Palo Alto Networks Certified Detection and Remediation Analyst (PCDRA) — Question 10

As a Malware Analyst working with Cortex XDR you notice an alert suggesting that there was a prevented attempt to download Cobalt Strike on one of your servers. Days later, you learn about a massive ongoing supply chain attack. Using Cortex XDR you recognize that your server was compromised by the attack and that Cortex XDR prevented it. What steps can you take to ensure that the same protection is extended to all your servers?

Answer options

• A. Create Behavioral Threat Protection (BTP) rules to recognize and prevent the activity.
• B. Enable DLL Protection on all servers but there might be some false positives.
• C. Create IOCs of the malicious files you have found to prevent their execution.
• D. Enable Behavioral Threat Protection (BTP) with cytool to prevent the attack from spreading.

Correct answer: A

Explanation

The correct answer is A because creating Behavioral Threat Protection (BTP) rules allows for the proactive detection and prevention of similar threats across all servers. While option B (enabling DLL Protection) could help, it may lead to false positives that could disrupt legitimate processes. Option C (creating IOCs) is a reactive measure and does not provide real-time protection, while D (using cytool) suggests a specific method but does not encompass the broader implementation of BTP rules across all servers.