PCDRA Exam Questions
104 real PCDRA exam questions with expert-verified answers and explanations. Page 1 of 3.
- Question #1Threat Hunting
Phishing belongs which of the following MITRE ATT&CK tactics?
MITRE ATT&CKPhishingInitial AccessReconnaissance - Question #2Detection and Alert Management
When creating a BIOC rule, which XQL query can be used?
BIOC rulesXQLCortex XDRDetection - Question #3Reporting and Tuning
Which built-in dashboard would be the best option for an executive, if they were looking for the Mean Time to Resolution (MTTR) metric?
DashboardsMTTRSecurity Operations MetricsExecutive Reporting - Question #4Investigation and Response
What are two purposes of "Respond to Malicious Causality Chains" in a Cortex XDR Windows Malware profile? (Choose two.)
Cortex XDR Malware ProfileAutomated Response ActionsMalicious Causality Chains - Question #5Reporting and Tuning
When creating a custom XQL query in a dashboard, how would a user save that XQL query to the Widget Library?
XQL QueryDashboard ManagementWidget LibraryCortex XDR UI - Question #6Cortex XDR Architecture and Agent Deployment
What license would be required for ingesting external logs from various vendors?
Cortex XDR LicensingLog IngestionExternal LogsData Ingestion Volume - Question #7Detection and Alert Management
An attacker tries to load dynamic libraries on macOS from an unsecure location. Which Cortex XDR module can prevent this attack?
Cortex XDR ModulesmacOS SecurityDylib HijackingEndpoint Prevention - Question #8Threat Hunting
What is the purpose of the Unit 42 team?
Unit 42Threat ResearchMalware AnalysisThreat Hunting - Question #9Detection and Alert Management
Which Type of IOC can you define in Cortex XDR?
IOCCortex XDRThreat IntelligenceDetection - Question #10Detection and Alert Management
When viewing the incident directly, what is the "assigned to" field value of a new Incident that was just reported to Cortex?
Incident ManagementDefault Incident FieldsCortex XDR - Question #11Investigation and Response
In incident-related widgets, how would you filter the display to only show incidents that were "starred"?
IncidentsWidgetsFilteringUI Navigation - Question #12Investigation and Response
Where would you view the WildFire report in an incident?
WildFire reportIncident detailsCortex XDR UIIncident investigation - Question #13Detection and Alert Management
What does the following output tell us?
Cortex XDR incidentsIncident severityAlert managementDetection interpretation - Question #14Cortex XDR Architecture and Agent Deployment
What is the standard installation disk space recommended to install a Broker VM?
Broker VMInstallation RequirementsDisk Space - Question #15Cortex XDR Architecture and Agent Deployment
Where can SHA256 hash values be used in Cortex XDR Malware Protection Profiles?
Cortex XDRMalware Protection ProfilesSHA256 WhitelistingAllowed Executables - Question #16Cortex XDR Architecture and Agent Deployment
How does Cortex XDR agent for Windows prevent ransomware attacks from compromising the file system?
Cortex XDR agentRansomware preventionDecoy filesEndpoint security - Question #17Cortex XDR Architecture and Agent Deployment
What functionality of the Broker VM would you use to ingest third-party firewall logs to the Cortex Data Lake?
Broker VMSyslog CollectorLog IngestionCortex Data Lake - Question #18Cortex XDR Architecture and Agent Deployment
In the deployment of which Broker VM applet are you required to install a strong cipher SHA256- based SSL certificate?
Cortex XDR Broker VMAgent DeploymentSSL CertificatesSecurity Configuration - Question #19Cortex XDR Architecture and Agent Deployment
When is the wss (WebSocket Secure) protocol used?
wss protocolWebSocket SecureCortex XDR agent communicationBidirectional communication - Question #20Cortex XDR Architecture and Agent Deployment
With a Cortex XDR Prevent license, which objects are considered to be sensors?
Cortex XDR agentsCortex XDR architectureSensors - Question #21Cortex XDR Architecture and Agent Deployment
Which license is required when deploying Cortex XDR agent on Kubernetes Clusters as a DaemonSet?
Cortex XDR licensingKubernetes deploymentCloud workload protectionDaemonSet - Question #22Detection and Alert Management
Which statement is true for Application Exploits and Kernel Exploits?
ExploitsApplication ExploitsKernel ExploitsAttack Goals - Question #23Detection and Alert Management
To create a BIOC rule with XQL query you must at a minimum filter on which field in order for it to be a valid BIOC rule?
BIOC RulesXQLCustom DetectionsRule Creation - Question #24Investigation and Response
Which of the following is an example of a successful exploit?
ExploitationVulnerabilityAttack TechniquesMalware Behavior - Question #25Detection and Alert Management
Which of the following represents the correct relation of alerts to incidents?
AlertsIncidentsCausality ChainsAlert Grouping - Question #26Cortex XDR Architecture and Agent Deployment
Which of the following protection modules is checked first in the Cortex XDR Windows agent malware protection flow?
Cortex XDR AgentMalware ProtectionProtection FlowSecurity Modules Order - Question #28Detection and Alert Management
Network attacks follow predictable patterns. If you interfere with any portion of this pattern, the attack will be neutralized. Which of the following statements is correct?
Cortex XDR AnalyticsAttack detectionBehavioral analysisEndpoint security - Question #29Investigation and Response
After scan, how does file quarantine function work on an endpoint?
Endpoint SecurityFile QuarantineThreat ResponseCortex XDR - Question #30Cortex XDR Architecture and Agent Deployment
Which two types of exception profiles you can create in Cortex XDR? (Choose two.)
Exception ProfilesPolicy ManagementEndpoint SecurityCortex XDR Configuration - Question #31Cortex XDR Architecture and Agent Deployment
Which profiles can the user use to configure malware protection in the Cortex XDR console?
Cortex XDR configurationMalware protectionSecurity profilesEndpoint security - Question #32Detection and Alert Management
Which module provides the best visibility to view vulnerabilities?
Cortex XDRHost InsightsVulnerability managementEndpoint visibility - Question #33Investigation and Response
Which of the following is NOT a precanned script provided by Palo Alto Networks?
Cortex XDRResponse ActionsLive TerminalPrecanned Scripts - Question #34Cortex XDR Architecture and Agent Deployment
Live Terminal uses which type of protocol to communicate with the agent on the endpoint?
Live TerminalAgent CommunicationWebSocket Protocol - Question #35Investigation and Response
You can star security events in which two ways? (Choose two.)
Incident ManagementAlert ManagementEvent PrioritizationCortex XDR Features - Question #36Reporting and Tuning
Where would you go to add an exception to exclude a specific file hash from examination by the Malware profile for a Windows endpoint?
Cortex XDR exceptionsMalware profilesPolicy configurationFile hash exclusion - Question #37Investigation and Response
As a Malware Analyst working with Cortex XDR you notice an alert suggesting that there was a prevented attempt to open a malicious Word document. You learn from the WildFire report...
Behavioral Threat ProtectionPrevention PoliciesThreat IntelligenceCortex XDR Prevention - Question #38Investigation and Response
When investigating security events, which feature in Cortex XDR is useful for reverting the changes on the endpoint?
Cortex XDR featuresEndpoint remediationRemediation suggestionsIncident response - Question #39Cortex XDR Architecture and Agent Deployment
What is the purpose of the Cortex Data Lake?
Cortex Data LakeLog StorageCloud InfrastructureFirewall Logs - Question #40Reporting and Tuning
When creating a scheduled report which is not an option?
Scheduled ReportsReport SchedulingReporting FeaturesCortex XDR Reporting - Question #41Investigation and Response
Which statement regarding scripts in Cortex XDR is true?
Script managementCortex XDR featuresRisk classificationAutomation - Question #42Detection and Alert Management
What is the function of WildFire for Cortex XDR?
WildFireSample AnalysisThreat Verdict - Question #43Threat Hunting
What is the action taken out by Managed Threat Hunting team for Zero Day Exploits?
Managed Threat HuntingZero-Day ExploitsThreat InvestigationIncident Reporting - Question #44Detection and Alert Management
What is an example of an attack vector for ransomware?
Attack VectorRansomwarePhishingMalware Delivery - Question #45Detection and Alert Management
What should you do to automatically convert leads into alerts after investigating a lead?
BIOC rulesLead managementAutomated detectionAlert creation - Question #46Investigation and Response
When reaching out to TAC for additional technical support related to a Security Event; what are two critical pieces of information you need to collect from the Agent? (Choose two.)
TAC SupportAgent TroubleshootingSecurity Event ResponseDiagnostic Data - Question #47Investigation and Response
Which function describes the removal of a specific file from its location on a local or removable drive to a protected folder to prevent the file from being executed?
QuarantineEndpoint ProtectionMalware PreventionFile Remediation - Question #48Cortex XDR Architecture and Agent Deployment
What is the maximum number of agents one Broker VM local agent applet can support?
Broker VM capacityLocal Agent AppletCortex XDR architectureAgent management - Question #49Investigation and Response
Which of the following represents a common sequence of cyber attack tactics?
Cyber Kill ChainAttack lifecycleAdversary tacticsIncident investigation - Question #50Cortex XDR Architecture and Agent Deployment
Which Exploit Protection Module (EPM) can be used to prevent attacks based on OS function?
Cortex XDRExploit ProtectionEPMDLL Security - Question #51Cortex XDR Architecture and Agent Deployment
Which statement is correct based on the report output below?
ReportingData CollectionAgent ConfigurationHost Inventory