CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Palo Alto Networks
  5. PCDRA

Free PCDRA Exam Braindumps (page: 8)

Page 8 of 23
PDF with 96 Questions

When using the "File Search and Destroy" feature, which of the following search hash type is supported?

  1. SHA256 hash of the file
  2. AES256 hash of the file
  3. MD5 hash of the file
  4. SHA1 hash of the file

Answer(s): A

Explanation:

The File Search and Destroy feature is a capability of Cortex XDR that allows you to search for and delete malicious or unwanted files across your endpoints. You can use this feature to quickly respond to incidents, remediate threats, and enforce compliance policies. To use the File Search and Destroy feature, you need to specify the file name and the file hash of the file you want to search for and delete. The file hash is a unique identifier of the file that is generated by a cryptographic hash function. The file hash ensures that you are targeting the exact file you want, and not a file with a similar name or a different version. The File Search and Destroy feature supports the SHA256 hash type, which is a secure hash algorithm that produces a 256-bit (32-byte) hash value. The SHA256 hash type is widely used for file integrity verification and digital signatures. The File Search and Destroy feature does not support other hash types, such as AES256, MD5, or SHA1, which are either encryption algorithms or less secure hash algorithms. Therefore, the correct answer is A, SHA256 hash of the file1234


Reference:

File Search and Destroy
What is a File Hash?
SHA-2 - Wikipedia
When using the "File Search and Destroy" feature, which of the following search hash type is supported?



If you have an isolated network that is prevented from connecting to the Cortex Data Lake, which type of Broker VM setup can you use to facilitate the communication?

  1. Broker VM Pathfinder
  2. Local Agent Proxy
  3. Local Agent Installer and Content Caching
  4. Broker VM Syslog Collector

Answer(s): B

Explanation:

If you have an isolated network that is prevented from connecting to the Cortex Data Lake, you can use the Local Agent Proxy setup to facilitate the communication. The Local Agent Proxy is a type of Broker VM that acts as a proxy server for the Cortex XDR agents that are deployed on the isolated network. The Local Agent Proxy enables the Cortex XDR agents to communicate securely with the Cortex Data Lake and the Cortex XDR management console over the internet, without requiring direct access to the internet from the isolated network. The Local Agent Proxy also allows the Cortex XDR agents to download installation packages and content updates from the Cortex XDR management console. To use the Local Agent Proxy setup, you need to deploy a Broker VM on the isolated network and configure it as a Local Agent Proxy. You also need to deploy another Broker VM on a network that has internet access and configure it as a Remote Agent Proxy. The Remote Agent Proxy acts as a relay between the Local Agent Proxy and the Cortex Data Lake. You also need to install a strong cipher SHA256-based SSL certificate on both the Local Agent Proxy and the Remote Agent Proxy to ensure secure communication. You can read more about the Local Agent Proxy setup and how to configure it here1 and here2.


Reference:

Local Agent Proxy
Configure the Local Agent Proxy Setup



What is by far the most common tactic used by ransomware to shut down a victim's operation?

  1. preventing the victim from being able to access APIs to cripple infrastructure
  2. denying traffic out of the victims network until payment is received
  3. restricting access to administrative accounts to the victim
  4. encrypting certain files to prevent access by the victim

Answer(s): D

Explanation:

Ransomware is a type of malicious software, or malware, that encrypts certain files or data on the victim's system or network and prevents them from accessing their data until they pay a ransom. This is by far the most common tactic used by ransomware to shut down a victim's operation, as it can cause costly disruptions, data loss, and reputational damage. Ransomware can affect individual users, businesses, and organizations of all kinds. Ransomware can spread through various methods,

such as phishing emails, malicious attachments, compromised websites, or network vulnerabilities. Some ransomware variants can also self-propagate and infect other devices or networks. Ransomware authors typically demand payment in cryptocurrency or other untraceable methods, and may threaten to delete or expose the encrypted data if the ransom is not paid within a certain time frame. However, paying the ransom does not guarantee that the files will be decrypted or that the attackers will not target the victim again. Therefore, the best way to protect against ransomware is to prevent infection in the first place, and to have a backup of the data in case of an attack1234


Reference:

What is Ransomware? | How to Protect Against Ransomware in 2023 Ransomware - Wikipedia
What is ransomware? | Ransomware meaning | Cloudflare
[What Is Ransomware? | Ransomware.org]

[Ransomware -- FBI]



Cortex XDR Analytics can alert when detecting activity matching the following MITRE ATT&CKTM techniques.

  1. Exfiltration, Command and Control, Collection
  2. Exfiltration, Command and Control, Privilege Escalation
  3. Exfiltration, Command and Control, Impact
  4. Exfiltration, Command and Control, Lateral Movement

Answer(s): D

Explanation:

Cortex XDR Analytics is a feature of Cortex XDR that leverages machine learning and behavioral analytics to detect and alert on malicious activity across the network and endpoint layers. Cortex XDR Analytics can alert when detecting activity matching the following MITRE ATT&CKTM techniques:
Exfiltration, Command and Control, Lateral Movement, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, and Collection. However, among the options given in the question, the correct answer is D, Exfiltration, Command and Control, Lateral Movement. These are three of the most critical techniques that indicate an advanced and persistent threat (APT) in the environment. Exfiltration refers to the technique of transferring data or information from the compromised system or network to an external location controlled by the adversary. Command and Control refers to the technique of communicating with the compromised system or network to provide instructions, receive data, or update malware. Lateral Movement refers to the technique of moving from one system or network to another within the same environment, usually to gain access to more resources or data. Cortex XDR Analytics can alert on these techniques by analyzing various data sources, such as network traffic, firewall logs, endpoint events, and threat intelligence, and applying behavioral models, anomaly detection, and correlation rules. Cortex XDR Analytics can also map the alerts to the corresponding MITRE ATT&CKTM techniques and provide additional context and visibility into the attack chain1234


Reference:

Cortex XDR Analytics
MITRE ATT&CKTM
Cortex XDR Analytics MITRE ATT&CKTM Techniques

Cortex XDR Analytics Alert Categories



Page 8 of 23



Post your Comments and Discuss Palo Alto Networks PCDRA exam with other Community members:

Mohammed commented on September 24, 2024
Thank you for providing this exam dumps. The site is amazing and very clean. Please keep it this way and don't add any annoying ads or recaptcha validation like other sites.
GERMANY
upvote

cert commented on September 24, 2023
admin guide (windows) respond to malicious causality chains. when the cortex xdr agent identifies a remote network connection that attempts to perform malicious activity—such as encrypting endpoint files—the agent can automatically block the ip address to close all existing communication and block new connections from this ip address to the endpoint. when cortex xdrblocks an ip address per endpoint, that address remains blocked throughout all agent profiles and policies, including any host-firewall policy rules. you can view the list of all blocked ip addresses per endpoint from the action center, as well as unblock them to re-enable communication as appropriate. this module is supported with cortex xdr agent 7.3.0 and later. select the action mode to take when the cortex xdr agent detects remote malicious causality chains: enabled (default)—terminate connection and block ip address of the remote connection. disabled—do not block remote ip addresses. to allow specific and known s
Anonymous
upvote

cert commented on September 24, 2023
admin guide (Windows) Respond to Malicious Causality Chains. When the Cortex XDR agent identifies a remote network connection that attempts to perform malicious activity—such as encrypting endpoint files—the agent can automatically block the IP address to close all existing communication and block new connections from this IP address to the endpoint. When Cortex XDRblocks an IP address per endpoint, that address remains blocked throughout all agent profiles and policies, including any host-firewall policy rules. You can view the list of all blocked IP addresses per endpoint from the Action Center, as well as unblock them to re-enable communication as appropriate. This module is supported with Cortex XDR agent 7.3.0 and later. Select the Action Mode to take when the Cortex XDR agent detects remote malicious causality chains: Enabled (default)—Terminate connection and block IP address of the remote connection. Disabled—Do not block remote IP addresses. To allow specific and known s
Anonymous
upvote