Is the PCDRA practice exam free?

Yes. ExamCademy offers all 90 PCDRA practice questions for free with a registered account. No payment needed. Optional supporter features add AI explanations and spaced repetition study tools.

How accurate are the PCDRA practice questions?

All PCDRA questions are community-created and reviewed by moderators to align with Palo Alto Networks's published exam objectives. The community continuously reports and fixes issues to keep content accurate and up to date.

How should I study for the PCDRA exam?

Start by browsing practice questions to identify weak areas. Use spaced repetition (Learn Mode) to focus study time on topics you struggle with. Combine practice questions with official Palo Alto Networks documentation and hands-on experience for best results.

PCDRA Practice Exam — Free 90+ Questions

90Practice Questions

3Study Modes

FreeTo Get Started

Sort:

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

Question 14

Question 15

Question 16

Question 17

Question 18

Question 19

Question 20

Question 21

Question 22

Question 23

Question 24

Question 25

Page 1 of 4 • Questions 1-25 of 90

1 2 3 4

→

Know a question that should be here? Contribute to this exam

When using the “File Search and Destroy” feature, which of the following search hash type is supported?

A SHA256 hash of the file
B AES256 hash of the file
C MD5 hash of the file
D SHA1 hash of the file

Where would you go to add an exception to exclude a specific file hash from examination by the Malware profile for a Windows endpoint?

A Find the Malware profile attached to the endpoint, Under Portable Executable and DLL Examination add the hash to the allow list.
B From the rules menu select new exception, fill out the criteria, choose the scope to apply it to, hit save.
C Find the exceptions profile attached to the endpoint, under process exceptions select local analysis, paste the hash and save.
D In the Action Center, choose Allow list, select new action, select add to allow list, add your hash to the list, and apply it.

Cortex XDR Analytics can alert when detecting activity matching the following MITRE ATT&CKTM techniques.

A Exfiltration, Command and Control, Collection
B Exfiltration, Command and Control, Privilege Escalation
C Exfiltration, Command and Control, Impact
D Exfiltration, Command and Control, Lateral Movement

What is the outcome of creating and implementing an alert exclusion?

A The Cortex XDR agent will allow the process that was blocked to run on the endpoint.
B The Cortex XDR console will hide those alerts.
C The Cortex XDR agent will not create an alert for this event in the future.
D The Cortex XDR console will delete those alerts and block ingestion of them in the future.

What is by far the most common tactic used by ransomware to shut down a victim’s operation?

A preventing the victim from being able to access APIs to cripple infrastructure
B denying traffic out of the victims network until payment is received
C restricting access to administrative accounts to the victim
D encrypting certain files to prevent access by the victim

When selecting multiple Incidents at a time, what options are available from the menu when a user right-clicks the incidents? (Choose two.)

A Assign incidents to an analyst in bulk.
B Change the status of multiple incidents.
C Investigate several Incidents at once.
D Delete the selected Incidents.

A file is identified as malware by the Local Analysis module whereas WildFire verdict is Benign, Assuming WildFire is accurate. Which statement is correct for the incident?

A It is true positive.
B It is false positive.
C It is a false negative.
D It is true negative.

While working the alerts involved in a Cortex XDR incident, an analyst has found that every alert in this incident requires an exclusion. What will the Cortex XDR console automatically do to this incident if all alerts contained have exclusions?

A mark the incident as Unresolved
B create a BIOC rule excluding this behavior
C create an exception to prevent future false positives
D mark the incident as Resolved – False Positive

A Linux endpoint with a Cortex XDR Pro per Endpoint license and Enhanced Endpoint Data enabled has reported malicious activity, resulting in the creation of a file that you wish to delete. Which action could you take to delete the file?

A Manually remediate the problem on the endpoint in question.
B Open X2go from the Cortex XDR console and delete the file via X2go.
C Initiate Remediate Suggestions to automatically delete the file.
D Open an NFS connection from the Cortex XDR console and delete the file.

Which of the following paths will successfully activate Remediation Suggestions?

A Alerts Table > Right-click on a process node > Remediation Suggestions
B Incident View > Actions > Remediation Suggestions
C Causality View > Actions > Remediation Suggestions
D Alerts Table > Right-click on an alert > Remediation Suggestions

What should you do to automatically convert leads into alerts after investigating a lead?

A Lead threats can't be prevented in the future because they already exist in the environment.
B Build a search query using Query Builder or XQL using a list of IOCs.
C Create IOC rules based on the set of the collected attribute-value pairs over the affected entities concluded during the lead hunting.
D Create BIOC rules based on the set of the collected attribute-value pairs over the affected entities concluded during the lead hunting.

Which version of python is used in live terminal?

A Python 3 with specific XDR Python libraries developed by Palo Alto Networks
B Python 3 with standard Python libraries
C Python 2 and 3 with standard Python libraries
D Python 2 and 3 with specific XDR Python libraries developed by Palo Alto Networks

When reaching out to TAC for additional technical support related to a Security Event; what are two critical pieces of information you need to collect from the Agent? (Choose two.)

A The prevention archive from the alert.
B The unique agent id.
C The distribution id of the agent.
D The agent technical support file.
E A list of all the current exceptions applied to the agent.

What is the maximum number of agents one Broker VM local agent applet can support?

A 10,000
B 15,000
C 5,000
D 20,000

Which type of IOC can you define in Cortex XDR?

A Source port
B Destination IP Address
C Destination IP Address:Destination
D Source IP Address

Which minimum Cortex XDR agent version is required for Kubernetes Cluster?

A Cortex XDR 7.4
B Cortex XDR 5.0
C Cortex XDR 7.5
D Cortex XDR 6.1

What is the difference between presets and datasets in XQL?

A A dataset is a Cortex data lake data source only; presets are built-in data source.
B A dataset is a database; presets is a field.
C A dataset is a built-in or third party source; presets group XDR data fields.
D A dataset is a third-party data source; presets are built-in data source.

When investigating security events, which feature in Cortex XDR is useful for reverting the changes on the endpoint?

A Remediation Automation
B Machine Remediation
C Automatic Remediation
D Remediation Suggestions

Which Exploit Protection Module (EPM) can be used to prevent attacks based on OS function?

A Memory Limit Heap Spray Check
B DLL Security
C UASLR
D JIT Mitigation

What contains a logical schema in an XQL query?

A Field
B Bin
C Dataset
D Arrayexpand

Which of the following represents a common sequence of cyber attack tactics?

A Actions on the objective >> Reconnaissance >> Weaponisation & Delivery >> Exploitation >> Installation >> Command & Control
B Installation >> Reconnaissance >> Weaponisation & Delivery >> Exploitation >> Command & Control >> Actions on the objective
C Reconnaissance >> Installation >> Weaponisation & Delivery >> Exploitation >> Command & Control >> Actions on the objective
D Reconnaissance >> Weaponisation & Delivery >> Exploitation >> Installation >> Command & Control >> Actions on the objective

Which function describes the removal of a specific file from its location on a local or removable drive to a protected folder to prevent the file from being executed?

A Search & destroy
B Quarantine
C Isolation
D Flag for removal

Which statement is correct based on the report output below?

Question Image

A Forensic inventory data collection is enabled.
B 133 agents have full disk encryption.
C 3,297 total incidents have been detected.
D Host Inventory Data Collection is enabled.

Which profiles can the user use to configure malware protection in the Cortex XDR console?

A Malware Protection profile
B Malware profile
C Malware Detection profile
D Anti-Malware profile

Which of the following Live Terminal options are available for Android systems?

A Run Android commands.
B Live Terminal is not supported.
C Run APK scripts.
D Stop an app.

PCDRAPreview

About the PCDRA Exam

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

Question 14

Question 15

Question 16

Question 17

Question 18

Question 19

Question 20

Question 21

Question 22

Question 23

Question 24

Question 25

PCDRAPreview

About the PCDRA Exam

Mode Selection

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

Question 14

Question 15

Question 16

Question 17

Question 18

Question 19

Question 20

Question 21

Question 22

Question 23

Question 24

Question 25