Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Palo Alto Networks
  5. PCDRA

Palo Alto Networks PCDRA Exam
Palo Alto Networks Certified Detection and Remediation Analyst (Page 10 )

Updated On: 1-Feb-2026
Page 4 of 20
PDF with 96 Questions

A Linux endpoint with a Cortex XDR Pro per Endpoint license and Enhanced Endpoint Data enabled has reported malicious activity, resulting in the creation of a file that you wish to delete.
Which action could you take to delete the file?

  1. Manually remediate the problem on the endpoint in question.
  2. Open X2go from the Cortex XDR console and delete the file via X2go.
  3. Initiate Remediate Suggestions to automatically delete the file.
  4. Open an NFS connection from the Cortex XDR console and delete the file.

Answer(s): C

Explanation:

The best action to delete the file on the Linux endpoint is to initiate Remediation Suggestions from the Cortex XDR console. Remediation Suggestions are a feature of Cortex XDR that provide you with recommended actions to undo the effects of malicious activity on your endpoints. You can view the remediation suggestions for each alert or incident in the Cortex XDR console, and decide whether to apply them or not. Remediation Suggestions can help you restore the endpoint to its original state, remove malicious files or processes, or fix registry or system settings. Remediation Suggestions are based on the forensic data collected by the Cortex XDR agent and the analysis performed by Cortex XDR.
The other options are incorrect for the following reasons:
A is incorrect because manually remediating the problem on the endpoint is not a convenient or efficient way to delete the file. Manually remediating the problem would require you to access the endpoint directly, log in as root, locate the file, and delete it. This would also require you to have the necessary permissions and credentials to access the endpoint, and to know the exact path and name of the file. Manually remediating the problem would also not provide you with any audit trail or confirmation of the deletion.
B is incorrect because opening X2go from the Cortex XDR console is not a supported or secure way to delete the file. X2go is a third-party remote desktop software that allows you to access Linux endpoints from a graphical user interface. However, X2go is not integrated with Cortex XDR, and using it would require you to install and configure it on both the Cortex XDR console and the endpoint. Using X2go would also expose the endpoint to potential network attacks or unauthorized access, and would not provide you with any audit trail or confirmation of the deletion. D is incorrect because opening an NFS connection from the Cortex XDR console is not a feasible or reliable way to delete the file. NFS is a network file system protocol that allows you to access files on remote servers as if they were local. However, NFS is not integrated with Cortex XDR, and using it would require you to set up and maintain an NFS server and client on both the Cortex XDR console and the endpoint. Using NFS would also depend on the network availability and performance, and would not provide you with any audit trail or confirmation of the deletion.


Reference:

Remediation Suggestions
Apply Remediation Suggestions



What is the function of WildFire for Cortex XDR?

  1. WildFire runs in the cloud and analyses alert data from the XDR agent to check for behavioural threats.
  2. WildFire is the engine that runs on the local agent and determines whether behavioural threats are occurring on the endpoint.
  3. WildFire accepts and analyses a sample to provide a verdict.
  4. WildFire runs entirely on the agent to quickly analyse samples and provide a verdict.

Answer(s): C

Explanation:

WildFire is a cloud-based service that accepts and analyses samples from various sources, including Cortex XDR, to provide a verdict of malware, benign, or grayware. WildFire also generates detailed analysis reports that show the behaviour and characteristics of the samples. Cortex XDR uses WildFire verdicts and reports to enhance its detection and prevention capabilities, as well as to provide more visibility and context into the threats.


Reference:

WildFire Analysis Concepts
WildFire Overview



Which statement regarding scripts in Cortex XDR is true?

  1. Any version of Python script can be run.
  2. The level of risk is assigned to the script upon import.
  3. Any script can be imported including Visual Basic (VB) scripts.
  4. The script is run on the machine uploading the script to ensure that it is operational.

Answer(s): B

Explanation:

The correct answer is B, the level of risk is assigned to the script upon import.
When you import a script to the Agent Script Library in Cortex XDR, you need to specify the level of risk associated with the script. The level of risk determines the permissions and restrictions for running the script on endpoints. The levels of risk are:
Low: The script can be run on any endpoint without requiring approval from the Cortex XDR administrator. The script can also be used in remediation suggestions or automation actions. Medium: The script can be run on any endpoint, but requires approval from the Cortex XDR administrator. The script can also be used in remediation suggestions or automation actions. High: The script can only be run on isolated endpoints, and requires approval from the Cortex XDR administrator. The script cannot be used in remediation suggestions or automation actions. The other options are incorrect for the following reasons:
A is incorrect because not any version of Python script can be run in Cortex XDR. The scripts must be written in Python 2.7, and must follow the guidelines and limitations described in the Cortex XDR documentation. For example, the scripts must not exceed 64 KB in size, must not use external libraries or modules, and must not contain malicious or harmful code. C is incorrect because not any script can be imported to Cortex XDR, including Visual Basic (VB) scripts. The scripts must be written in Python 2.7, and must follow the guidelines and limitations described in the Cortex XDR documentation. VB scripts are not supported by Cortex XDR, and will not run on the endpoints.
D is incorrect because the script is not run on the machine uploading the script to ensure that it is operational. The script is only validated for syntax errors and size limitations when it is imported to the Agent Script Library. The script is not executed or tested on the machine uploading the script, and the script may still fail or cause errors when it is run on the endpoints.


Reference:

Agent Script Library
Import a Script
Run Scripts on an Endpoint



When creating a scheduled report which is not an option?

  1. Run weekly on a certain day and time.
  2. Run quarterly on a certain day and time.
  3. Run monthly on a certain day and time.
  4. Run daily at a certain time (selectable hours and minutes).

Answer(s): B

Explanation:

When creating a scheduled report in Cortex XDR, the option to run quarterly on a certain day and time is not available. You can only schedule reports to run daily, weekly, or monthly. You can also specify the start and end dates, the time zone, and the recipients of the report. Scheduled reports are useful for generating regular reports on the security events, incidents, alerts, or endpoints in your network. You can create scheduled reports from the Reports page in the Cortex XDR console, or from the Query Center by saving a query as a report.


Reference:

Run or Schedule Reports
Create a Scheduled Report



What is the purpose of the Cortex Data Lake?

  1. a local storage facility where your logs and alert data can be aggregated
  2. a cloud-based storage facility where your firewall logs are stored
  3. the interface between firewalls and the Cortex XDR agents
  4. the workspace for your Cortex XDR agents to detonate potential malware files

Answer(s): B

Explanation:

The purpose of the Cortex Data Lake is to provide a cloud-based storage facility where your firewall logs are stored. Cortex Data Lake is a service that collects, transforms, and integrates your enterprise's security data to enable Palo Alto Networks solutions. It powers AI and machine learning, detection accuracy, and app and service innovation. Cortex Data Lake automatically collects, integrates, and normalizes data across your security infrastructure, including your next-generation firewalls, Prisma Access, and Cortex XDR. With unified data, you can run advanced AI and machine learning to radically simplify security operations with apps built on Cortex. Cortex Data Lake is available in multiple regions and supports data residency and privacy requirements.


Reference:

Cortex Data Lake - Palo Alto Networks
Cortex Data Lake - Palo Alto Networks
Cortex Data Lake, the technology behind Cortex XDR - Palo Alto Networks CORTEX DATA LAKE - Palo Alto Networks
Sizing for Cortex Data Lake Storage - Palo Alto Networks



Viewing page 10 of 20
Viewing questions 46 - 50 out of 96 questions



Post your Comments and Discuss Palo Alto Networks PCDRA exam prep with other Community members:

Join the PCDRA Discussion