• Home
  • Articles
  • [Q29-Q51] 2022 Updated PCDRA PDF for the PCDRA Tests Free Updated Today!

[Q29-Q51] 2022 Updated PCDRA PDF for the PCDRA Tests Free Updated Today!

Share

2022 Updated PCDRA PDF for the PCDRA Tests Free Updated Today!

Fully Updated Dumps PDF - Latest PCDRA Exam Questions and Answers


Get to know about the topics of the Palo Alto Networks PCDRA Certification Exam

The topics of the Palo Alto Networks PCDRA Certification Exam defined in the PCDRA Dumps is given as follows:

  • Reporting: 10%
  • Investigation: 20%
  • Remediation: 15%
  • Threats and Attacks: 10%

 

NEW QUESTION 29
Cortex XDR Analytics can alert when detecting activity matching the following MITRE ATT&CKTM techniques.

  • A. Exfiltration, Command and Control, Lateral Movement
  • B. Exfiltration, Command and Control, Collection
  • C. Exfiltration, Command and Control, Privilege Escalation
  • D. Exfiltration, Command and Control, Impact

Answer: A

 

NEW QUESTION 30
Where would you view the WildFire report in an incident?

  • A. under Response --> Action Center
  • B. next to relevant Key Artifacts in the incidents details page
  • C. under the gear icon --> Agent Audit Logs
  • D. on the HUB page at apps.paloaltonetworks.com

Answer: A

 

NEW QUESTION 31
A Linux endpoint with a Cortex XDR Pro per Endpoint license and Enhanced Endpoint Data enabled has reported malicious activity, resulting in the creation of a file that you wish to delete. Which action could you take to delete the file?

  • A. Open an NFS connection from the Cortex XDR console and delete the file.
  • B. Manually remediate the problem on the endpoint in question.
  • C. Open X2go from the Cortex XDR console and delete the file via X2go.
  • D. Initiate Remediate Suggestions to automatically delete the file.

Answer: B

 

NEW QUESTION 32
What is the purpose of the Cortex Data Lake?

  • A. the interface between firewalls and the Cortex XDR agents
  • B. a cloud-based storage facility where your firewall logs are stored
  • C. a local storage facility where your logs and alert data can be aggregated
  • D. the workspace for your Cortex XDR agents to detonate potential malware files

Answer: B

 

NEW QUESTION 33
An attacker tries to load dynamic libraries on macOS from an unsecure location. Which Cortex XDR module can prevent this attack?

  • A. DDL Security
  • B. Dylib Hijacking
  • C. Kernel Integrity Monitor (KIM)
  • D. Hot Patch Protection

Answer: B

Explanation:
Reference:
%20process

 

NEW QUESTION 34
When creating a BIOC rule, which XQL query can be used?

  • A. dataset = xdr_data
    | filter event_type = PROCESS and
    event_sub_type = PROCESS_START and
    action_process_image_name ~= ".*?\.(?:pdf|docx)\.exe"
  • B. dataset = xdr_data
    | filter event_sub_type = PROCESS_START and
    action_process_image_name ~= ".*?\.(?:pdf|docx)\.exe"
  • C. dataset = xdr_data
    | filter event_behavior = true
    event_sub_type = PROCESS_START and
    action_process_image_name ~= ".*?\.(?:pdf|docx)\.exe"
  • D. dataset = xdr_data
    | filter action_process_image_name ~= ".*?\.(?:pdf|docx)\.exe"
    | fields action_process_image

Answer: A

 

NEW QUESTION 35
While working the alerts involved in a Cortex XDR incident, an analyst has found that every alert in this incident requires an exclusion. What will the Cortex XDR console automatically do to this incident if all alerts contained have exclusions?

  • A. mark the incident as Resolved - False Positive
  • B. mark the incident as Unresolved
  • C. create a BIOC rule excluding this behavior
  • D. create an exception to prevent future false positives

Answer: A

 

NEW QUESTION 36
To create a BIOC rule with XQL query you must at a minimum filter on which field in order for it to be a valid BIOC rule?

  • A. threat_event
  • B. event_type
  • C. endpoint_name
  • D. causality_chain

Answer: B

 

NEW QUESTION 37
What is the standard installation disk space recommended to install a Broker VM?

  • A. 1GB disk space
  • B. 256GB disk space
  • C. 2GB disk space
  • D. 512GB disk space

Answer: D

 

NEW QUESTION 38
In Windows and macOS you need to prevent the Cortex XDR Agent from blocking execution of a file based on the digital signer. What is one way to add an exception for the singer?

  • A. Add the signer to the allow list under the action center page.
  • B. In the Restrictions Profile, add the file name and path to the Executable Files allow list.
  • C. Add the signer to the allow list in the malware profile.
  • D. Create a new rule exception and use the singer as the characteristic.

Answer: C

 

NEW QUESTION 39
Which of the following best defines the Windows Registry as used by the Cortex XDR agent?

  • A. a hierarchical database that stores settings for the operating system and for applications
  • B. a central system, available via the internet, for registering officially licensed versions of software to prove ownership
  • C. a system of files used by the operating system to commit memory that exceeds the available hardware resources. Also known as the "swap"
  • D. a ledger for maintaining accurate and up-to-date information on total disk usage and disk space remaining available to the operating system

Answer: A

 

NEW QUESTION 40
Which statement regarding scripts in Cortex XDR is true?

  • A. The script is run on the machine uploading the script to ensure that it is operational.
  • B. Any version of Python script can be run.
  • C. Any script can be imported including Visual Basic (VB) scripts.
  • D. The level of risk is assigned to the script upon import.

Answer: B

 

NEW QUESTION 41
If you have an isolated network that is prevented from connecting to the Cortex Data Lake, which type of Broker VM setup can you use to facilitate the communication?

  • A. Local Agent Proxy
  • B. Local Agent Installer and Content Caching
  • C. Broker VM Syslog Collector
  • D. Broker VM Pathfinder

Answer: B

 

NEW QUESTION 42
When viewing the incident directly, what is the "assigned to" field value of a new Incident that was just reported to Cortex?

  • A. Unassigned
  • B. New
  • C. It is blank
  • D. Pending

Answer: B

 

NEW QUESTION 43
When creating a scheduled report which is not an option?

  • A. Run daily at a certain time (selectable hours and minutes).
  • B. Run monthly on a certain day and time.
  • C. Run quarterly on a certain day and time.
  • D. Run weekly on a certain day and time.

Answer: C

 

NEW QUESTION 44
A file is identified as malware by the Local Analysis module whereas WildFire verdict is Benign, Assuming WildFire is accurate. Which statement is correct for the incident?

  • A. It is true negative.
  • B. It is false positive.
  • C. It is true positive.
  • D. It is a false negative.

Answer: B

 

NEW QUESTION 45
How does Cortex XDR agent for Windows prevent ransomware attacks from compromising the file system?

  • A. by patching vulnerable applications.
  • B. by utilizing decoy Files.
  • C. by encrypting the disk first.
  • D. by retrieving the encryption key.

Answer: B

 

NEW QUESTION 46
When using the "File Search and Destroy" feature, which of the following search hash type is supported?

  • A. SHA256 hash of the file
  • B. MD5 hash of the file
  • C. SHA1 hash of the file
  • D. AES256 hash of the file

Answer: A

 

NEW QUESTION 47
As a Malware Analyst working with Cortex XDR you notice an alert suggesting that there was a prevented attempt to open a malicious Word document. You learn from the WildFire report and AutoFocus that this document is known to have been used in Phishing campaigns since 2018. What steps can you take to ensure that the same document is not opened by other users in your organization protected by the Cortex XDR agent?

  • A. Create Behavioral Threat Protection (BTP) rules to recognize and prevent the activity.
  • B. No step is required because Cortex shares IOCs with our fellow Cyber Threat Alliance members.
  • C. Enable DLL Protection on all endpoints but there might be some false positives.
  • D. No step is required because the malicious document is already stopped.

Answer: A

 

NEW QUESTION 48
What license would be required for ingesting external logs from various vendors?

  • A. Cortex XDR Pro per Endpoint
  • B. Cortex XDR Pro per TB
  • C. Cortex XDR Vendor Agnostic Pro
  • D. Cortex XDR Cloud per Host

Answer: B

 

NEW QUESTION 49
In incident-related widgets, how would you filter the display to only show incidents that were "starred"?

  • A. Create a custom XQL widget
  • B. Click the star in the widget
  • C. This is not currently supported
  • D. Create a custom report and filter on starred incidents

Answer: B

Explanation:
Reference:
%20you%20clear%20the%20star

 

NEW QUESTION 50
Which two types of exception profiles you can create in Cortex XDR? (Choose two.)

  • A. role-based profiles that apply to specific endpoints
  • B. exception profiles that apply to specific endpoints
  • C. agent exception profiles that apply to specific endpoints
  • D. global exception profiles that apply to all endpoints

Answer: B,D

 

NEW QUESTION 51
......

Free PCDRA Exam Questions PCDRA Actual Free Exam Questions: https://testinsides.vcedumps.com/PCDRA-examcollection.html

Related Articles

more
Palo Alto Networks PCDRA Certification Practice Exam

VCEDumps is a joint venture for provding vce files free and valid dumps pdf. We guarantee VCEDumps dumps pdf help you pass exam 100% for sure. Not Valid, Full Refund!

Latest VCE Dumps

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 VCEDumps NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy