XDR-ANALYST Exam Questions
105 real XDR-ANALYST exam questions with expert-verified answers and explanations. Page 1 of 3.
- Question #1
What is the standard installation disk space recommended to install a Broker VM?
- Question #2
Where can SHA256 hash values be used in Cortex XDR Malware Protection Profiles?
- Question #3
How does Cortex XDR agent for Windows prevent ransomware attacks from compromising the file system?
- Question #4
What functionality of the Broker VM would you use to ingest third-party firewall logs to the Cortex Data Lake?
- Question #5
In the deployment of which Broker VM applet are you required to install a strong cipher SHA256- based SSL certificate?
- Question #6
What is the outcome of creating and implementing an alert exclusion?
- Question #7
Which statement is true for Application Exploits and Kernel Exploits?
- Question #8
To create a BIOC rule with XQL query you must at a minimum filter on which field in order for it to be a valid BIOC rule?
- Question #9
Which of the following is an example of a successful exploit?
- Question #10
Which of the following represents the correct relation of alerts to incidents?
- Question #11
Which of the following protection modules is checked first in the Cortex XDR Windows agent malware protection flow?
- Question #12
While working the alerts involved in a Cortex XDR incident, an analyst has found that every alert in this incident requires an exclusion. What will the Cortex XDR console automatic...
- Question #13
Network attacks follow predictable patterns. If you interfere with any portion of this pattern, the attack will be neutralized. Which of the following statements is correct?
- Question #14
After scan, how does file quarantine function work on an endpoint?
- Question #15
Which two types of exception profiles you can create in Cortex XDR? (Choose two.)
- Question #16
Which profiles can the user use to configure malware protection in the Cortex XDR console?
- Question #17
Which module provides the best visibility to view vulnerabilities?
- Question #18
Which of the following is NOT a precanned script provided by Palo Alto Networks?
- Question #19
Live Terminal uses which type of protocol to communicate with the agent on the endpoint?
- Question #20
You can star security events in which two ways? (Choose two.)
- Question #21
Where would you go to add an exception to exclude a specific file hash from examination by the Malware profile for a Windows endpoint?
- Question #22
As a Malware Analyst working with Cortex XDR you notice an alert suggesting that there was a prevented attempt to open a malicious Word document. You learn from the WildFire report...
- Question #23
When investigating security events, which feature in Cortex XDR is useful for reverting the changes on the endpoint?
- Question #24
What is the purpose of the Cortex Data Lake?
- Question #25
When creating a scheduled report which is not an option?
- Question #26
Which statement regarding scripts in Cortex XDR is true?
- Question #27
What is the function of WildFire for Cortex XDR?
- Question #28
A Linux endpoint with a Cortex XDR Pro per Endpoint license and Enhanced Endpoint Data enabled has reported malicious activity, resulting in the creation of a file that you wish to...
- Question #29
Which of the following best defines the Windows Registry as used by the Cortex XDR agent?
- Question #30
Which statement best describes how Behavioral Threat Protection (BTP) works?
- Question #31
Which of the following policy exceptions applies to the following description? `An exception allowing specific PHP files'
- Question #32
In the Cortex XDR console, from which two pages are you able to manually perform the agent upgrade action? (Choose two.)
- Question #33
What motivation do ransomware attackers have for returning access to systems once their victims have paid?
- Question #34
What is the action taken out by Managed Threat Hunting team for Zero Day Exploits?
- Question #35
Which Exploit Prevention Module (EPM) provides better entropy for randomization of memory locations?
- Question #36
Which statement is correct based on the report output below?
- Question #37
What contains a logical schema in an XQL query?
- Question #38
Under which conditions is Local Analysis evoked to evaluate a file before the file is allowed to run?
- Question #39
In Cortex XDR management console scheduled reports can be forwarded to which of the following applications/services?
- Question #40
Can you disable the ability to use the Live Terminal feature in Cortex XDR?
- Question #41
Which of the following represents a common sequence of cyber-attack tactics?
- Question #42
What is the maximum number of agents one Broker VM local agent applet can support?
- Question #43
Which Exploit Protection Module (EPM) can be used to prevent attacks based on OS function?
- Question #44
Why would one threaten to encrypt a hypervisor or, potentially, a multiple number of virtual machines running on a server?
- Question #45
Which minimum Cortex XDR agent version is required for Kubernetes Cluster?
- Question #46
The Cortex XDR console has triggered an incident, blocking a vitally important piece of software in your organization that is known to be benign. Which of the following options wou...
- Question #47
Which of the following paths will successfully activate Remediation Suggestions?
- Question #48
What is an example of an attack vector for ransomware?
- Question #49
What is the Wildfire analysis file size limit for Windows PE files?
- Question #50
How can you pivot within a row to Causality view and Timeline views for further investigate?