CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Palo Alto Networks
  5. PCDRA

Free PCDRA Exam Braindumps (page: 2)

Page 2 of 23
PDF with 96 Questions

When creating a custom XQL query in a dashboard, how would a user save that XQL query to the Widget Library?

  1. Click the three dots on the widget and then choose "Save" and this will link the query to the Widget Library.
  2. This isn't supported, you have to exit the dashboard and go into the Widget Library first to create it.
  3. Click on "Save to Action Center" in the dashboard and you will be prompted to give the query a name and description.
  4. Click on "Save to Widget Library" in the dashboard and you will be prompted to give the query a name and description.

Answer(s): D

Explanation:

To save a custom XQL query to the Widget Library, you need to click on "Save to Widget Library" in the dashboard and you will be prompted to give the query a name and description. This will allow you to reuse the query in other dashboards or reports. You cannot save a query to the Widget Library by clicking the three dots on the widget, as this will only give you options to edit, delete, or clone the widget. You also cannot save a query to the Action Center, as this is a different feature that allows you to create alerts or remediation actions based on the query results. You do not have to exit the dashboard and go into the Widget Library first to create a query, as you can do it directly from the dashboard.


Reference:

Cortex XDR Pro Admin Guide: Save a Custom Query to the Widget Library Cortex XDR Pro Admin Guide: Create a Dashboard



What license would be required for ingesting external logs from various vendors?

  1. Cortex XDR Pro per Endpoint
  2. Cortex XDR Vendor Agnostic Pro
  3. Cortex XDR Pro per TB
  4. Cortex XDR Cloud per Host

Answer(s): C

Explanation:

To ingest external logs from various vendors, you need a Cortex XDR Pro per TB license. This license allows you to collect and analyze logs from Palo Alto Networks and third-party sources, such as firewalls, proxies, endpoints, cloud services, and more. You can use the Log Forwarding app to forward logs from the Logging Service to an external syslog receiver. The Cortex XDR Pro per Endpoint license only supports logs from Cortex XDR agents installed on endpoints. The Cortex XDR Vendor Agnostic Pro and Cortex XDR Cloud per Host licenses do not exist.


Reference:

Features by Cortex XDR License Type
Log Forwarding App for Cortex XDR Analytics
SaaS Log Collection



An attacker tries to load dynamic libraries on macOS from an unsecure location.
Which Cortex XDR module can prevent this attack?

  1. DDL Security
  2. Hot Patch Protection
  3. Kernel Integrity Monitor (KIM)
  4. Dylib Hijacking

Answer(s): D

Explanation:

The correct answer is D. Dylib Hijacking. Dylib Hijacking, also known as Dynamic Library Hijacking, is a technique used by attackers to load malicious dynamic libraries on macOS from an unsecure location. This technique takes advantage of the way macOS searches for dynamic libraries to load when an application is executed. To prevent such attacks, Palo Alto Networks offers the Dylib Hijacking prevention capability as part of their Cortex XDR platform. This capability is designed to detect and block attempts to load dynamic libraries from unauthorized or unsecure locations1. Let's briefly discuss the other options to provide a comprehensive explanation:
A) DDL Security: This is not the correct answer. DDL Security is not specifically designed to prevent dynamic library loading attacks on macOS. DDL Security is focused on protecting against DLL (Dynamic Link Library) hijacking on Windows systems2.
B) Hot Patch Protection: Hot Patch Protection is not directly related to preventing dynamic library loading attacks. It is a security feature that protects against runtime patching or modification of code in memory, often used by advanced attackers to bypass security measures3.
While Hot Patch Protection is a valuable security feature, it is not directly relevant to the scenario described. C) Kernel Integrity Monitor (KIM): Kernel Integrity Monitor is also not the correct answer. KIM is a module in Cortex XDR that focuses on monitoring and protecting the integrity of the macOS kernel. It detects and prevents unauthorized modifications to critical kernel components4.
While KIM plays an essential role in overall macOS security, it does not specifically address the prevention of dynamic library loading attacks.
In conclusion, Dylib Hijacking is the Cortex XDR module that specifically addresses the prevention of attackers loading dynamic libraries from unsecure locations on macOS. By leveraging this module, organizations can enhance their security posture and protect against this specific attack vector.


Reference:

Endpoint Protection Modules

DDL Security
Hot Patch Protection
Kernel Integrity Monitor



What is the purpose of the Unit 42 team?

  1. Unit 42 is responsible for automation and orchestration of products
  2. Unit 42 is responsible for the configuration optimization of the Cortex XDR server
  3. Unit 42 is responsible for threat research, malware analysis and threat hunting
  4. Unit 42 is responsible for the rapid deployment of Cortex XDR agents

Answer(s): C

Explanation:

Unit 42 is the threat intelligence and response team of Palo Alto Networks. The purpose of Unit 42 is to collect and analyze the most up-to-date threat intelligence and apply it to respond to cyberattacks. Unit 42 is composed of world-renowned threat researchers, incident responders and security consultants who help organizations proactively manage cyber risk. Unit 42 is responsible for threat research, malware analysis and threat hunting, among other activities12. Let's briefly discuss the other options to provide a comprehensive explanation:
A) Unit 42 is not responsible for automation and orchestration of products. Automation and orchestration are capabilities that are provided by Palo Alto Networks products such as Cortex XSOAR, which is a security orchestration, automation and response platform that helps security teams automate tasks, coordinate actions and manage incidents3. B) Unit 42 is not responsible for the configuration optimization of the Cortex XDR server. The Cortex XDR server is the cloud-based platform that provides detection and response capabilities across network, endpoint and cloud data sources. The configuration optimization of the Cortex XDR server is the responsibility of the Cortex XDR administrators, who can use the Cortex XDR app to manage the settings and policies of the Cortex XDR server4.
C) Unit 42 is not responsible for the rapid deployment of Cortex XDR agents. The Cortex XDR agents are the software components that are installed on endpoints to provide protection and visibility. The rapid deployment of Cortex XDR agents is the responsibility of the Cortex XDR administrators, who can use various methods such as group policy objects, scripts, or third-party tools to deploy the Cortex XDR agents to multiple endpoints5.
In conclusion, Unit 42 is the threat intelligence and response team of Palo Alto Networks that is responsible for threat research, malware analysis and threat hunting. By leveraging the expertise and insights of Unit 42, organizations can enhance their security posture and protect against the latest cyberthreats.


Reference:

About Unit 42: Our Mission and Team
Unit 42: Threat Intelligence & Response
Cortex XSOAR
Cortex XDR Pro Admin Guide: Manage Cortex XDR Settings and Policies Cortex XDR Pro Admin Guide: Deploy Cortex XDR Agents



Page 2 of 23



Post your Comments and Discuss Palo Alto Networks PCDRA exam with other Community members:

Mohammed commented on September 24, 2024
Thank you for providing this exam dumps. The site is amazing and very clean. Please keep it this way and don't add any annoying ads or recaptcha validation like other sites.
GERMANY
upvote

cert commented on September 24, 2023
admin guide (windows) respond to malicious causality chains. when the cortex xdr agent identifies a remote network connection that attempts to perform malicious activity—such as encrypting endpoint files—the agent can automatically block the ip address to close all existing communication and block new connections from this ip address to the endpoint. when cortex xdrblocks an ip address per endpoint, that address remains blocked throughout all agent profiles and policies, including any host-firewall policy rules. you can view the list of all blocked ip addresses per endpoint from the action center, as well as unblock them to re-enable communication as appropriate. this module is supported with cortex xdr agent 7.3.0 and later. select the action mode to take when the cortex xdr agent detects remote malicious causality chains: enabled (default)—terminate connection and block ip address of the remote connection. disabled—do not block remote ip addresses. to allow specific and known s
Anonymous
upvote

cert commented on September 24, 2023
admin guide (Windows) Respond to Malicious Causality Chains. When the Cortex XDR agent identifies a remote network connection that attempts to perform malicious activity—such as encrypting endpoint files—the agent can automatically block the IP address to close all existing communication and block new connections from this IP address to the endpoint. When Cortex XDRblocks an IP address per endpoint, that address remains blocked throughout all agent profiles and policies, including any host-firewall policy rules. You can view the list of all blocked IP addresses per endpoint from the Action Center, as well as unblock them to re-enable communication as appropriate. This module is supported with Cortex XDR agent 7.3.0 and later. Select the Action Mode to take when the Cortex XDR agent detects remote malicious causality chains: Enabled (default)—Terminate connection and block IP address of the remote connection. Disabled—Do not block remote IP addresses. To allow specific and known s
Anonymous
upvote