Is this exam completely free?

ExamCademy offers a free preview for every exam, covering around 20% of the total questions. Full access to all questions is available for free by signing up for an account. Optional supporters unlock AstroTutor (AI tutor) and advanced study modes.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! ExamCademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our practice questions are community-created and moderator-reviewed to align with realistic exam objectives, style, and difficulty.

PCDRA by Palo Alto Networks - Page 1 | ExamCademy

Mode Selection

Question 1

Question 2

Question 3

In incident-related widgets, how would you filter the display to only show incidents that were “starred”?

A Create a custom XQL widget
B This is not currently supported
C Create a custom report and filter on starred incidents
D Click the star in the widget

Question 4

Where would you view the WildFire report in an incident?

A next to relevant Key Artifacts in the incidents details page
B under Response --> Action Center
C under the gear icon --> Agent Audit Logs
D on the HUB page at apps.paloaltonetworks.com

Question 5

What does the following output tell us?

Question 6

Which engine, of the following, in Cortex XDR determines the most relevant artifacts in each alert and aggregates all alerts related to an event into an incident?

A Sensor Engine
B Causality Analysis Engine
C Log Stitching Engine
D Causality Chain Engine

Question 7

Which type of BIOC rule is currently available in Cortex XDR?

A Threat Actor
B Discovery
C Network
D Dropper

Question 8

In Windows and macOS you need to prevent the Cortex XDR Agent from blocking execution of a file based on the digital signer. What is one way to add an exception for the singer?

A In the Restrictions Profile, add the file name and path to the Executable Files allow list.
B Create a new rule exception and use the singer as the characteristic.
C Add the signer to the allow list in the malware profile.
D Add the signer to the allow list under the action center page.

Question 9

As a Malware Analyst working with Cortex XDR you notice an alert suggesting that there was a prevented attempt to download Cobalt Strike on one of your servers. Days later, you learn about a massive ongoing supply chain attack. Using Cortex XDR you recognize that your server was compromised by the attack and that Cortex XDR prevented it. What steps can you take to ensure that the same protection is extended to all your servers?

A Create Behavioral Threat Protection (BTP) rules to recognize and prevent the activity.
B Enable DLL Protection on all servers but there might be some false positives.
C Create IOCs of the malicious files you have found to prevent their execution.
D Enable Behavioral Threat Protection (BTP) with cytool to prevent the attack from spreading.

Question 10

Which statement is true based on the following Agent Auto Upgrade widget?

Question 11

What is the purpose of targeting software vendors in a supply-chain attack?

A to take advantage of a trusted software delivery method.
B to steal users’ login credentials.
C to access source code.
D to report Zero-day vulnerabilities.

Question 12

When creating a BIOC rule, which XQL query can be used?

A dataset = xdr_data | filter event_sub_type = PROCESS_START and action_process_image_name ~= ".*?.(?:pdf|docx).exe"
B dataset = xdr_data | filter event_type = PROCESS and event_sub_type = PROCESS_START and action_process_image_name ~= ".*?.(?:pdf|docx).exe"
C dataset = xdr_data | filter action_process_image_name ~= ".*?.(?:pdf|docx).exe" | fields action_process_image
D dataset = xdr_data | filter event_behavior = true event_sub_type = PROCESS_START and action_process_image_name ~= ".*?.(?:pdf|docx).exe"

Question 13

What is the standard installation disk space recommended to install a Broker VM?

A 1GB disk space
B 2GB disk space
C 512GB disk space
D 256GB disk space

Question 14

Where can SHA256 hash values be used in Cortex XDR Malware Protection Profiles?

A in the macOS Malware Protection Profile to indicate allowed signers
B in the Linux Malware Protection Profile to indicate allowed Java libraries
C SHA256 hashes cannot be used in Cortex XDR Malware Protection Profiles
D in the Windows Malware Protection Profile to indicate allowed executables

Question 15

How does Cortex XDR agent for Windows prevent ransomware attacks from compromising the file system?

A by encrypting the disk first.
B by utilizing decoy Files.
C by retrieving the encryption key.
D by patching vulnerable applications.

Question 16

What functionality of the Broker VM would you use to ingest third-party firewall logs to the Cortex Data Lake?

A Netflow Collector
B Syslog Collector
C DB Collector
D Pathfinder

Question 17

In the deployment of which Broker VM applet are you required to install a strong cipher SHA256-based SSL certificate?

A Agent Proxy
B Agent Installer and Content Caching
C Syslog Collector
D CSV Collector

Question 18

When is the wss (WebSocket Secure) protocol used?

A when the Cortex XDR agent downloads new security content
B when the Cortex XDR agent uploads alert data
C when the Cortex XDR agent connects to WildFire to upload files for analysis
D when the Cortex XDR agent establishes a bidirectional communication channel

Question 19

With a Cortex XDR Prevent license, which objects are considered to be sensors?

A Syslog servers
B Third-Party security devices
C Cortex XDR agents
D Palo Alto Networks Next-Generation Firewalls

That's the end of the Preview

Create a free account to unlock all questions for this exam.

Log In / Sign Up

Page 1 of 4 • Questions 1-25 of 94

1 2 3 4

→

Know a question that should be here? Contribute to this exam

Phishing belongs which of the following MITRE ATT&CK tactics?

A Initial Access, Persistence
B Persistence, Command and Control
C Reconnaissance, Persistence
D Reconnaissance, Initial Access

When viewing the incident directly, what is the “assigned to” field value of a new Incident that was just reported to Cortex?

A Pending
B It is blank
C Unassigned
D New

A There is one low severity incident.
B Host shpapy_win10 had the most vulnerabilities.
C There is one informational severity alert.
D This is an actual output of the Top 10 hosts with the most malware.

A There are a total of 689 Up To Date agents.
B Agent Auto Upgrade was enabled but not on all endpoints.
C Agent Auto Upgrade has not been enabled.
D There are more agents in Pending status than In Progress status.