PCDRA

When creating a BIOC rule, which XQL query can be used?A . dataset = xdr_data | filterevent_sub_type = PROCESS_START and action_process_image_name ~= ".*?.(?:pdf|docx).exe"B . dataset = xdr_data | filter event_type = PROCESS and event_sub_type = PROCESS_START and action_process_image_name ~= ".*?.(?:pdf|docx).exe"C . dataset = xdr_data | filter action_process_image_name ~= ".*?.(?:pdf|docx).exe" |...

If you have an isolated network that is prevented from connecting to the Cortex Data Lake, which type of Broker VM setup can you use to facilitate the communication?A . Broker VM PathfinderB . Local Agent ProxyC . Local Agent Installer and Content CachingD . Broker VM Syslog CollectorView AnswerAnswer:...

Which built-in dashboard would be the best option for an executive, if they were looking for the Mean Time to Resolution (MTTR) metric?A . Security Manager DashboardB . Data Ingestion DashboardC . Security Admin DashboardD . Incident Management DashboardView AnswerAnswer: A Explanation: Reference: https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-release-notes/release-information/features-introduced/features-introduced-in-2021.html

Which statement best describes how Behavioral Threat Protection (BTP) works?A . BTP injects into known vulnerable processes to detect malicious activity.B . BTP runs on the Cortex XDR and distributes behavioral signatures to all agents.C . BTP matches EDR data with rules provided by Cortex XDE . BTP uses machine...

LiveTerminal uses which type of protocol to communicate with the agent on the endpoint?A . NetBIOS over TCPB . WebSocketC . UDP and a random portD . TCP, over port 80View AnswerAnswer: B Explanation: Reference: https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-prevent-admin/endpoint-security/communication-between-cortex-xdr-and-agents.html

After scan, how does file quarantine function work on an endpoint?A . Quarantine takes ownership of the files and folders and prevents execution through access control.B . Quarantine disables the network adapters and locks down access preventing any communications with the endpoint.C . Quarantine removes a specific file from its...

Which of the following best defines the Windows Registry as used by the Cortex XDRagent?A . a hierarchical database that stores settings for the operating system and for applicationsB . a system of files used by the operating system to commit memory that exceeds the available hardware resources. Also known...

When creating a scheduled report which is not an option?A . Run weekly on a certain day and time.B . Run quarterly on a certain day and time.C . Run monthly on a certain day and time.D . Run daily at a certain time (selectable hours and minutes).View AnswerAnswer: B...

While working the alerts involved in a Cortex XDR incident, an analyst has found that every alert in this incident requires an exclusion . What will the Cortex XDR console automatically do to this incident if all alerts contained have exclusions?A . mark the incident as UnresolvedB . create a...

Which statement is true for Application Exploits and Kernel Exploits?A . The ultimate goal of any exploit is to reach the application.B . Kernel exploits are easier to prevent then application exploits.C . The ultimate goal of any exploit is to reach the kernel.D . Application exploits leverage kernel vulnerability.View...