Palo Alto Networks Certified Detection and Remediation Analyst (PCDRA) — Question 82

The Cortex XDR console has triggered an incident, blocking a vitally important piece of software in your organization that is known to be benign. Which of the following options would prevent Cortex XDR from blocking this software in the future, for all endpoints in your organization?

Answer options

• A. Create an endpoint-specific exception.
• B. Create a global inclusion.
• C. Create an individual alert exclusion.
• D. Create a global exception.

Correct answer: D

Explanation

Creating a global exception allows the specified software to be whitelisted across all endpoints, preventing Cortex XDR from blocking it in the future. The other options are too narrow in scope; an endpoint-specific exception only applies to one device, while individual alert exclusions and global inclusions do not provide the same comprehensive coverage as a global exception.