Palo Alto Networks
XDR-Analyst
Q1:
Phishing belongs to which of the following MITRE ATT&CK tactics?
○
A
Initial Access, Persistence○
B
Persistence, Command and Control○
C
Reconnaissance, Persistence○
D
Reconnaissance, Initial Access
Palo Alto Networks
XDR-Analyst
Q2:
Which of the following policy exceptions applies to the following description?
'An exception allowing specific PHP files'
○
A
Support exception○
B
Local file threat examination exception○
C
Behavioral threat protection rule exception○
D
Process exception
Palo Alto Networks
XDR-Analyst
Q3:
To stop a network-based attack, any interference with a portion of the attack pattern is enough to prevent it from succeeding. Which statement is correct regarding the Cortex XDR Analytics module?
○
A
It does not interfere with any portion of the pattern on the endpoint.○
B
It interferes with the pattern as soon as it is observed by the firewall.○
C
It does not need to interfere with the any portion of the pattern to prevent the attack.○
D
It interferes with the pattern as soon as it is observed on the endpoint.
Palo Alto Networks
XDR-Analyst
Q4:
In Windows and macOS you need to prevent the Cortex XDR Agent from blocking execution of a file based on the digital signer. What is one way to add an exception for the singer?
○
A
In the Restrictions Profile, add the file name and path to the Executable Files allow list.○
B
Create a new rule exception and use the singer as the characteristic.○
C
Add the signer to the allow list in the malware profile.○
D
Add the signer to the allow list under the action center page.
Palo Alto Networks
XDR-Analyst
Q5:
With a Cortex XDR Prevent license, which objects are considered to be sensors?
○
A
Syslog servers○
B
Third-Party security devices○
C
Cortex XDR agents○
D
Palo Alto Networks Next-Generation Firewalls