Free Preparation Discussions
MENU
Palo Alto Networks PCDRA Exam Questions
- Topic 1: Threats and Attacks: This section of the exam measures the skills of Cybersecurity Analysts and covers various attack types, including exploits, malware, file-less attacks, supply chain threats, and ransomware. Candidates must differentiate between threats and attacks while understanding how security modules identify risks. Recognizing attack tactics and understanding the MITRE framework are also key aspects of this section. One skill assessed is identifying legitimate threats versus false positives in security analysis.
- Topic 2: Prevention and Detection: This section of the exam measures the skills of Security Engineers and focuses on defense mechanisms against cyber threats. Candidates must understand ransomware defense systems, device management techniques, and methods to prevent agent-based attacks.
- Topic 3: Investigation: This section of the exam measures the skills of Incident Response Specialists and involves using Cortex XDR for security investigations. Candidates must learn how to navigate the console, use remote terminal options, and distinguish between incidents and alerts.
- Topic 4: Remediation: This section of the exam measures the skills of Security Operations Analysts and focuses on implementing remediation strategies. Candidates will explore the differences between automatic and manual remediation processes, how to run scripts for mitigation, and how to address false positives in security alerts.
- Topic 5: Threat Hunting: This section of the exam measures the skills of a Security Operations Analyst and covers proactive threat detection techniques. Candidates will learn about various tools, including Indicators of Compromise (IOC), Behavioral Indicators of Compromise (BIOC), and the XQL query language for threat hunting.
- Topic 6: Reporting: This section of the exam measures the skills of Security Analysts and evaluates the ability to generate and interpret security reports using Cortex XDR. Candidates must understand how to leverage reporting tools to provide insights into security incidents, system vulnerabilities, and attack trends.
- Topic 7: Architecture: This section of the exam measures the skills of a Security Operations Analyst and covers the structural components of Cortex XDR. Candidates must understand the role of the Cortex XDR Data Lake, Cortex Agent, and Cortex Console. The architecture of Cortex XDR across different operating systems is also explored, including how security functions vary between platforms.
Free Palo Alto Networks PCDRA Exam Actual Questions
Note: Premium Questions for PCDRA were last updated On Jul. 04, 2025 (see below)
What is the standard installation disk space recommended to install a Broker VM?
The Broker VM for Cortex XDR is a virtual machine that serves as the central communication hub for all Cortex XDR agents deployed in your organization. It enables agents to communicate with the Cortex XDR cloud service and allows you to manage and monitor the agents' activities from a centralized location. The system requirements for the Broker VM are as follows:
CPU: 4 cores
RAM: 8 GB
Disk space: 256 GB
Network: Internet access and connectivity to all Cortex XDR agents
The disk space requirement is based on the number of agents and the frequency of content updates. The Broker VM stores the content updates locally and distributes them to the agents. The disk space also depends on the retention period of the content updates, which can be configured in the Broker VM settings. The default retention period is 30 days.
As a Malware Analyst working with Cortex XDR you notice an alert suggesting that there was a prevented attempt to download Cobalt Strike on one of your servers. Days later, you learn about a massive ongoing supply chain attack. Using Cortex XDR you recognize that your server was compromised by the attack and that Cortex XDR prevented it. What steps can you take to ensure that the same protection is extended to all your servers?
Let's briefly discuss the other options to provide a comprehensive explanation:
D) Enable Behavioral Threat Protection (BTP) with cytool to prevent the attack from spreading: This is not the correct answer. Enabling BTP with cytool will not ensure that the same protection is extended to all your servers. BTP is a feature of Cortex XDR that allows you to create custom rules that detect and block malicious or suspicious behaviors on your endpoints, such as file execution, process injection, network connection, or registry modification. BTP rules can help to prevent the attack from spreading, but they need to be created and configured in the Cortex XDR app, not with cytool. Cytool is a command-line tool that allows you to perform various operations on the Cortex XDR agent, such as installing, uninstalling, upgrading, or troubleshooting. Cytool does not have an option to enable or configure BTP rules.
In conclusion, to ensure that the same protection is extended to all your servers, you need to create BTP rules to recognize and prevent the activity. By using BTP rules, you can create custom and flexible prevention rules that match the behaviors of the supply chain attack.
[Cytool]
Which of the following protection modules is checked first in the Cortex XDR Windows agent malware protection flow?
What is the standard installation disk space recommended to install a Broker VM?
The Broker VM for Cortex XDR is a virtual machine that serves as the central communication hub for all Cortex XDR agents deployed in your organization. It enables agents to communicate with the Cortex XDR cloud service and allows you to manage and monitor the agents' activities from a centralized location. The system requirements for the Broker VM are as follows:
CPU: 4 cores
RAM: 8 GB
Disk space: 256 GB
Network: Internet access and connectivity to all Cortex XDR agents
The disk space requirement is based on the number of agents and the frequency of content updates. The Broker VM stores the content updates locally and distributes them to the agents. The disk space also depends on the retention period of the content updates, which can be configured in the Broker VM settings. The default retention period is 30 days.
Which of the following is NOT a precanned script provided by Palo Alto Networks?
Palo Alto Networks provides a set of precanned scripts that you can use to perform various actions on your endpoints, such as deleting files, killing processes, or quarantining malware. The precanned scripts are written in Python and are available in the Agent Script Library in the Cortex XDR console. You can use the precanned scripts as they are, or you can customize them to suit your needs. The precanned scripts are:
delete_file: Deletes a specific file from a local or removable drive.
quarantine_file: Moves a specific file from its location on a local or removable drive to a protected folder and prevents it from being executed.
process_kill_name: Kills a process by its name on the endpoint.
process_kill_pid: Kills a process by its process ID (PID) on the endpoint.
process_kill_tree: Kills a process and all its child processes by its name on the endpoint.
process_kill_tree_pid: Kills a process and all its child processes by its PID on the endpoint.
process_list: Lists all the processes running on the endpoint, along with their names, PIDs, and command lines.
process_list_tree: Lists all the processes running on the endpoint, along with their names, PIDs, command lines, and parent processes.
process_start: Starts a process on the endpoint by its name or path.
registry_delete_key: Deletes a registry key and all its subkeys and values from the Windows registry.
registry_delete_value: Deletes a registry value from the Windows registry.
registry_list_key: Lists all the subkeys and values under a registry key in the Windows registry.
registry_list_value: Lists the value and data of a registry value in the Windows registry.
registry_set_value: Sets the value and data of a registry value in the Windows registry.
The script list_directories isnota precanned script provided by Palo Alto Networks. It is a custom script that you can write yourself using Python commands.
Agent Script Library
Precanned Scripts
- Select Question Types you want
- Set your Desired Pass Percentage
- Allocate Time (Hours : Minutes)
- Create Multiple Practice tests with Limited Questions
- Customer Support
Tanja
5 days agoBettina
19 days agoLino
28 days agoDevorah
2 months agoBlondell
2 months agoShannon
2 months agoTiera
3 months agoKrissy
3 months agoViola
4 months agoMiesha
4 months agoLynsey
4 months agoRaylene
4 months agoLavonna
5 months agoAnnice
5 months agoVenita
5 months agoAvery
6 months agoMaia
6 months agoLezlie
6 months agoNguyet
6 months agoRenato
6 months agoSabrina
7 months agoAmira
7 months agoBreana
7 months agoLauran
7 months agoMalika
7 months agoDemetra
8 months agoAleta
8 months agoMarnie
8 months agoSabra
8 months agoKaycee
9 months agoYoulanda
9 months agoJess
9 months agoRhea
9 months agoColetta
9 months agoElmer
10 months agoVirgilio
10 months agoCiara
10 months agoAlbina
11 months agoAleta
12 months agoTarra
12 months agoJoaquin
1 years agoGenevive
1 years agoDudley
1 years agoRebbecca
1 years agoFrance
1 years agoJeniffer
1 years ago