New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Palo Alto Networks PSE-Cortex Exam - Topic 5 Question 84 Discussion

Actual exam question for Palo Alto Networks's PSE-Cortex exam
Question #: 84
Topic #: 5
[All PSE-Cortex Questions]

An adversary attempts to communicate with malware running on a network in order to control malware activities or to exfiltrate data from the network.

Which Cortex XDR Analytics alert will this activity most likely trigger?

Show Suggested Answer Hide Answer
Suggested Answer: D

by Gerald at Aug 15, 2025, 10:45 PM

Limited Time Offer

25%

Off

Get Premium PSE-Cortex Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Jacob
2 months ago
Really? I thought malware alerts were more straightforward than that.
upvoted 0 times
...
Cordelia
2 months ago
I think C makes sense too, new admin behavior can be suspicious.
upvoted 0 times
...
Chaya
3 months ago
Wait, are we sure it's not A? Local tasks can be tricky.
upvoted 0 times
...
Blythe
3 months ago
Definitely D, DNS tunneling is a classic sign!
upvoted 0 times
...
Jacquline
3 months ago
I'm pretty sure it's B, malware alert.
upvoted 0 times
...
Callie
3 months ago
I’m a bit confused, but uncommon local scheduled task creation doesn’t seem to fit this situation as well as the others.
upvoted 0 times
...
Solange
4 months ago
I practiced a similar question, and I think the malware alert is too broad. DNS Tunneling seems more specific to the scenario described.
upvoted 0 times
...
Mel
4 months ago
I’m not entirely sure, but I feel like new administrative behavior could also be relevant if the malware is trying to escalate privileges.
upvoted 0 times
...
Rodney
4 months ago
I remember studying about malware communications, and I think DNS Tunneling might be the right alert since it’s often used for data exfiltration.
upvoted 0 times
...
Rosio
4 months ago
I'm a bit confused on this one. There are a few options that seem like they could be relevant, but I'm not totally sure which one is the best fit. I'll have to review the material on malware and network security alerts again before deciding.
upvoted 0 times
...
Reita
4 months ago
Okay, I've got this. The key is that the question is specifically asking about an adversary communicating with malware, so the alert that would most likely be triggered is D. DNS Tunneling. That's the one that seems to best match the scenario described.
upvoted 0 times
...
Fletcher
5 months ago
Hmm, I'm a little unsure about this one. Could it also be something like new administrative behavior or uncommon local scheduled task creation? I'll have to think it through a bit more.
upvoted 0 times
...
Larae
5 months ago
This one seems pretty straightforward. The question is asking about an alert that would be triggered by an adversary communicating with malware, so I'm thinking the answer is probably D. DNS Tunneling.
upvoted 0 times
...
Merilyn
6 months ago
I think the answer is D. DNS Tunneling, that's the most likely activity to trigger a Cortex XDR alert in this scenario.
upvoted 0 times
Odette
5 months ago
I agree, DNS Tunneling is a common technique used by adversaries to communicate with malware.
upvoted 0 times
...
...

Save Cancel