New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Palo Alto Networks PCDRA Exam - Topic 7 Question 3 Discussion

Actual exam question for Palo Alto Networks's PCDRA exam
Question #: 3
Topic #: 7
[All PCDRA Questions]

While working the alerts involved in a Cortex XDR incident, an analyst has found that every alert in this incident requires an exclusion. What will the Cortex XDR console automatically do to this incident if all alerts contained have exclusions?

Show Suggested Answer Hide Answer
Suggested Answer: D

by Whitley at May 03, 2022, 10:46 AM

Limited Time Offer

25%

Off

Get Premium PCDRA Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Georgiana
4 months ago
That's a bit surprising, I thought it would keep it unresolved!
upvoted 0 times
...
Effie
4 months ago
No way, it definitely resolves it if all alerts are excluded.
upvoted 0 times
...
Allene
4 months ago
Wait, are we sure it doesn't just create an exception instead?
upvoted 0 times
...
Luis
4 months ago
Totally agree with that!
upvoted 0 times
...
Karol
4 months ago
I think it marks the incident as Resolved -- False Positive.
upvoted 0 times
...
Abel
5 months ago
I vaguely recall that if all alerts have exclusions, it could create an exception to prevent future false positives. That sounds familiar.
upvoted 0 times
...
Kenneth
5 months ago
I’m a bit confused here. I thought exclusions just meant we needed to review them, but maybe it automatically resolves them?
upvoted 0 times
...
Lakeesha
5 months ago
This seems similar to a practice question we did on incident resolution. I feel like it might mark it as resolved if all alerts are false positives.
upvoted 0 times
...
Mabelle
5 months ago
I think I remember something about how Cortex XDR handles alerts with exclusions, but I'm not entirely sure if it marks them as resolved or not.
upvoted 0 times
...
Cecily
5 months ago
Hmm, I'm not sure about this one. The syntax for the lambda expressions looks a bit tricky. I'll need to double-check the rules before I can confidently select an answer.
upvoted 0 times
...
Frank
5 months ago
I think I remember hearing that integrating Blockchain 3.0 with Internet 3.0 could lead to more decentralized applications, but I'm not sure if that means increased use overall.
upvoted 0 times
...
Pedro
5 months ago
I feel pretty confident about this one. The Platform Events API is the clear winner here - it's designed for real-time updates on specific metrics, which is exactly what the analytics team needs. I'll make sure to explain my reasoning in detail.
upvoted 0 times
...

Save Cancel