Palo Alto Networks Certified Detection and Remediation Analyst (PCDRA) — Question 92

As a Malware Analyst working with Cortex XDR you notice an alert suggesting that there was a prevented attempt to open a malicious Word document. You learn from the WildFire report and AutoFocus that this document is known to have been used in Phishing campaigns since 2018. What steps can you take to ensure that the same document is not opened by other users in your organization protected by the Cortex XDR agent?

Answer options

• A. Enable DLL Protection on all endpoints but there might be some false positives.
• B. No step is required because Cortex shares IOCs with our fellow Cyber Threat Alliance members.
• C. No step is required because the malicious document is already stopped.
• D. Install latest content updates to recognize and prevent the activity.

Correct answer: D

Explanation

The correct answer is D because installing the latest content updates ensures that the Cortex XDR can recognize and block the malicious document effectively. Option A may help but does not directly address the specific threat. Option B is incorrect because relying solely on sharing IOCs does not provide immediate protection for users. Option C is misleading as it suggests no further action is required when proactive measures are necessary.