ExamTopics Logo
Mail Us[email protected]
Menu
Palo-Alto-Networks Discussions
exam questions

Exam PCDRA All Questions

View all questions & answers for the PCDRA exam
Go to Exam

Exam PCDRA topic 1 question 59 discussion

Actual exam question from Palo Alto Networks's PCDRA
Question #: 59
Topic #: 1
[All PCDRA Questions]

Which statement best describes how Behavioral Threat Protection (BTP) works?

  • A. BTP injects into known vulnerable processes to detect malicious activity.
  • B. BTP runs on the Cortex XDR and distributes behavioral signatures to all agents.
  • C. BTP matches EDR data with rules provided by Cortex XDR.
  • D. BTP uses machine Learning to recognize malicious activity even if it is not known.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by Lukinator at May 22, 2024, 2:46 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Lukinator
1 month, 3 weeks ago
Selected Answer: C
The answer should be C. See the following documention by Palo Alto: 1) "BTP prevents sophisticated attacks that leverage built-in OS executables and common administration utilities by continuously monitoring endpoint activity for malicious causality chains" 2) "Palo Alto Networks researchers define the causality chains that are malicious and distribute those chains as behavioral threat rules. When the Cortex XDR agent detects a match to a behavioral threat protection rule, the Cortex XDR agent carries out the configured action (default is Block)." 1) https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Endpoint-Protection-Capabilities 2) https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Prevent-Administrator-Guide/Add-a-New-Malware-Security-Profile
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago