Palo Alto Networks Certified Detection and Remediation Analyst (PCDRA) — Question 78

Which statement best describes how Behavioral Threat Protection (BTP) works?

Answer options

• A. BTP injects into known vulnerable processes to detect malicious activity.
• B. BTP runs on the Cortex XDR and distributes behavioral signatures to all agents.
• C. BTP matches EDR data with rules provided by Cortex XDR.
• D. BTP matches the signature with the existing database of malicious files.

Correct answer: C

Explanation

The correct answer is C because BTP uses EDR data and applies rules from Cortex XDR to identify threats. Options A and B describe incorrect functions of BTP, while option D refers to signature-based detection, which is not the primary mechanism of Behavioral Threat Protection.