Palo Alto Networks - Limited Time Discount Offer - Ends In 1d 00h 00m 00s Coupon code: Y2430OFF
  1. Home
  2. Palo Alto Networks
  3. PCDRA Dumps
  4. Free PCDRA Questions

Free Palo Alto Networks Certified Detection and Remediation Analyst Questions for Palo Alto Networks Certified Detection and Remediation Analyst Exam as PDF & Practice Test Software

Page:    1 / 14   
Total 91 questions

Question 1

Which Exploit Prevention Module (EPM) provides better entropy for randomization of memory locations?



Answer : B

UASLR stands for User Address Space Layout Randomization, which is a feature of Exploit Prevention Module (EPM) that provides better entropy for randomization of memory locations. UASLR adds entropy to the base address of the executable image and the heap, making it harder for attackers to predict the memory layout of a process. UASLR is enabled by default for all processes, but can be disabled or customized for specific applications using the EPM policy settings.Reference:

Exploit Prevention Module (EPM) entropy randomization memory locations

Exploit protection reference


Question 2

Which statement is correct based on the report output below?



Answer : C

The report output shows the number of endpoints that have forensic inventory data collection enabled, which is a feature of Cortex XDR that allows the collection of detailed information about the endpoint's hardware, software, and network configuration. This feature helps analysts to investigate and respond to incidents more effectively by providing a comprehensive view of the endpoint's state and activity. Forensic inventory data collection can be enabled or disabled per policy in Cortex XDR.Reference:

Forensic Inventory Data Collection

Cortex XDR 3: Getting Started with Endpoint Protection


Question 3

What contains a logical schema in an XQL query?



Answer : C

A logical schema in an XQL query is a field, which is a named attribute of a dataset. A field can have a data type, such as string, integer, boolean, or array. A field can also have a modifier, such as bin or expand, that transforms the field value in the query output. A field can be used in the select, where, group by, order by, or having clauses of an XQL query.Reference:

XQL Syntax

XQL Data Types

XQL Field Modifiers


Question 4

Under which conditions is Local Analysis evoked to evaluate a file before the file is allowed to run?



Answer : B

Local Analysis is a feature of Cortex XDR that allows the agent to evaluate files locally on the endpoint, without sending them to WildFire for analysis. Local Analysis is evoked when the following conditions are met:

The endpoint isdisconnectedfrom the internet or the Cortex XDR management console, and therefore cannot communicate with WildFire.

The verdict from WildFire is of a typeunknown, meaning that WildFire has not yet analyzed the file or has not reached a conclusive verdict.

Local Analysis uses machine learning models to assess the behavior and characteristics of the file and assign it a verdict of either benign, malware, or grayware. If the verdict is malware or grayware, the agent will block the file from running and report it to the Cortex XDR management console. If the verdict is benign, the agent will allow the file to run and report it to the Cortex XDR management console.Reference:

Local Analysis

WildFire File Verdicts


Question 5

How can you pivot within a row to Causality view and Timeline views for further investigate?



Answer : B

To pivot within a row to Causality view and Timeline views for further investigation, you can use the Open Card and Open Timeline actions respectively. The Open Card action will open a new tab with the Causality view of the selected row, showing the causal chain of events that led to the alert. The Open Timeline action will open a new tab with the Timeline view of the selected row, showing the chronological sequence of events that occurred on the affected endpoint. These actions allow you to drill down into the details of each alert and understand the root cause and impact of the incident.Reference:

Cortex XDR User Guide, Chapter 9: Investigate Alerts, Section: Pivot to Causality View and Timeline View

PCDRA Study Guide, Section 3: Investigate and Respond to Alerts, Objective 3.1: Investigate alerts using the Causality view and Timeline view


Page:    1 / 14   
Total 91 questions