Free Preparation Discussions
MENU
Palo Alto Networks PCDRA Exam Questions
- Topic 1: Threats and Attacks: This section of the exam measures the skills of Cybersecurity Analysts and covers various attack types, including exploits, malware, file-less attacks, supply chain threats, and ransomware. Candidates must differentiate between threats and attacks while understanding how security modules identify risks. Recognizing attack tactics and understanding the MITRE framework are also key aspects of this section. One skill assessed is identifying legitimate threats versus false positives in security analysis.
- Topic 2: Prevention and Detection: This section of the exam measures the skills of Security Engineers and focuses on defense mechanisms against cyber threats. Candidates must understand ransomware defense systems, device management techniques, and methods to prevent agent-based attacks.
- Topic 3: Investigation: This section of the exam measures the skills of Incident Response Specialists and involves using Cortex XDR for security investigations. Candidates must learn how to navigate the console, use remote terminal options, and distinguish between incidents and alerts.
- Topic 4: Remediation: This section of the exam measures the skills of Security Operations Analysts and focuses on implementing remediation strategies. Candidates will explore the differences between automatic and manual remediation processes, how to run scripts for mitigation, and how to address false positives in security alerts.
- Topic 5: Threat Hunting: This section of the exam measures the skills of a Security Operations Analyst and covers proactive threat detection techniques. Candidates will learn about various tools, including Indicators of Compromise (IOC), Behavioral Indicators of Compromise (BIOC), and the XQL query language for threat hunting.
- Topic 6: Reporting: This section of the exam measures the skills of Security Analysts and evaluates the ability to generate and interpret security reports using Cortex XDR. Candidates must understand how to leverage reporting tools to provide insights into security incidents, system vulnerabilities, and attack trends.
- Topic 7: Architecture: This section of the exam measures the skills of a Security Operations Analyst and covers the structural components of Cortex XDR. Candidates must understand the role of the Cortex XDR Data Lake, Cortex Agent, and Cortex Console. The architecture of Cortex XDR across different operating systems is also explored, including how security functions vary between platforms.
Free Palo Alto Networks PCDRA Exam Actual Questions
Note: Premium Questions for PCDRA were last updated On 23-04-2026 (see below)
In incident-related widgets, how would you filter the display to only show incidents that were ''starred''?
To filter the display to only show incidents that were ''starred'', you need to click the star in the widget. This will apply a filter that shows only the incidents that contain a starred alert, which is an alert that matches a specific condition that you define in the incident starring configuration.You can use the incident starring feature to prioritize and focus on the most important or relevant incidents in your environment1.
Let's briefly discuss the other options to provide a comprehensive explanation:
A) Create a custom XQL widget: This is not the correct answer. Creating a custom XQL widget is not necessary to filter the display to only show starred incidents. A custom XQL widget is a widget that you create by using the XQL query language to define the data source and the visualization type.You can use custom XQL widgets to create your own dashboards or reports, but they are not required for filtering incidents by stars2.
B) This is not currently supported: This is not the correct answer. Filtering the display to only show starred incidents is currently supported by Cortex XDR.You can use the star icon in the widget to apply this filter, or you can use the Filter Builder to create a custom filter based on the Starred field1.
C) Create a custom report and filter on starred incidents: This is not the correct answer. Creating a custom report and filtering on starred incidents is not the only way to filter the display to only show starred incidents. A custom report is a report that you create by using the Report Builder to define the data source, the layout, and the schedule.You can use custom reports to generate and share periodic reports on your Cortex XDR data, but they are not the only option for filtering incidents by stars3.
In conclusion, clicking the star in the widget is the simplest and easiest way to filter the display to only show incidents that were ''starred''. By using this feature, you can quickly identify and focus on the most critical or relevant incidents in your environment.
Filter Incidents by Stars
Create a Custom XQL Widget
Create a Custom Report
Which built-in dashboard would be the best option for an executive, if they were looking for the Mean Time to Resolution (MTTR) metric?
The Incident Management Dashboard provides a high-level overview of the incident response process, including the Mean Time to Resolution (MTTR) metric. This metric measures the average time it takes to resolve an incident from the moment it is created to the moment it is closed. The dashboard also shows the number of incidents by status, severity, and assigned analyst, as well as the top alerts by category, source, and destination. The Incident Management Dashboard is designed for executives and managers who want to monitor the performance and efficiency of their security teams.Reference: [PCDRA Study Guide], page 18.
To create a BIOC rule with XQL query you must at a minimum filter on which field in order for it to be a valid BIOC rule?
To create a BIOC rule with XQL query, you must at a minimum filter on theevent_typefield in order for it to be a valid BIOC rule. The event_type field indicates the type of event that triggered the alert, such as PROCESS, FILE, REGISTRY, NETWORK, or USER_ACCOUNT. Filtering on this field helps you narrow down the scope of your query and focus on the relevant events for your use case. Other fields, such as causality_chain, endpoint_name, threat_event, are optional and can be used to further refine your query or display additional information in the alert.Reference:
Palo Alto Networks Certified Detection and Remediation Analyst (PCDRA) Study Guide, page 9
Palo Alto Networks Cortex XDR Documentation, BIOC Rule Query Syntax
Which two types of exception profiles you can create in Cortex XDR? (Choose two.)
Cortex XDR allows you to create two types of exception profiles: agent exception profiles and global exception profiles. Agent exception profiles apply to specific endpoints that are assigned to the profile. Global exception profiles apply to all endpoints in your network. You can use exception profiles to configure different types of exceptions, such as process exceptions, support exceptions, behavioral threat protection rule exceptions, local analysis rules exceptions, advanced analysis exceptions, or digital signer exceptions. Exception profiles help you fine-tune the security policies for your endpoints and reduce false positives.Reference:
Exception Security Profiles
Create an Agent Exception Profile
Create a Global Exception Profile
What license would be required for ingesting external logs from various vendors?
To ingest external logs from various vendors, you need a Cortex XDR Pro per TB license. This license allows you to collect and analyze logs from Palo Alto Networks and third-party sources, such as firewalls, proxies, endpoints, cloud services, and more. You can use the Log Forwarding app to forward logs from the Logging Service to an external syslog receiver. The Cortex XDR Pro per Endpoint license only supports logs from Cortex XDR agents installed on endpoints. The Cortex XDR Vendor Agnostic Pro and Cortex XDR Cloud per Host licenses do not exist.Reference:
Features by Cortex XDR License Type
Log Forwarding App for Cortex XDR Analytics
SaaS Log Collection
- Select Question Types you want
- Set your Desired Pass Percentage
- Allocate Time (Hours : Minutes)
- Create Multiple Practice tests with Limited Questions
- Customer Support
Alonzo
2 months agoKristal
2 months agoTomoko
2 months agoDean
2 months agoCassi
3 months agoStaci
3 months agoMalinda
3 months agoShalon
3 months agoNichelle
4 months agoTwila
4 months agoCarmen
4 months agoBen
4 months agoSue
5 months agoMichael
5 months agoChu
5 months agoAlton
5 months agoTish
6 months agoFreeman
6 months agoTien
6 months agoLilli
6 months agoMarget
7 months agoAretha
7 months agoEmeline
7 months agoFredric
7 months agoEun
8 months agoFrank
8 months agoMirta
8 months agoLonny
8 months agoRoxane
9 months agoCarolann
9 months agoCaprice
11 months agoTanja
11 months agoBettina
11 months agoLino
12 months agoDevorah
1 year agoBlondell
1 year agoShannon
1 year agoTiera
1 year agoKrissy
1 year agoViola
1 year agoMiesha
1 year agoLynsey
1 year agoRaylene
1 year agoLavonna
1 year agoAnnice
1 year agoVenita
1 year agoAvery
1 year agoMaia
1 year agoLezlie
1 year agoNguyet
1 year agoRenato
1 year agoSabrina
1 year agoAmira
1 year agoBreana
1 year agoLauran
2 years agoMalika
2 years agoDemetra
2 years agoAleta
2 years agoMarnie
2 years agoSabra
2 years agoKaycee
2 years agoYoulanda
2 years agoJess
2 years agoRhea
2 years agoColetta
2 years agoElmer
2 years agoVirgilio
2 years agoCiara
2 years agoAlbina
2 years agoAleta
2 years agoTarra
2 years agoJoaquin
2 years agoGenevive
2 years agoDudley
2 years agoRebbecca
2 years agoFrance
2 years agoJeniffer
2 years ago