Free Palo Alto Networks PCDRA Exam Actual Questions

The questions for PCDRA were last updated On Jan 26, 2025

Question No. 1

How does Cortex XDR agent for Windows prevent ransomware attacks from compromising the file system?

Show Answer Hide Answer
Correct Answer: B

Cortex XDR agent for Windows prevents ransomware attacks from compromising the file system by utilizing decoy files. Decoy files are randomly generated files that are placed in strategic locations on the endpoint, such as the user's desktop, documents, and pictures folders. These files are designed to look like valuable data that ransomware would target for encryption. When Cortex XDR agent detects that a process is attempting to access or modify a decoy file, it immediately blocks the process and alerts the administrator. This way, Cortex XDR agent can stop ransomware attacks before they can cause any damage to the real files on the endpoint.Reference:

Anti-Ransomware Protection

PCDRA Study Guide


Question No. 2

When creating a scheduled report which is not an option?

Show Answer Hide Answer
Correct Answer: B

When creating a scheduled report in Cortex XDR, the option to run quarterly on a certain day and time isnotavailable. You can only schedule reports to run daily, weekly, or monthly. You can also specify the start and end dates, the time zone, and the recipients of the report. Scheduled reports are useful for generating regular reports on the security events, incidents, alerts, or endpoints in your network. You can create scheduled reports from the Reports page in the Cortex XDR console, or from the Query Center by saving a query as a report.Reference:

Run or Schedule Reports

Create a Scheduled Report


Question No. 4

An attacker tries to load dynamic libraries on macOS from an unsecure location. Which Cortex XDR module can prevent this attack?

Show Answer Hide Answer
Correct Answer: D

The correct answer is D. Dylib Hijacking. Dylib Hijacking, also known as Dynamic Library Hijacking, is a technique used by attackers to load malicious dynamic libraries on macOS from an unsecure location. This technique takes advantage of the way macOS searches for dynamic libraries to load when an application is executed. To prevent such attacks, Palo Alto Networks offers the Dylib Hijacking prevention capability as part of their Cortex XDR platform.This capability is designed to detect and block attempts to load dynamic libraries from unauthorized or unsecure locations1.

Let's briefly discuss the other options to provide a comprehensive explanation:

A) DDL Security: This is not the correct answer. DDL Security is not specifically designed to prevent dynamic library loading attacks on macOS.DDL Security is focused on protecting against DLL (Dynamic Link Library) hijacking on Windows systems2.

B) Hot Patch Protection: Hot Patch Protection is not directly related to preventing dynamic library loading attacks.It is a security feature that protects against runtime patching or modification of code in memory, often used by advanced attackers to bypass security measures3. While Hot Patch Protection is a valuable security feature, it is not directly relevant to the scenario described.

C) Kernel Integrity Monitor (KIM): Kernel Integrity Monitor is also not the correct answer. KIM is a module in Cortex XDR that focuses on monitoring and protecting the integrity of the macOS kernel.It detects and prevents unauthorized modifications to critical kernel components4. While KIM plays an essential role in overall macOS security, it does not specifically address the prevention of dynamic library loading attacks.

In conclusion, Dylib Hijacking is the Cortex XDR module that specifically addresses the prevention of attackers loading dynamic libraries from unsecure locations on macOS. By leveraging this module, organizations can enhance their security posture and protect against this specific attack vector.


Endpoint Protection Modules

DDL Security

Hot Patch Protection

Kernel Integrity Monitor

Question No. 5

When using the ''File Search and Destroy'' feature, which of the following search hash type is supported?

Show Answer Hide Answer