Palo Alto Networks Certified Detection and Remediation Analyst (PCDRA) — Question 48

What should you do to automatically convert leads into alerts after investigating a lead?

Answer options

• A. Lead threats can't be prevented in the future because they already exist in the environment.
• B. Build a search query using Query Builder or XQL using a list of IOCs.
• C. Create IOC rules based on the set of the collected attribute-value pairs over the affected entities concluded during the lead hunting.
• D. Create BIOC rules based on the set of the collected attribute-value pairs over the affected entities concluded during the lead hunting.

Correct answer: D

Explanation

The correct answer is D because creating BIOC rules allows for the automation of alerts based on the specific attributes gathered during the lead investigation. Options A and B do not address the conversion of leads into alerts, while C focuses on IOC rules, which are not as effective for automated alerting as BIOC rules.