PCDRA 시험 - Paloalto Networks실제시험문제와 답 - 60문항

Question No : 1

Which statement best describes how Behavioral Threat Protection (BTP) works?

A.BTP injects into known vulnerable processes to detect malicious activity.
B.BTP runs on the Cortex XDR and distributes behavioral signatures to all agents.
C.BTP matches EDR data with rules provided by Cortex XD
D.BTP uses machine Learning to recognize malicious activity even if it is not known.

정답:
Explanation:
Reference: https://www.khipu-networks.com/matchmadein/wp-content/uploads/cortex-xdr- endpoint-protection-solution-guide.pdf

Question No : 2

When using the “File Search and Destroy” feature, which of the following search hash type is supported?

A.SHA256 hash of the file
B.AES256 hash of the file
C.MD5 hash of the file
D.SHA1 hash of the file

정답:
Explanation:
Reference: https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/investigation-and-response/response-actions/search-file-and-destroy.html

Question No : 3

When creating a scheduled report which is not an option?

A.Run weekly on a certain day and time.
B.Run quarterly on a certain day and time.
C.Run monthly on a certain day and time.
D.Run daily at a certain time (selectable hours and minutes).

정답:
Explanation:
Reference: https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/monitoring/cortex-xdr-dashboard/run-or-schedule-reports.html

Question No : 4

When creating a BIOC rule, which XQL query can be used?

A.dataset = xdr_data | filterevent_sub_type = PROCESS_START and action_process_image_name ~= ".*?\.(?:pdf|docx)\.exe"
B.dataset = xdr_data | filter event_type = PROCESS and event_sub_type = PROCESS_START and action_process_image_name ~= ".*?\.(?:pdf|docx)\.exe"
C.dataset = xdr_data | filter action_process_image_name ~= ".*?\.(?:pdf|docx)\.exe" | fields action_process_image
D.dataset = xdr_data | filter event_behavior = true event_sub_type = PROCESS_START and action_process_image_name ~=".*?\.(?:pdf|docx)\.exe"

정답:
Explanation:
Reference: https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/investigation-and-response/cortex-xdr-indicators/working-with-biocs/create-a-bioc-rule.html

Question No : 5

Phishing belongs which of the following MITRE ATT&CK tactics?

A.Initial Access, Persistence
B.Persistence, Command and Control
C.Reconnaissance, Persistence
D.Reconnaissance, Initial Access

정답:

Question No : 6

When creating a custom XQL query in a dashboard, how would a user save that XQL query to the Widget Library?

A.Click the three dots on the widget andthen choose “Save” and this will link the query to the Widget Library.
B.This isn’t supported, you have to exit the dashboard and go into the Widget Library first to create it.
C.Click on “Save to Action Center” in the dashboard and you will be promptedto give the query a name and description.
D.Click on “Save to Widget Library” in the dashboard and you will be prompted to give the query a name and description.

정답:
Explanation:
Reference: https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/monitoring/cortex-xdr-dashboard/widget-library.html

Question No : 7

If you have an isolated network that is prevented from connecting to the Cortex Data Lake, which type of Broker VM setup can you use to facilitate the communication?

A.Broker VM Pathfinder
B.Local Agent Proxy
C.Local Agent Installer and Content Caching
D.Broker VM Syslog Collector

정답:
Explanation:
Reference: https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/broker-vm/set-up-broker-vm/activate-the-agent-proxy-for-closed-networks.html

Question No : 8

Which of the following represents the correct relation of alerts to incidents?

A.Only alerts with the same host are grouped together into one Incident in a given time frame.
B.Alerts that occur within a three hour time frame are grouped together into one Incident.
C.Alerts with same causality chains that occur within a given time frame are grouped together into an Incident.
D.Every alert creates a new Incident.

정답:
Explanation:
Reference: https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/investigation-and-response/investigate-incidents/cortex-xdr-incidents.html

Question No : 9

When selecting multiple Incidents at a time, what options are available from the menu when a user right-clicks the incidents? (Choose two.)

A.Assign incidents to an analyst in bulk.
B.Change the status of multiple incidents.
C.Investigate several Incidents at once.
D.Delete the selected Incidents.

정답:
Explanation:
Reference: https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-release-notes/release-information/features-introduced/features-introduced-in-2021.html

Question No : 10

Which built-in dashboard would be the best option for an executive, if they were looking for the Mean Time to Resolution (MTTR) metric?

A.Security Manager Dashboard
B.Data Ingestion Dashboard
C.Security Admin Dashboard
D.Incident Management Dashboard

정답:
Explanation:
Reference: https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-release-notes/release-information/features-introduced/features-introduced-in-2021.html

Question No : 11

Which of the following policy exceptions applies to the following description?
‘An exception allowing specific PHP files’

A.Support exception
B.Local file threat examination exception
C.Behavioral threat protection rule exception
D.Process exception

정답:

Question No : 12

What are two purposes of “Respond to Malicious Causality Chains” in a Cortex XDR Windows Malware profile? (Choose two.)

A.Automatically close the connections involved in malicious traffic.
B.Automatically kill the processes involved in malicious activity.
C.Automatically terminate the threads involved in malicious activity.
D.Automaticallyblock the IP addresses involved in malicious traffic.

정답:
Explanation:
Reference: https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-prevent-admin/endpoint-security/endpoint-security-profiles/add-malware-security-profile.html#:~:text=With%20Behavioral%20threat%20protection%2C%20the,appear%20legitimate%20if%20inspected%20individu ally

Question No : 13

LiveTerminal uses which type of protocol to communicate with the agent on the endpoint?

A.NetBIOS over TCP
B.WebSocket
C.UDP and a random port
D.TCP, over port 80

정답:
Explanation:
Reference: https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-prevent-admin/endpoint-security/communication-between-cortex-xdr-and-agents.html

Question No : 14

A file is identified as malware by the Local Analysis module whereas WildFire verdict is Benign, Assuming WildFire is accurate .
Which statement is correct for the incident?

A.It is true positive.
B.It is false positive.
C.It is a false negative.
D.It is true negative.

정답:
Explanation:
Reference: https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-false-positive-cloud2model-manager-1-005/td-p/391391

Question No : 15

What kind of the threat typically encrypts userfiles?

A.ransomware
B.SQL injection attacks
C.Zero-day exploits
D.supply-chain attacks

정답:
Explanation:
Reference: https://www.proofpoint.com/us/threat-reference/ransomware#:~:text=Ransomware%20is%20a%20type%20of,ransom%20fee%20to%20the%20attacker

Paloalto Networks PCDRA 시험