Palo Alto Networks Certified Detection and Remediation Analyst (PCDRA) — Question 94

Where would you go to add an exception to exclude a specific file hash from examination by the Malware profile for a Windows endpoint?

Answer options

• A. Find the Malware profile attached to the endpoint, Under Portable Executable and DLL Examination add the hash to the allow list.
• B. From the rules menu select new exception, fill out the criteria, choose the scope to apply it to, hit save.
• C. Find the exceptions profile attached to the endpoint, under process exceptions select local analysis, paste the hash and save.
• D. In the Action Center, choose Allow list, select new action, select add to allow list, add your hash to the list, and apply it.

Correct answer: B

Explanation

The correct answer is B because it describes the accurate method to create a new exception by specifying criteria and scope. Options A, C, and D do not follow the correct process for adding an exception to the Malware profile as they focus on different functionalities or processes.