Palo Alto Networks Certified Detection and Remediation Analyst (PCDRA) — Question 77

Cortex XDR is deployed in the enterprise and you notice a cobalt strike attack via an ongoing supply chain compromise was prevented on 1 server. What steps can you take to ensure the same protection is extended to all your servers?

Answer options

• A. Enable DLL Protection on all servers but there might be some false positives.
• B. Conduct a thorough Endpoint Malware scan.
• C. Create IOCs of the malicious files you have found to prevent their execution.
• D. Enable Behavioral Threat Protection (BTP) with cytool to prevent the attack from spreading.

Correct answer: D

Explanation

Enabling Behavioral Threat Protection (BTP) with cytool is the best approach to prevent the attack from propagating across all servers, as it focuses on detecting and mitigating behavioral anomalies. While enabling DLL Protection (A) may help, it could lead to false positives, which can disrupt operations. Conducting a malware scan (B) is useful but does not provide ongoing protection, and creating IOCs (C) is reactive rather than proactive, focusing only on known threats.