Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Palo Alto Networks Exam PCDRA Topic 1 Question 55 Discussion

Actual exam question for Palo Alto Networks's PCDRA exam
Question #: 55
Topic #: 1
[All PCDRA Questions]

When viewing the incident directly, what is the ''assigned to'' field value of a new Incident that was just reported to Cortex?

Show Suggested Answer Hide Answer
Suggested Answer: B

To pivot within a row to Causality view and Timeline views for further investigation, you can use the Open Card and Open Timeline actions respectively. The Open Card action will open a new tab with the Causality view of the selected row, showing the causal chain of events that led to the alert. The Open Timeline action will open a new tab with the Timeline view of the selected row, showing the chronological sequence of events that occurred on the affected endpoint. These actions allow you to drill down into the details of each alert and understand the root cause and impact of the incident.Reference:

Cortex XDR User Guide, Chapter 9: Investigate Alerts, Section: Pivot to Causality View and Timeline View

PCDRA Study Guide, Section 3: Investigate and Respond to Alerts, Objective 3.1: Investigate alerts using the Causality view and Timeline view


by Adria at Jun 01, 2024, 02:32 AM

Limited Time Offer

25%

Off

Get Premium PCDRA Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Moon
1 months ago
Ah, the age-old question of the 'assigned to' field on a new incident. It's like a game of IT support roulette! I'm going to go with 'Unassigned' on this one. After all, who needs to be the first poor soul to get saddled with a fresh new problem?
upvoted 0 times
Carrol
1 days ago
I'm pretty sure it's 'New'. That would make the most sense for a brand new incident.
upvoted 0 times
...
Patria
4 days ago
I believe it's 'Pending'. That's usually the default status for new incidents.
upvoted 0 times
...
Lettie
5 days ago
I think it's 'Unassigned' too. No one wants to be the first one to deal with a new incident.
upvoted 0 times
...
...
Nu
1 months ago
Hmm, tricky one. I'm leaning towards 'It is blank', since the incident is just being reported and hasn't been assigned yet. But then again, maybe Cortex has a default 'Unassigned' setting. Decisions, decisions! At least this question isn't about configuring a printer – that's where the real fun begins.
upvoted 0 times
Elke
3 days ago
'Pending' could also be a possibility. It might be in a queue waiting for action.
upvoted 0 times
...
Scot
9 days ago
I agree, 'Unassigned' makes sense. It's probably waiting to be assigned to someone.
upvoted 0 times
...
Tyra
17 days ago
I think it's 'Unassigned'. Cortex probably has a default setting for new incidents.
upvoted 0 times
...
...
Svetlana
1 months ago
Let's see, 'Pending' seems a bit too ambiguous, and 'New' doesn't really convey the assignment status. I'm going to go with 'Unassigned' on this one. After all, who wants to be the one left holding the bag on a brand new incident?
upvoted 0 times
...
Oneida
1 months ago
Aha! I bet it's 'Unassigned'. That's the typical default value for new incidents that haven't been assigned to a specific user yet. Though 'Pending' would also make sense, I suppose. Gotta love these subtle IT support questions!
upvoted 0 times
Ligia
3 days ago
I'm leaning towards 'Pending'.
upvoted 0 times
...
Augustine
9 days ago
I believe it's 'Unassigned' as well.
upvoted 0 times
...
Linette
25 days ago
I would go with 'Pending'.
upvoted 0 times
...
Elke
1 months ago
I think it's 'Unassigned'.
upvoted 0 times
...
...
Phil
2 months ago
Hmm, this is a tricky one. I'd say the 'assigned to' field is probably blank, since the incident is just being reported and hasn't been assigned to anyone yet. But who knows, maybe it defaults to 'Unassigned'? I'll have to think this one through carefully.
upvoted 0 times
Emilio
9 days ago
Let's check the system to be sure.
upvoted 0 times
...
Susy
15 days ago
I'm leaning towards 'Unassigned' as the default.
upvoted 0 times
...
Marylin
25 days ago
I agree, it makes sense that it hasn't been assigned yet.
upvoted 0 times
...
Ben
1 months ago
I think it's probably blank.
upvoted 0 times
...
...
Oretha
2 months ago
That makes sense, but I'm still not sure. I'll go with C) Unassigned.
upvoted 0 times
...
Joanne
2 months ago
I believe it's A) Pending because it hasn't been assigned to anyone yet.
upvoted 0 times
...
Oretha
2 months ago
I think the answer is C) Unassigned.
upvoted 0 times
...

Save Cancel