Online Access Free PCDRA Exam Questions

What is an example of an attack vector for ransomware?

• A.Performing SSL Decryption on an endpoint
• B.A URL filtering feature enabled on a firewall
• C.Performing DNS queries for suspicious domains
• D.Phishing emails containing malicious attachments

To create a BIOC rule with XQL query you must at a minimum filter on which field in order for it to be a valid BIOC rule?

• A.threat_event
• B.endpoint_name
• C.event_type
• D.causality_chain

Under which conditions is Local Analysis evoked to evaluate a file before the file is allowed to run?

• A.The endpoint is disconnected or the verdict from WildFire is of a type unknown.
• B.The endpoint is disconnected or the verdict from WildFire is of a type benign.
• C.The endpoint is disconnected or the verdict from WildFire is of a type grayware.
• D.The endpoint is disconnected or the verdict from WildFire is of a type malware.

What should you do to automatically convert leads into alerts after investigating a lead?

• A.Lead threats can't be prevented in the future because they already exist in the environment.
• B.Create BIOC rules based on the set of the collected attribute-value pairs over the affected entities concluded during the lead hunting.
• C.Create IOC rules based on the set of the collected attribute-value pairs over the affected entities concluded during the lead hunting.
• D.Build a search query using Query Builder or XQL using a list of lOCs.

In Windows and macOS you need to prevent the Cortex XDR Agent from blocking execution of a file based on the digital signer. What is one way to add an exception for the singer?

• A.Create a new rule exception and use the singer as the characteristic.
• B.In the Restrictions Profile, add the file name and path to the Executable Files allow list.
• C.Add the signer to the allow list under the action center page.
• D.Add the signer to the allow list in the malware profile.