Question No : 1
What license would be required for ingesting external logs from various vendors?

• A.Cortex XDR Pro per Endpoint
• B.Cortex XDR Vendor Agnostic Pro
• C.Cortex XDR Pro per TB
• D.Cortex XDR Cloud per Host

Show Answers

Answer:
Explanation:
Reference: https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/external-data-ingestion/about-external-data-ingestion.html

Question No : 2
What is the purpose of targeting software vendors in asupply-chain attack?

• A.to take advantage of a trusted software delivery method.
• B.to steal users’ login credentials.
• C.to access source code.
• D.to report Zero-day vulnerabilities.

Show Answers

Answer:
Explanation:
Reference: https://unit42.paloaltonetworks.com/solarstorm-supply-chain-attack-timeline/

Question No : 3
Which two types of exception profiles you can create in Cortex XDR? (Choose two.)

• A.exception profiles that apply to specific endpoints
• B.agent exception profiles that apply to specific endpoints
• C.global exception profiles that apply to all endpoints
• D.role-based profiles that apply to specific endpoints

Show Answers

Answer:
Explanation:
Reference: https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/endpoint-security/exceptions-security-profiles.html

Question No : 4
1.While working the alerts involved in a Cortex XDR incident, an analyst has found that every alert in this incident requires an exclusion .
What will the Cortex XDR console automatically do to this incident if all alerts contained have exclusions?

• A.mark the incident as Unresolved
• B.create a BIOC rule excluding this behavior
• C.create an exception to prevent future false positives
• D.mark the incident as Resolved C False Positive

Show Answers

Answer:
Explanation:
Reference: https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/investigation-and-response/investigate-endpoint-alerts/alert-exclusions/add-an-alert-exclusion.html

Question No : 5
Which statement is true based on the following Agent Auto Upgrade widget?

• A.There are a total of 689 Up To Date agents.
• B.Agent Auto Upgrade was enabled but not on all endpoints.
• C.Agent Auto Upgrade has not been enabled.
• D.There are more agents in Pending status than InProgress status.

Show Answers

Answer:
Explanation:
Reference: https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/endpoint-security/manage-cortex-xdr-agents/upgrade-the-cortex-agent.html

Question No : 6
When viewing the incident directly, what is the “assigned to” field value of a new Incident that was just reported to Cortex?

• A.Pending
• B.It is blank
• C.Unassigned
• D.New

Show Answers

Answer:
Explanation:
Reference: https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/investigation-and-response/investigate-incidents/cortex-xdr-incidents.html

Question No : 7
How does Cortex XDR agent for Windows prevent ransomware attacks from compromising the file system?

• A.by encrypting the disk first.
• B.by utilizing decoy Files.
• C.by retrieving the encryption key.
• D.by patching vulnerable applications.

Show Answers

Answer:
Explanation:
Reference: https://www.salto.cz/sites/default/files/documents/Produkty/PaloAlto/cortex-xdr-endpoint-protection-overview.pdf

Question No : 8
Which of the following best defines the Windows Registry as used by the Cortex XDRagent?

• A.a hierarchical database that stores settings for the operating system and for applications
• B.a system of files used by the operating system to commit memory that exceeds the available hardware resources. Also known as the “swap”
• C.a central system, available via the internet, for registering officially licensed versions of software to prove ownership
• D.a ledger for maintaining accurate and up-to-date information on total disk usage and disk space remaining available to the operating system

Show Answers

Answer:
Explanation:
Reference: https://docs.microsoft.com/en-us/troubleshoot/windows-server/performance/windows-registry-advanced-users

Question No : 9
Which Type of IOC can you define in Cortex XDR?

• A.destination port
• B.e-mail address
• C.full path
• D.App-ID

Show Answers

Answer:
Explanation:
Reference: https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/investigation-and-response/cortex-xdr-indicators/working-with-iocs.html

Question No : 10
After scan, how does file quarantine function work on an endpoint?

• A.Quarantine takes ownership of the files and folders and prevents execution through access control.
• B.Quarantine disables the network adapters and locks down access preventing any communications with the endpoint.
• C.Quarantine removes a specific file from its location on a local or removable drive to a protected folder and prevents it from being executed.
• D.Quarantine prevents an endpoint from communicating with anything besides the listed exceptions in the agent profile and Cortex XD

Show Answers

Answer:
Explanation:
Reference: https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-prevent-admin/investigation-and-response/investigate-files/manage-quarantined-files