Free Preparation Discussions
MENU
Palo Alto Networks PCDRA Exam Questions
- Topic 1: Describe how to use XDR to prevent supply chain attacks/ Categorize the types and structures of vulnerabilities
- Topic 2: Define product modules that help identify threats/ Summarize the generally available references for vulnerabilities
- Topic 3: Characterize the differences between incidents and alerts/ Identify the investigation capabilities of Cortex XDR
- Topic 4: Identify common investigation screens and processes/ Describe what actions can be performed using the live terminal
- Topic 5: Distinguish between automatic vs. manual remediations/ Describe how to fix false positives/ Describe basic remediation
- Topic 6: Describe how to use the Broker as a proxy between the agents and XDR in the Cloud/ Describe details of the ingestion methods
- Topic 7: Outline how Cortex XDR ingests other non-Palo Alto Networks data sources/ Describe how to use the Broker to activate Pathfinder
- Topic 8: Outline distributing and scheduling capabilities of Cortex XDR/ Identify the information needed for a given audience
- Topic 9: Explain the purpose and use of the query builder technique/ Explain the purpose and use of the IOC technique
- Topic 10: Differentiate between exploits and malware/ Outline ransomware threats/ Recognize the different types of attacks
- Topic 11: Identify the use of malware prevention modules (MPMs)/ Identify the profiles that must be configured for malware prevention
- Topic 12: Characterize the differences between application protection and kernel protection/ Characterize the differences between malware and exploits
- Topic 13: Identify the connection of analytic detection capabilities to MITRE/ List the options to highlight or suppress incidents
- Topic 14: Define communication options/channels to and from the client/ Distinguish between different proxies
- Topic 15: Identify legitimate threats (true positives) vs. illegitimate threats (false positives)/ Outline incident collaboration and management using XDR
Free Palo Alto Networks PCDRA Exam Actual Questions
Note: Premium Questions for PCDRA were last updated On Jan. 25, 2025 (see below)
What is an example of an attack vector for ransomware?
An example of an attack vector for ransomware is phishing emails containing malicious attachments. Phishing is a technique that involves sending fraudulent emails that appear to come from a legitimate source, such as a bank, a company, or a government agency. The emails typically contain a malicious attachment, such as a PDF document, a ZIP archive, or a Microsoft Office document, that contains ransomware or a ransomware downloader. When the recipient opens or downloads the attachment, the ransomware is executed and encrypts the files or data on the victim's system. The attacker then demands a ransom for the decryption key, usually in cryptocurrency.
Phishing emails are one of the most common and effective ways of delivering ransomware, as they can bypass security measures such as firewalls, antivirus software, or URL filtering. Phishing emails can also exploit the human factor, as they can trick the recipient into opening the attachment by using social engineering techniques, such as impersonating a trusted sender, creating a sense of urgency, or appealing to curiosity or greed. Phishing emails can also target specific individuals or organizations, such as executives, employees, or customers, in a technique called spear phishing, which increases the chances of success.
Top 7 Ransomware Attack Vectors & How to Avoid Becoming a Victim - Bitsight
What Is the Main Vector of Ransomware Attacks? A Definitive Guide
CryptoLocker Ransomware Information Guide and FAQ
[Locky Ransomware Information, Help Guide, and FAQ]
[WannaCry ransomware attack]
In Cortex XDR management console scheduled reports can be forwarded to which of the following applications/services?
Cortex XDR allows you to schedule reports and forward them to Slack, a cloud-based collaboration platform. You can configure the Slack channel, frequency, and recipients of the scheduled reports. You can also view the report history and status in the Cortex XDR management console.Reference:
What is an example of an attack vector for ransomware?
An example of an attack vector for ransomware is phishing emails containing malicious attachments. Phishing is a technique that involves sending fraudulent emails that appear to come from a legitimate source, such as a bank, a company, or a government agency. The emails typically contain a malicious attachment, such as a PDF document, a ZIP archive, or a Microsoft Office document, that contains ransomware or a ransomware downloader. When the recipient opens or downloads the attachment, the ransomware is executed and encrypts the files or data on the victim's system. The attacker then demands a ransom for the decryption key, usually in cryptocurrency.
Phishing emails are one of the most common and effective ways of delivering ransomware, as they can bypass security measures such as firewalls, antivirus software, or URL filtering. Phishing emails can also exploit the human factor, as they can trick the recipient into opening the attachment by using social engineering techniques, such as impersonating a trusted sender, creating a sense of urgency, or appealing to curiosity or greed. Phishing emails can also target specific individuals or organizations, such as executives, employees, or customers, in a technique called spear phishing, which increases the chances of success.
Top 7 Ransomware Attack Vectors & How to Avoid Becoming a Victim - Bitsight
What Is the Main Vector of Ransomware Attacks? A Definitive Guide
CryptoLocker Ransomware Information Guide and FAQ
[Locky Ransomware Information, Help Guide, and FAQ]
[WannaCry ransomware attack]
A Linux endpoint with a Cortex XDR Pro per Endpoint license and Enhanced Endpoint Data enabled has reported malicious activity, resulting in the creation of a file that you wish to delete. Which action could you take to delete the file?
The best action to delete the file on the Linux endpoint is to initiate Remediation Suggestions from the Cortex XDR console. Remediation Suggestions are a feature of Cortex XDR that provide you with recommended actions to undo the effects of malicious activity on your endpoints. You can view the remediation suggestions for each alert or incident in the Cortex XDR console, and decide whether to apply them or not. Remediation Suggestions can help you restore the endpoint to its original state, remove malicious files or processes, or fix registry or system settings. Remediation Suggestions are based on the forensic data collected by the Cortex XDR agent and the analysis performed by Cortex XDR.
The other options are incorrect for the following reasons:
A is incorrect because manually remediating the problem on the endpoint is not a convenient or efficient way to delete the file. Manually remediating the problem would require you to access the endpoint directly, log in as root, locate the file, and delete it. This would also require you to have the necessary permissions and credentials to access the endpoint, and to know the exact path and name of the file. Manually remediating the problem would also not provide you with any audit trail or confirmation of the deletion.
B is incorrect because opening X2go from the Cortex XDR console is not a supported or secure way to delete the file. X2go is a third-party remote desktop software that allows you to access Linux endpoints from a graphical user interface. However, X2go is not integrated with Cortex XDR, and using it would require you to install and configure it on both the Cortex XDR console and the endpoint. Using X2go would also expose the endpoint to potential network attacks or unauthorized access, and would not provide you with any audit trail or confirmation of the deletion.
D is incorrect because opening an NFS connection from the Cortex XDR console is not a feasible or reliable way to delete the file. NFS is a network file system protocol that allows you to access files on remote servers as if they were local. However, NFS is not integrated with Cortex XDR, and using it would require you to set up and maintain an NFS server and client on both the Cortex XDR console and the endpoint. Using NFS would also depend on the network availability and performance, and would not provide you with any audit trail or confirmation of the deletion.
How can you pivot within a row to Causality view and Timeline views for further investigate?
To pivot within a row to Causality view and Timeline views for further investigation, you can use the Open Card and Open Timeline actions respectively. The Open Card action will open a new tab with the Causality view of the selected row, showing the causal chain of events that led to the alert. The Open Timeline action will open a new tab with the Timeline view of the selected row, showing the chronological sequence of events that occurred on the affected endpoint. These actions allow you to drill down into the details of each alert and understand the root cause and impact of the incident.Reference:
Cortex XDR User Guide, Chapter 9: Investigate Alerts, Section: Pivot to Causality View and Timeline View
PCDRA Study Guide, Section 3: Investigate and Respond to Alerts, Objective 3.1: Investigate alerts using the Causality view and Timeline view
- Select Question Types you want
- Set your Desired Pass Percentage
- Allocate Time (Hours : Minutes)
- Create Multiple Practice tests with Limited Questions
- Customer Support
Avery
4 days agoMaia
13 days agoLezlie
17 days agoNguyet
28 days agoRenato
30 days agoSabrina
1 months agoAmira
1 months agoBreana
2 months agoLauran
2 months agoMalika
2 months agoDemetra
2 months agoAleta
2 months agoMarnie
2 months agoSabra
3 months agoKaycee
3 months agoYoulanda
4 months agoJess
4 months agoRhea
4 months agoColetta
4 months agoElmer
4 months agoVirgilio
5 months agoCiara
5 months agoAlbina
5 months agoAleta
6 months agoTarra
6 months agoJoaquin
7 months agoGenevive
7 months agoDudley
7 months agoRebbecca
7 months agoFrance
7 months agoJeniffer
9 months ago