PCDRA Palo Alto Networks Certified Detection and Remediation Analyst Question and Answers

next to relevant Key Artifacts in the incidents details page

under Response --> Action Center

under the gear icon --> Agent Audit Logs

on the HUB page at apps.paloaltonetworks.com

BTP injects into known vulnerable processes to detect malicious activity.

BTP runs on the Cortex XDR and distributes behavioral signatures to all agents.

BTP matches EDR data with rules provided by Cortex XDR.

BTP uses machine Learning to recognize malicious activity even if it is not known.

exception profiles that apply to specific endpoints

agent exception profiles that apply to specific endpoints

global exception profiles that apply to all endpoints

role-based profiles that apply to specific endpoints

NetBIOS over TCP

WebSocket

UDP and a random port

TCP, over port 80

It is true positive.

It is false positive.

It is a false negative.

It is true negative.

Quarantine takes ownership of the files and folders and prevents execution through access control.

Quarantine disables the network adapters and locks down access preventing any communications with the endpoint.

Quarantine removes a specific file from its location on a local or removable drive to a protected folder and prevents it from being executed.

Quarantine prevents an endpoint from communicating with anything besides the listed exceptions in the agent profile and Cortex XDR.