PCDRA試験無料問題集（93題）「Palo Alto Networks Certified Detection and Remediation Analyst 認定」

出題：1

Which engine, of the following, in Cortex XDR determines the most relevant artifacts in each alert and aggregates all alerts related to an event into an incident?

A. Sensor Engine

B. Log Stitching Engine

C. Causality Chain Engine

D. Causality Analysis Engine

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：2

How does Cortex XDR agent for Windows prevent ransomware attacks from compromising the file system?

A. by retrieving the encryption key.

B. by encrypting the disk first.

C. by utilizing decoy Files.

D. by patching vulnerable applications.

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：3

Which Exploit ProtectionModule (EPM) can be used to prevent attacks based on OS function?

A. JIT Mitigation

B. DLL Security

C. Memory Limit Heap Spray Check

D. UASLR

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：4

What is the standard installation disk space recommended to install a Broker VM?

A. 512GB disk space

B. 2GB disk space

C. 256GB disk space

D. 1GB disk space

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：5

When reaching out to TAC for additional technical support related to a Security Event; what are two critical pieces of information you need to collect from the Agent? (Choose Two)

A. The unique agent id.

B. The agent technical support file.

C. The distribution id of the agent.

D. The prevention archive from the alert.

E. A list of all the current exceptions applied to the agent.

正解：B,D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：6

Which Type of IOC can you define in Cortex XDR?

A. destination port

B. full path

C. App-ID

D. e-mail address

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：7

What kind of the threat typically encrypts user files?

A. supply-chain attacks

B. SQL injection attacks

C. ransomware

D. Zero-day exploits

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：8

To create a BIOC rule with XQL query you must at a minimum filter on which field in order for it to be a valid BIOC rule?

A. threat_event

B. event_type

C. causality_chain

D. endpoint_name

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：9

Which of the following represents the correct relation of alerts to incidents?

A. Alerts that occur within athree-hourtime frame are grouped together into one Incident.

B. Every alert creates a new Incident.

C. Only alerts with the same host are grouped together into one Incident in a given time frame.

D. Alerts with same causality chains that occur within a given time frame are grouped together into an Incident.

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

PCDRA試験無料問題集「Palo Alto Networks Certified Detection and Remediation Analyst 認定」