exam questions

Exam PCDRA All Questions

View all questions & answers for the PCDRA exam

Exam PCDRA topic 1 question 96 discussion

Actual exam question from Palo Alto Networks's PCDRA
Question #: 96
Topic #: 1
[All PCDRA Questions]

Which statement best describes how Behavioral Threat Protection (BTP) works?

  • A. BTP injects into known vulnerable processes to detect malicious activity.
  • B. BTP runs on the Cortex XDR and distributes behavioral signatures to all agents.
  • C. BTP matches EDR data with rules provided by Cortex XDR.
  • D. BTP matches the signature with the existing database of malicious files.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Lukinator
1 month, 3 weeks ago
Selected Answer: C
Like nuna957 said, the answer should be C. See the following documentation by Palo Alto: 1) "BTP prevents sophisticated attacks that leverage built-in OS executables and common administration utilities by continuously monitoring endpoint activity for malicious causality chains" 2) "Palo Alto Networks researchers define the causality chains that are malicious and distribute those chains as behavioral threat rules. When the Cortex XDR agent detects a match to a behavioral threat protection rule, the Cortex XDR agent carries out the configured action (default is Block)." 1) https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Endpoint-Protection-Capabilities 2) https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Prevent-Administrator-Guide/Add-a-New-Malware-Security-Profile
upvoted 2 times
...
nuna957
2 months, 2 weeks ago
Selected Answer: C
is the correct
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago