ExamTopics Logo
Mail Us[email protected]
Menu
Palo-Alto-Networks Discussions
exam questions

Exam PCDRA All Questions

View all questions & answers for the PCDRA exam
Go to Exam

Exam PCDRA topic 1 question 51 discussion

Actual exam question from Palo Alto Networks's PCDRA
Question #: 51
Topic #: 1
[All PCDRA Questions]

As a Malware Analyst working with Cortex XDR you notice an alert suggesting that there was a prevented attempt to open a malicious Word document. You learn from the WildFire report and AutoFocus that this document is known to have been used in Phishing campaigns since 2018. What steps can you take to ensure that the same document is not opened by other users in your organization protected by the Cortex XDR agent?

  • A. Enable DLL Protection on all endpoints but there might be some false positives.
  • B. Create Behavioral Threat Protection (BTP) rules to recognize and prevent the activity.
  • C. No step is required because Cortex shares IOCs with our fellow Cyber Threat Alliance members.
  • D. No step is required because the malicious document is already stopped.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by flummoxed_individual at July 29, 2024, 2:37 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
danups
4 months, 2 weeks ago
Selected Answer: D
I would go for "D" since the threat is already being prevented/stopped by the Cortex XDR Agent
upvoted 1 times
danups
4 months, 2 weeks ago
Nvm, I will go for "B" as a precaution measure and build additional BTP rules to detect similar behaviors in the future
upvoted 1 times
...
...
flummoxed_individual
5 months, 4 weeks ago
Another odd question because BTP rules are created and managed by Palo Alto Networks, not by admins... so maybe C?
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago