Palo Alto Networks Detection and Remediation Analyst (PCDRA) Certification
Format: Multiple choice
Duration: 90 Minutes
Minimum required score to pass: 70%
Do you want to guarantee your passing in the Palo Alto Networks Detection and Remediation Analyst (PCDRA) Certification?
Do you want to guarantee your pass in Palo Alto Networks Detection and Remediation Analyst (PCDRA) Certification without the need for training classes and studying Dumps and questions?
We HELP you PASS Palo Alto Networks Detection and Remediation Analyst (PCDRA) Certification, without exam and training!
***Pay after you Pass***
Palo Alto Networks Detection and Remediation Analyst (PCDRA) Certification details
The Palo Alto Networks Detection and Remediation Analyst (PCDRA) certification is designed to validate the knowledge and skills required to demonstrate the highest standard of deployment methodology and operational best practices associated with the Palo Alto Networks Cortex XDR platform
Audience and Qualifications
Target Audience
This certification is designed for students and technical professionals, as well as any non-technical individuals interested in validating comprehensive knowledge on current cybersecurity tenets, including security engineers, security administrators, security operators, security analysts, and security architects.
Blueprint
The blueprint table lists the domains covered and includes domain weighting. The percentage weights represent the portion of the exam score that is attributed to each domain. Many candidates nd the table provides focus for studies during exam preparation. Also included in the blueprint table are the more specific tasks associated with each domain. Pay particular attention to these tasks, as they provide more targeted areas of study within the domains.
1. Threats and Attacks   10%
1.1 Recognize the different types of attacks
1.1.1 Differentiate between exploits and malware
1.1.2 Dene a le-less attack
1.1.3 Dene a supply chain attack
1.1.4 Outline ransomware threats
1.2 Recognize common attack tactics
1.2.1 List common attack tactics
1.2.2 Dene various attack tactics
1.2.3 Outline MITRE framework steps
1.3 Recognize various types of threats/vulnerabilities
1.3.1 Differentiate between threats and attacks
1.3.2 Dene product modules that help identify threats
1.3.3 Identify legitimate threats (true positives) vs. illegitimate threats (false positives)
1.3.4 Summarize the generally available references for vulnerabilities
2. Prevention and Detection   20%
2.1 Recognize common defense systems
2.1.1 Identify ransomware defense systems
2.1.2 Summarize device management defenses
2.2 Identify attack vectors
2.2.1 Summarize how to prevent agent attacks
2.2.2 Describe how to use XDR to prevent supply chain attacks
2.2.3 Describe how to use XDR to prevent phishing attacks
2.2.4 Characterize the differences between malware and exploits
2.2.5 Categorize the types and structures of vulnerabilities
2.3 Outline malware prevention
2.3.1 Dene behavioral threat protection
2.3.2 Identify the proles that must be configured for malware prevention
2.3.3 Outline malware protection ow
2.3.4 Describe the uses of hashes in Cortex XDR
2.3.5 Identify the use of malware prevention modules (MPMs)
2.4 Outline exploit prevention
2.4.1 Identify the use of exploit prevention modules (EPMs)
2.4.2 Dene default protected processes
2.4.3 Characterize the differences between application protection and kernel protection
2.5 Outline analytic detection capabilities
2.5.1 Dene the purpose of detectors
2.5.2 Dene machine learning in the context of analytic detection
2.5.3 Identify the connection of analytic detection capabilities to MITRE
3. Investigation 20%
3.1 Identify the investigation capabilities of Cortex XDR
3.1.1 Describe how to navigate the console
3.1.2 Identify the remote terminal option
3.1.3 Characterize the differences between incidents and alerts
3.1.4 Characterize the differences between exclusions and exceptions
3.2 Identify the steps of an investigation
3.2.1 Clarify how incidents and alerts interrelate
3.2.2 Identify the order in which to resolve incidents
3.2.3 Identify which steps are valid for an investigation
3.2.4 List the options to highlight or suppress incidents
3.3 Identify actions to investigate incidents
3.3.1 Describe when to perform actions using the live terminal
3.3.2 Describe what actions can be performed using the live terminal
3.3.3 Describe when to perform actions using a script
3.3.4 Identify common investigation screens and processes
3.4 Outline incident collaboration and management using XDR
3.4.1 Outline, read, and write attributes
3.4.2 Characterize the difference between incidents and alerts
4. Remediation   15%
4.1 Describe basic remediation
4.1.1 Describe how to navigate the remediation suggestions
4.1.2 Distinguish between automatic vs. manual remediation
4.1.3 Summarize how/when to run a script
4.1.4 Describe how to x false positives
4.2 Dene examples of remediation
4.2.1 Dene ransomware
4.2.2 Dene registry
4.2.3 Dene le changes/deletions
4.3 Dene configuration options in XDR to x problems
4.3.1 Dene blocklist
4.3.2 Dene signers
4.3.3 Dene allow list
4.3.4 Dene exceptions
4.3.5 Dene quarantine/isolation
4.3.6 Dene le search and destroy
5. Threat Hunting    10%
5.1 Outline the tools for threat hunting
5.1.1 Explain the purpose and use of the IOC technique
5.1.2 Explain the purpose and use of the BIOC technique
5.1.3 Explain the purpose and use of the XQL technique
5.1.4 Explain the purpose and use of the query builder technique
5.2 Identify how to prevent the threat
5.2.1 Convert BIOCs into custom prevention rules
5.3 Manage threat hunting
5.3.1 Describe the purpose of Unit 42
6. Reporting     10%
6.1 Identify the reporting capabilities of XDR
6.1.1 Leverage reporting tools
6.2 Outline how to build a quality report
6.2.1 Identify what is relevant to a report given context
6.2.2 Interpret meaning from a report
6.2.3 Identify the information needed for a given audience
6.2.4 Outline the capabilities of XQL to build a report
6.2.5 Outline distributing and scheduling capabilities of Cortex XDR
7. Architecture     15%
7.1 Outline components of Cortex XDR
7.1.1 Dene the role of Cortex XDR Data Lake
7.1.2 Dene the role of Cortex Agent
7.1.3 Dene the role of Cortex Console
7.1.4 Dene the role of Cortex Broker
7.1.5 Distinguish between dierent proxies
7.1.6 Dene the role of Directory Sync
7.1.7 Dene the role of Wildfire
7.2 Describe communication among components
7.2.1 Dene communication of data lakes
7.2.2 Dene communication for Wildfire
7.2.3 Dene communication options/channels to and from the client
7.2.4 Dene communication for external dynamic list (EDL)
7.2.5 Dene communication from the broker
7.3 Describe the architecture of agent related to different operating systems
7.3.1 Recognize different supported operating systems
7.3.2 Characterize the differences between functions or features on operating systems
7.4 Outline how Cortex XDR ingests other non-Palo Alto Networks data sources
7.4.1 Outline all ingestion possibilities
7.4.2 Describe details of the ingestion methods
7.5 Overview of functions and deployment of Broker
7.5.1 Outline deployment of Broker
7.5.2 Describe how to use the Broker to ingest third party alert
7.5.3 Describe how to use the Broker as a proxy between the agents and XDR in the Cloud
7.5.4 Describe how to use the Broker to activate Pathnder
