Prisma Certified Cloud Security Engineer (PCCSE) — Question 245

A security team notices a number of anomalies under Monitor > Events. The incident response team works with the developers to determine that these anomalies are false positives.
What will be the effect if the security team chooses to Relearn on this image?

Answer options

• A. The model is deleted, and Defender will relearn for 24 hours.
• B. The anomalies detected will automatically be added to the model.
• C. The model is deleted and returns to the initial learning state.
• D. The model is retained, and any new behavior observed during the new learning period will be added to the existing model.

Correct answer: D

Explanation

Choosing to Relearn allows the model to retain its existing data while incorporating any new behaviors observed during the relearning period. This is crucial for adapting to new threats without losing previously learned information. The other options incorrectly suggest that the model is deleted or reset, which would negate the benefits of ongoing learning.