PCDRA Questions and Answers

There is one lowseverity incident.

Host shpapy_win10 had the most vulnerabilities.

There is one informational severity alert.

This is an actual output of the Top 10 hosts with the most malware.

dataset = xdr_data

| filterevent_sub_type = PROCESS_START and

action_process_image_name ~= ".*?\.(?:pdf|docx)\.exe"

dataset = xdr_data

| filter event_type = PROCESS and

event_sub_type = PROCESS_START and

action_process_image_name ~= ".*?\.(?:pdf|docx)\.exe"

dataset = xdr_data

| filter action_process_image_name ~= ".*?\.(?:pdf|docx)\.exe"

| fields action_process_image

dataset = xdr_data

| filter event_behavior = true

event_sub_type = PROCESS_START and

action_process_image_name ~=".*?\.(?:pdf|docx)\.exe"

a local storage facility where your logs and alert data can be aggregated

a cloud-based storage facility where your firewall logs are stored

the interface between firewalls and the Cortex XDR agents

the workspace for your Cortex XDR agents to detonate potential malware files

Cortex XDR Analytics allows to interfere with the pattern as soon as it is observed on the firewall.

Cortex XDR Analytics does not interfere with the pattern as soon as it is observed on the endpoint.

Cortex XDR Analytics does not have to interfere with the pattern as soon as it is observed on the endpoint in order to prevent the attack.

Cortex XDR Analytics allows to interfere with the pattern as soon as it is observed on the endpoint.