Palo Alto Networks Certified Detection and Remediation Analyst (PCDRA) — Question 5

Where can SHA256 hash values be used in Cortex XDR Malware Protection Profiles?

Answer options

• A. in the macOS Malware Protection Profile to indicate allowed signers
• B. in the Linux Malware Protection Profile to indicate allowed Java libraries
• C. SHA256 hashes cannot be used in Cortex XDR Malware Protection Profiles
• D. in the Windows Malware Protection Profile to indicate allowed executables

Correct answer: D

Explanation

SHA256 hash values are specifically used in the Windows Malware Protection Profile to identify permitted executables, ensuring only trusted files are executed. The other options either misrepresent the function of SHA256 hashes in different operating systems or mistakenly claim that SHA256 cannot be used at all.