Palo Alto Networks Certified Detection and Remediation Analyst (PCDRA) — Question 84

While working the alerts involved in a Cortex XDR incident, an analyst has found that every alert in this incident requires an exclusion. What will the Cortex XDR console automatically do to this incident if all alerts contained have exclusions?

Answer options

• A. mark the incident as Unresolved
• B. create a BIOC rule excluding this behavior
• C. create an exception to prevent future false positives
• D. mark the incident as Resolved – Auto Resolve

Correct answer: D

Explanation

The Cortex XDR console automatically marks the incident as Resolved – Auto Resolve when all alerts are associated with exclusions, indicating that the alerts are acknowledged and no further action is required. The other options are incorrect because they either imply ongoing issues (A), the creation of new rules (B), or preventative measures that are not taken in this scenario (C).