PCDRA Exam QuestionsBrowse all questions from this exam

PCDRA Exam - Question 39

Which of the following represents the correct relation of alerts to incidents?

Only alerts with the same host are grouped together into one Incident in a given time frame.

Alerts that occur within a three hour time frame are grouped together into one Incident.

Alerts with same causality chains that occur within a given time frame are grouped together into an Incident.

Every alert creates a new Incident.

Show Answer

Correct Answer: C

Alerts with the same causality chains that occur within a given time frame are grouped together into an Incident. This grouping helps to manage and investigate related security events more efficiently by associating alerts that likely originate from the same root cause or attack chain.

Discussion

7 comments

escarOption: C

May 12, 2023

Alerts on the same causality chain are grouped with the same incident if an open incident already exists. Otherwise, the new incoming alert will create a new incident. https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Prevent-Administrator-Guide/Investigate-Incidents

FlkyOption: C

Sep 21, 2023

I vote C

Davina07Option: C

Jun 20, 2023

I vote C

mogulmungiOption: C

Sep 4, 2023

I vote C

GGP23Option: C

Feb 28, 2024

I vote C

ChiquitabanditaOption: C

Mar 22, 2024

found in the admin guide link

abd1234Option: C

Jun 19, 2024

A is %100 wrong