PCDRA
PCDRA
While working the alerts involved in a Cortex XDR incident, an analyst has found that
every alert in this incident requires an exclusion .
What will the Cortex XDR console automatically do to this incident if all alerts contained
have exclusions?
causality_chain
endpoint_name
threat_event
event_type
3. After scan, how does file quarantine function work on an endpoint?
Quarantine takes ownership of the files and folders and prevents execution through access
control.
Quarantine disables the network adapters and locks down access preventing any
communications with the endpoint.
Quarantine removes a specific file from its location on a local or removable drive to a
protected folder and prevents it from being executed.
Quarantine prevents an endpoint from communicating with anything besides the listed
exceptions in the agent profile and Cortex XD
4. Which statement is true for Application Exploits and Kernel Exploits?
a system of files used by the operating system to commit memory that exceeds the available
hardware resources. Also known as the “swap”
a central system, available via the internet, for registering officially licensed versions of
software to prove ownership
a ledger for maintaining accurate and up-to-date information on total disk usage and disk
space remaining available to the operating system
6. What kind of the threat typically encrypts userfiles?
ransomware
Zero-day exploits
supply-chain attacks
7. A file is identified as malware by the Local Analysis module whereas WildFire verdict is
Benign, Assuming WildFire is accurate .
It is true positive.
It is false positive.
It is a false negative.
It is true negative.
8. LiveTerminal uses which type of protocol to communicate with the agent on the
endpoint?
WebSocket
Support exception
Process exception
11. Which built-in dashboard would be the best option for an executive, if they were
looking for the Mean Time to Resolution (MTTR) metric?
Only alerts with the same host are grouped together into one Incident in a given time frame.
Alerts that occur within a three hour time frame are grouped together into one Incident.
Alerts with same causality chains that occur within a given time frame are grouped together
into an Incident.
Click the three dots on the widget andthen choose “Save” and this will link the query to the
Widget Library.
This isn’t supported, you have to exit the dashboard and go into the Widget Library first to
create it.
Click on “Save to Action Center” in the dashboard and you will be promptedto give the query
a name and description.
Click on “Save to Widget Library” in the dashboard and you will be prompted to give the
query a name and description.
16. Phishing belongs which of the following MITRE ATT&CK tactics?
Reconnaissance, Persistence
BTP runs on the Cortex XDR and distributes behavioral signatures to all agents.
BTP uses machine Learning to recognize malicious activity even if it is not known.