Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Palo Alto Networks Exam PCDRA Topic 11 Question 65 Discussion

Actual exam question for Palo Alto Networks's PCDRA exam
Question #: 65
Topic #: 11
[All PCDRA Questions]

Cortex XDR is deployed in the enterprise and you notice a cobalt strike attack via an ongoing supply chain compromise was prevented on 1 server. What steps can you take to ensure the same protection is extended to all your servers?

Show Suggested Answer Hide Answer
Suggested Answer: D

The best step to ensure the same protection is extended to all your servers is to create indicators of compromise (IOCs) of the malicious files you have found to prevent their execution. IOCs are pieces of information that indicate a potential threat or compromise on an endpoint, such as file hashes, IP addresses, domain names, or registry keys. You can create IOCs in Cortex XDR to block or alert on any file or network activity that matches the IOCs. By creating IOCs of the malicious files involved in the cobalt strike attack, you can prevent them from running or spreading on any of your servers.

The other options are not the best steps for the following reasons:

A is not the best step because conducting a thorough Endpoint Malware scan may not detect or prevent the cobalt strike attack if the malicious files are obfuscated, encrypted, or hidden. Endpoint Malware scan is a feature of Cortex XDR that allows you to scan endpoints for known malware and quarantine any malicious files found. However, Endpoint Malware scan may not be effective against unknown or advanced threats that use evasion techniques to avoid detection.

B is not the best step because enabling DLL Protection on all servers may cause some false positives and disrupt legitimate applications. DLL Protection is a feature of Cortex XDR that allows you to block or alert on any DLL loading activity that matches certain criteria, such as unsigned DLLs, DLLs loaded from network locations, or DLLs loaded by specific processes. However, DLL Protection may also block or alert on benign DLL loading activity that is part of normal system or application operations, resulting in false positives and performance issues.

C is not the best step because enabling Behavioral Threat Protection (BTP) with cytool may not prevent the attack from spreading if the malicious files are already on the endpoints or if the attack uses other methods to evade detection. Behavioral Threat Protection is a feature of Cortex XDR that allows you to block or alert on any endpoint behavior that matches certain patterns, such as ransomware, credential theft, or lateral movement. Cytool is a command-line tool that allows you to configure and manage the Cortex XDR agent on the endpoint. However, Behavioral Threat Protection may not prevent the attack from spreading if the malicious files are already on the endpoints or if the attack uses other methods to evade detection, such as encryption, obfuscation, or proxy servers.


Create IOCs

Scan an Endpoint for Malware

DLL Protection

Behavioral Threat Protection

Cytool for Windows

by Clorinda at Sep 19, 2024, 06:27 AM

Limited Time Offer

25%

Off

Get Premium PCDRA Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Janae
12 days ago
I'd say option C is the way to go. Behavioral Threat Protection with cytool? Sounds like a party! Just don't forget to bring the snacks and energy drinks, because this is gonna be an all-nighter.
upvoted 0 times
...
Tyisha
14 days ago
Option A? Seriously? Malware scans are so 2010. We need some real cybersecurity magic, like Cortex XDR. Let's put on our best wizard hats and make this attack disappear!
upvoted 0 times
...
Clare
19 days ago
Option D sounds like a good idea, but I'm not sure how effective it will be in the long run. Might as well just unplug all the servers and call it a day. Less chance of getting hacked that way.
upvoted 0 times
Carlota
2 days ago
Option D sounds like a good idea, but I'm not sure how effective it will be in the long run.
upvoted 0 times
...
...
Bette
22 days ago
I would say option B is the way to go. DLL Protection might have some false positives, but better safe than sorry, right? Gotta keep those servers locked down tight.
upvoted 0 times
Kimbery
39 minutes ago
I agree, option B sounds like a good precaution to take.
upvoted 0 times
...
...
Keva
26 days ago
I think conducting a thorough Endpoint Malware scan is also important to ensure all servers are protected.
upvoted 0 times
...
Elly
1 months ago
I agree with An, but we should also create IOCs of the malicious files.
upvoted 0 times
...
Gianna
1 months ago
Definitely go with option C. Behavioral Threat Protection is the way to go to prevent the spread of the attack. Who needs sleep when you have cytool, am I right?
upvoted 0 times
Marti
17 days ago
Let's make sure all servers are protected with Behavioral Threat Protection.
upvoted 0 times
...
Chara
23 days ago
Cytool is a powerful tool to have in your arsenal for security.
upvoted 0 times
...
Carry
29 days ago
I agree, option C is the best choice to prevent the attack from spreading.
upvoted 0 times
...
...
An
1 months ago
I think we should enable Behavioral Threat Protection (BTP) with cytool.
upvoted 0 times
...

Save Cancel