Palo Alto Networks Certified Detection and Remediation Analyst (PCDRA) — Question 8

Which of the following represents the correct relation of alerts to incidents?

Answer options

• A. Only alerts with the same host are grouped together into one Incident in a given time frame.
• B. Alerts that occur within a three hour time frame are grouped together into one Incident.
• C. Alerts with same causality chains that occur within a given time frame are grouped together into an Incident.
• D. Every alert creates a new Incident.

Correct answer: C

Explanation

The correct answer is C because incidents are typically formed from alerts that have a shared causality and occur within a defined time frame, reflecting their relationship. Answer A incorrectly limits grouping to alerts from the same host, while B's three-hour time frame does not necessarily relate to causality. Answer D suggests every alert generates a new Incident, which is not accurate in alert management.