Curious about Actual Palo Alto Networks Certified Detection and Remediation Analyst (PCDRA) Exam Questions?

Correct : A

The Managed Threat Hunting (MTH) team is a group of security experts who proactively hunt for threats in the Cortex XDR tenant and generate a report with the findings. The MTH team uses advanced queries and investigative actions to identify and analyze potential threats, such as zero-day exploits, that may have bypassed the prevention and detection capabilities of Cortex XDR. The MTH team also provides recommendations and best practices to help customers remediate the threats and improve their security posture.Reference:

Managed Threat Hunting Service

Managed Threat Hunting Report

Correct : B

UASLR stands for User Address Space Layout Randomization, which is a feature of Exploit Prevention Module (EPM) that provides better entropy for randomization of memory locations. UASLR adds entropy to the base address of the executable image and the heap, making it harder for attackers to predict the memory layout of a process. UASLR is enabled by default for all processes, but can be disabled or customized for specific applications using the EPM policy settings.Reference:

Exploit Prevention Module (EPM) entropy randomization memory locations

Exploit protection reference

Correct : C

The report output shows the number of endpoints that have forensic inventory data collection enabled, which is a feature of Cortex XDR that allows the collection of detailed information about the endpoint's hardware, software, and network configuration. This feature helps analysts to investigate and respond to incidents more effectively by providing a comprehensive view of the endpoint's state and activity. Forensic inventory data collection can be enabled or disabled per policy in Cortex XDR.Reference:

Forensic Inventory Data Collection

Cortex XDR 3: Getting Started with Endpoint Protection

Correct : C

A logical schema in an XQL query is a field, which is a named attribute of a dataset. A field can have a data type, such as string, integer, boolean, or array. A field can also have a modifier, such as bin or expand, that transforms the field value in the query output. A field can be used in the select, where, group by, order by, or having clauses of an XQL query.Reference:

XQL Syntax

XQL Data Types

XQL Field Modifiers

Correct : B

Remediation Suggestions is a feature of Cortex XDR that provides you with recommended actions to remediate the root cause and impact of an incident. Remediation Suggestions are based on the analysis of the causality chain, the behavior of the malicious files or processes, and the best practices for incident response. Remediation Suggestions can help you to quickly and effectively contain and resolve an incident, as well as prevent future recurrence.

To activate Remediation Suggestions, you need to follow these steps:

In the Cortex XDR management console, go toIncidentsand select an incident that you want to remediate.

ClickCausality Viewto see the graphical representation of the causality chain of the incident.

ClickActionsand selectRemediation Suggestions. This will open a new window that shows the suggested actions for each node in the causality chain.

Review the suggested actions and select the ones that you want to apply. You can also edit or delete the suggested actions, or add your own custom actions.

ClickApplyto execute the selected actions on the affected endpoints. You can also schedule the actions to run at a later time or date.

Remediate Changes from Malicious Activity: This document explains how to use Remediation Suggestions to remediate the root cause and impact of an incident.

Causality View: This document describes how to use Causality View to investigate the causality chain of an incident.