Palo Alto Networks Certified Detection and Remediation Analyst (PCDRA) — Question 13

How does Cortex XDR agent for Windows prevent ransomware attacks from compromising the file system?

Answer options

• A. by encrypting the disk first.
• B. by utilizing decoy Files.
• C. by retrieving the encryption key.
• D. by patching vulnerable applications.

Correct answer: B

Explanation

The correct answer, B, indicates that the Cortex XDR agent uses decoy files to trick ransomware into engaging with them instead of actual files, thereby protecting the real data. The other options are ineffective in directly preventing ransomware attacks; encrypting the disk (A) does not stop the attack, retrieving the encryption key (C) is typically a post-attack action, and patching vulnerable applications (D) addresses vulnerabilities but does not specifically counter ransomware tactics.