Palo Alto Networks PCDRA Exam Practice Test Instant Access

Question 1

Where would you go to add an exception to exclude a specific file hash from examination by the Malware profile for a Windows endpoint?

AFind the Malware profile attached to the endpoint, Under Portable Executable and DLL Examination add the hash to the allow list.

BFrom the rules menu select new exception, fill out the criteria, choose the scope to apply it to, hit save.

CFind the exceptions profile attached to the endpoint, under process exceptions select local analysis, paste the hash and save.

DIn the Action Center, choose Allow list, select new action, select add to allow list, add your hash to the list, and apply it.

Answer : B

Question 2

Which two types of exception profiles you can create in Cortex XDR? (Choose two.)

Aexception profiles that apply to specific endpoints

Bagent exception profiles that apply to specific endpoints

Cglobal exception profiles that apply to all endpoints

Drole-based profiles that apply to specific endpoints

Answer : A, C

Question 3

What is the outcome of creating and implementing an alert exclusion?

AThe Cortex XDR agent will allow the process that was blocked to run on the endpoint.

BThe Cortex XDR console will hide those alerts.

CThe Cortex XDR agent will not create an alert for this event in the future.

DThe Cortex XDR console will delete those alerts and block ingestion of them in the future.

Answer : B

Question 4

A file is identified as malware by the Local Analysis module whereas WildFire verdict is Benign, Assuming WildFire is accurate. Which statement is correct for the incident?

AIt is true positive.

BIt is false positive.

CIt is a false negative.

DIt is true negative.

Answer : B

Question 5

When selecting multiple Incidents at a time, what options are available from the menu when a user right-clicks the incidents? (Choose two.)

AAssign incidents to an analyst in bulk.

BChange the status of multiple incidents.

CInvestigate several Incidents at once.

DDelete the selected Incidents.

Answer : A, B

Question 6

Cortex XDR Analytics can alert when detecting activity matching the following MITRE ATT&CKTM techniques.

AExfiltration, Command and Control, Collection

BExfiltration, Command and Control, Privilege Escalation

CExfiltration, Command and Control, Impact

DExfiltration, Command and Control, Lateral Movement

Answer : D

Question 7

What is by far the most common tactic used by ransomware to shut down a victim's operation?

Apreventing the victim from being able to access APIs to cripple infrastructure

Bdenying traffic out of the victims network until payment is received

Crestricting access to administrative accounts to the victim

Dencrypting certain files to prevent access by the victim

Answer : D

Palo Alto Networks Certified Detection and Remediation Analyst Exam Practice Test

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7