Palo Alto Networks Certified Detection and Remediation Analyst (PCDRA) — Question 79

Which statement best describes how Behavioral Threat Protection (BTP) works?

Answer options

• A. BTP injects into known vulnerable processes to detect malicious activity.
• B. BTP runs on the Cortex XDR and distributes behavioral signatures to all agents.
• C. BTP matches EDR data with rules provided by Cortex XDR.
• D. BTP uses machine Learning to recognize malicious activity even if it is not known.

Correct answer: C

Explanation

The correct answer is C because Behavioral Threat Protection (BTP) effectively correlates EDR data with established rules from Cortex XDR to identify threats. Options A and B do not accurately describe BTP's operational mechanism, while option D incorrectly suggests that BTP solely relies on machine learning without incorporating rule-based matching.