alert or an incident, you can use the star icon in the Alerts table or the Incidents table. You can also star an alert from the Causality View or the Query Center Results table. You can star an incident from the Incident View or the Query Center Results table. You can also unstar an event by clicking the star icon again.
* To create an alert-starring or incident-starring configuration, you can use the Alert Starring Configuration or the Incident Starring Configuration pages in the Cortex XDR console. You can define the criteria for starring alerts or incidents based on their severity, category, source, or other attributes.
You can also enable or disable the configurations as needed.
References:
* Star Security Events
* Create an Alert Starring Configuration
* Create an Incident Starring Configuration
NEW QUESTION # 27
Which module provides the best visibility to view vulnerabilities?
- A. Forensics module
- B. Device Control Violations module
- C. Host Insights module
- D. Live Terminal module
Answer: C
Explanation:
Explanation
The Host Insights module provides the best visibility to view vulnerabilities on your endpoints. The Host Insights module is an add-on feature for Cortex XDR that combines vulnerability management, application and system visibility, and a Search and Destroy feature to help you identify and contain threats. The vulnerability management feature allows you to scan your Windows endpoints for known vulnerabilities and missing patches, and view the results in the Cortex XDR console. You can also filter and sort the vulnerabilities by severity, CVSS score, CVE ID, or patch availability. The Host Insights module helps you reduce your exposure to threats and improve your security posture. References:
* Host Insights
* Vulnerability Management
NEW QUESTION # 28
When creating a scheduled report which is not an option?
- A. Run weekly on a certain day and time.
- B. Run monthly on a certain day and time.
- C. Run quarterly on a certain day and time.
- D. Run daily at a certain time (selectable hours and minutes).
Answer: C
Explanation:
Explanation
When creating a scheduled report in Cortex XDR, the option to run quarterly on a certain day and time is not available. You can only schedule reports to run daily, weekly, or monthly. You can also specify the start and end dates, the time zone, and the recipients of the report. Scheduled reports are useful for generating regular reports on the security events, incidents, alerts, or endpoints in your network. You can create scheduled reports from the Reports page in the Cortex XDR console, or from the Query Center by saving a query as a report.
References:
* Run or Schedule Reports
* Create a Scheduled Report
NEW QUESTION # 29
In Cortex XDR management console scheduled reports can be forwarded to which of the following applications/services?
- A. Slack
- B. Salesforce
- C. Service Now
- D. Jira
Answer: A
Explanation:
Explanation
Cortex XDR allows you to schedule reports and forward them to Slack, a cloud-based collaboration platform.
You can configure the Slack channel, frequency, and recipients of the scheduled reports. You can also view the report history and status in the Cortex XDR management console. References:
* Scheduled Queries: This document explains how to create, edit, and manage scheduled queries and reports in Cortex XDR.
* Forward Scheduled Reports to Slack: This document provides the steps to configure Slack integration and forward scheduled reports to a Slack channel.
NEW QUESTION # 30
Which built-in dashboard would be the best option for an executive, if they were looking for the Mean Time to Resolution (MTTR) metric?
- A. Incident Management Dashboard
- B. Data Ingestion Dashboard
- C. Security Manager Dashboard
- D. Security Admin Dashboard
Answer: A
Explanation:
Explanation
The Incident Management Dashboard provides a high-level overview of the incident response process, including the Mean Time to Resolution (MTTR) metric. This metric measures the average time it takes to resolve an incident from the moment it is created to the moment it is closed. The dashboard also shows the number of incidents by status, severity, and assigned analyst, as well as the top alerts by category, source, and destination. The Incident Management Dashboard is designed for executives and managers who want to monitor the performance and efficiency of their security teams. References: [PCDRA Study Guide], page 18.
NEW QUESTION # 31
When using the "File Search and Destroy" feature, which of the following search hash type is supported?
- A. MD5 hash of the file
- B. AES256 hash of the file
- C. SHA1 hash of the file
- D. SHA256 hash of the file
Answer: D
NEW QUESTION # 32
Which statement best describes how Behavioral Threat Protection (BTP) works?
- A. BTP matches EDR data with rules provided by Cortex XDR.
- B. BTP runs on the Cortex XDR and distributes behavioral signatures to all agents.
- C. BTP uses machine Learning to recognize malicious activity even if it is not known.
- D. BTP injects into known vulnerable processes to detect malicious activity.
Answer: C
NEW QUESTION # 33
Which two types of exception profiles you can create in Cortex XDR? (Choose two.)
- A. global exception profiles that apply to all endpoints
- B. role-based profiles that apply to specific endpoints
- C. agent exception profiles that apply to specific endpoints
- D. exception profiles that apply to specific endpoints
Answer: A,D
NEW QUESTION # 34
What license would be required for ingesting external logs from various vendors?
- A. Cortex XDR Vendor Agnostic Pro
- B. Cortex XDR Cloud per Host
- C. Cortex XDR Pro per TB
- D. Cortex XDR Pro per Endpoint
Answer: C
NEW QUESTION # 35
......
Palo Alto Networks PCDRA certification exam is intended for security professionals who have extensive experience in network security analysis and incident response. Palo Alto Networks Certified Detection and Remediation Analyst certification exam will test the candidate's ability to perform advanced network security analysis, identify and remediate security incidents, and provide guidance on best practices for network security. PCDRA exam covers a variety of topics, including network forensics, malware analysis, and incident response.
Authentic Best resources for PCDRA: https://www.fast2test.com/PCDRA-premium-file.html
PCDRA Test Engine Practice Exam: https://drive.google.com/open?id=1nDpp2DemH5zWBpXtNW8EzCTRX4Q68CEa