Most Recent Palo Alto Networks PCDRA Exam Questions & Answers

Prepare for the Palo Alto Networks Certified Detection and Remediation Analyst exam with our extensive collection of questions and answers. These practice Q&A are updated according to the latest syllabus, providing you with the tools needed to review and test your knowledge.

QA4Exam focus on the latest syllabus and exam objectives, our practice Q&A are designed to help you identify key topics and solidify your understanding. By focusing on the core curriculum, These Questions & Answers helps you cover all the essential topics, ensuring you're well-prepared for every section of the exam. Each question comes with a detailed explanation, offering valuable insights and helping you to learn from your mistakes. Whether you're looking to assess your progress or dive deeper into complex topics, our updated Q&A will provide the support you need to confidently approach the Palo Alto Networks PCDRA exam and achieve success.

The questions for PCDRA were last updated on Nov 23, 2024.

Viewing page 1 out of 18 pages.
Viewing questions 1-5 out of 91 questions

Get All 91 Questions & Answers

Question No. 1

Which built-in dashboard would be the best option for an executive, if they were looking for the Mean Time to Resolution (MTTR) metric?

ASecurity Manager Dashboard

BData Ingestion Dashboard

CSecurity Admin Dashboard

DIncident Management Dashboard

Show Answer

Correct Answer: D

The Incident Management Dashboard provides a high-level overview of the incident response process, including the Mean Time to Resolution (MTTR) metric. This metric measures the average time it takes to resolve an incident from the moment it is created to the moment it is closed. The dashboard also shows the number of incidents by status, severity, and assigned analyst, as well as the top alerts by category, source, and destination. The Incident Management Dashboard is designed for executives and managers who want to monitor the performance and efficiency of their security teams.Reference: [PCDRA Study Guide], page 18.

Question No. 2

Which version of python is used in live terminal?

APython 2 and 3 with standard Python libraries

BPython 2 and 3 with specific XDR Python libraries developed by Palo Alto Networks

CPython 3 with specific XDR Python libraries developed by Palo Alto Networks

DPython 3 with standard Python libraries

Show Answer

Correct Answer: D

Live terminal uses Python 3 with standard Python libraries to run Python commands and scripts on the endpoint. Live terminal does not support Python 2 or any custom or external Python libraries. Live terminal uses the Python interpreter embedded in the Cortex XDR agent, which is based on Python 3.7.4. The standard Python libraries are the modules that are included with the Python installation and provide a wide range of functionalities, such as operating system interfaces, network programming, data processing, and more. You can use the Python commands and scripts to perform advanced tasks or automation on the endpoint, such as querying system information, modifying files or registry keys, or running other applications.Reference:

Run Python Commands and Scripts

Python Standard Library

Question No. 3

When reaching out to TAC for additional technical support related to a Security Event; what are two critical pieces of information you need to collect from the Agent? (Choose Two)

AThe agent technical support file.

BThe prevention archive from the alert.

CThe distribution id of the agent.

DA list of all the current exceptions applied to the agent.

EThe unique agent id.

Show Answer

Correct Answer: A, B

When reaching out to TAC for additional technical support related to a security event, two critical pieces of information you need to collect from the agent are:

The agent technical support file. This is a file that contains diagnostic information about the agent, such as its configuration, status, logs, and system information. The agent technical support file can help TAC troubleshoot and resolve issues with the agent or the endpoint. You can generate and download the agent technical support file from the Cortex XDR console, or from the agent itself.

The prevention archive from the alert. This is a file that contains forensic data related to the alert, such as the process tree, the network activity, the registry changes, and the files involved. The prevention archive can help TAC analyze and understand the alert and the malicious activity. You can generate and download the prevention archive from the Cortex XDR console, or from the agent itself.

The other options are not critical pieces of information for TAC, and may not be available or relevant for every security event. For example:

The distribution id of the agent is a unique identifier that is assigned to the agent when it is installed on the endpoint. The distribution id can help TAC identify the agent and its profile, but it is not sufficient to provide technical support or forensic analysis. The distribution id can be found in the Cortex XDR console, or in the agent installation folder.

A list of all the current exceptions applied to the agent is a set of rules that define the files, processes, or behaviors that are excluded from the agent's security policies. The exceptions can help TAC understand the agent's configuration and behavior, but they are not essential to provide technical support or forensic analysis. The exceptions can be found in the Cortex XDR console, or in the agent configuration file.

The unique agent id is a unique identifier that is assigned to the agent when it registers with Cortex XDR. The unique agent id can help TAC identify the agent and its endpoint, but it is not sufficient to provide technical support or forensic analysis. The unique agent id can be found in the Cortex XDR console, or in the agent log file.

Generate and Download the Agent Technical Support File

Generate and Download the Prevention Archive

Cortex XDR Agent Administrator Guide: Agent Distribution ID

Cortex XDR Agent Administrator Guide: Exception Security Profiles

[Cortex XDR Agent Administrator Guide: Unique Agent ID]

Question No. 4

Can you disable the ability to use the Live Terminal feature in Cortex XDR?

AYes, via the Cortex XDR console or with an installation switch.

BNo, a separate installer package without Live Terminal is required.

CNo, it is a required feature of the agent.

DYes, via Agent Settings Profile.

Show Answer

Correct Answer: D

The Live Terminal feature in Cortex XDR allows you to initiate a remote connection to an endpoint and perform various actions such as running commands, uploading and downloading files, and terminating processes. You can disable the ability to use the Live Terminal feature in Cortex XDR by configuring the Agent Settings Profile. The Agent Settings Profile defines the behavior and functionality of the Cortex XDR agent on the endpoint. You can create different profiles for different groups of endpoints and assign them accordingly. To disable the Live Terminal feature, you need to uncheck theEnable Live Terminaloption in the Agent Settings Profile and save the changes. This will prevent the Cortex XDR agent from accepting any Live Terminal requests from the Cortex XDR management console.Reference:

Live Terminal: This document explains how to use the Live Terminal feature to investigate and respond to security events on Windows endpoints.

Agent Settings Profile: This document describes how to create and manage Agent Settings Profiles to define the behavior and functionality of the Cortex XDR agent on the endpoint.

Question No. 5

When using the ''File Search and Destroy'' feature, which of the following search hash type is supported?

ASHA256 hash of the file

BAES256 hash of the file

CMD5 hash of the file

DSHA1 hash of the file

Show Answer

Correct Answer: A

The File Search and Destroy feature is a capability of Cortex XDR that allows you to search for and delete malicious or unwanted files across your endpoints. You can use this feature to quickly respond to incidents, remediate threats, and enforce compliance policies. To use the File Search and Destroy feature, you need to specify the file name and the file hash of the file you want to search for and delete. The file hash is a unique identifier of the file that is generated by a cryptographic hash function. The file hash ensures that you are targeting the exact file you want, and not a file with a similar name or a different version. The File Search and Destroy feature supports the SHA256 hash type, which is a secure hash algorithm that produces a 256-bit (32-byte) hash value. The SHA256 hash type is widely used for file integrity verification and digital signatures. The File Search and Destroy feature does not support other hash types, such as AES256, MD5, or SHA1, which are either encryption algorithms or less secure hash algorithms.Therefore, the correct answer is A, SHA256 hash of the file1234

File Search and Destroy