Exam PCDRA Topic 2 Question 40 Discussion

Actual exam question for Palo Alto Networks's PCDRA exam
Question #: 40
Topic #: 2
Which of the following is NOT a precanned script provided by Palo Alto Networks?

Suggested Answer: D Vote an answer

Explanation
Palo Alto Networks provides a set of precanned scripts that you can use to perform various actions on your endpoints, such as deleting files, killing processes, or quarantining malware. The precanned scripts are written in Python and are available in the Agent Script Library in the Cortex XDR console. You can use the precanned scripts as they are, or you can customize them to suit your needs. The precanned scripts are:
* delete_file: Deletes a specific file from a local or removable drive.
* quarantine_file: Moves a specific file from its location on a local or removable drive to a protected folder and prevents it from being executed.
* process_kill_name: Kills a process by its name on the endpoint.
* process_kill_pid: Kills a process by its process ID (PID) on the endpoint.
* process_kill_tree: Kills a process and all its child processes by its name on the endpoint.
* process_kill_tree_pid: Kills a process and all its child processes by its PID on the endpoint.
* process_list: Lists all the processes running on the endpoint, along with their names, PIDs, and command lines.
* process_list_tree: Lists all the processes running on the endpoint, along with their names, PIDs, command lines, and parent processes.
* process_start: Starts a process on the endpoint by its name or path.
* registry_delete_key: Deletes a registry key and all its subkeys and values from the Windows registry.
* registry_delete_value: Deletes a registry value from the Windows registry.
* registry_list_key: Lists all the subkeys and values under a registry key in the Windows registry.
* registry_list_value: Lists the value and data of a registry value in the Windows registry.
* registry_set_value: Sets the value and data of a registry value in the Windows registry.
The script list_directories is not a precanned script provided by Palo Alto Networks. It is a custom script that you can write yourself using Python commands.
References:
* Run Scripts on an Endpoint
* Agent Script Library
* Precanned Scripts

by guy at Jan 19, 2025, 03:04 AM

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Nick name: Submit Cancel
guy
2025-01-19 03:04:53
Quarantine_file does not exist in script lists, list_directories is exist in the scripts.
that answers is wrong
upvoted 1 times
...
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

Contact Us

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Our Working Time: ( GMT 0:00-15:00 ) From Monday to Saturday

Support: Contact now 

日本語 Deutsch 繁体中文 한국어