Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security
Uploaded by henrique.aleixo

Exercícios PCCET 1 (answered)

advertisement 
Exercícios PCCET – Respondidos no Caderno
ExamTopics.com
Question #1 Topic 1
Which analysis detonates previously unknown submissions in a custom-built, evasion-resistant
virtual environment to determine real-world effects and behavior?




A. Dynamic
B. Pre-exploit protection
C. Bare-metal
D. Static
Dynamic analysis is the process of testing and evaluating in real-time
Question #2 Topic 1
What is required for a SIEM to operate correctly to ensure a translated flow from the system of
interest to the SIEM data lake?




A. connectors and interfaces
B. infrastructure and containers
C. containers and developers
D. data center and UPS
SIEM connectors are used to read various logs and forwarding them to your SIEM platform.
Interfaces are various tools in the SIEM platform
Question #3 Topic 1
Which type of Wi-Fi attack depends on the victim initiating the connection?




A. Evil twin
B. Jasager
C. Parager
D. Mirai
The main problem with this approach (evil twin) is that it requires potential victims to
stumble on the access point and connect to it.
Question #4 Topic 1
Which term describes data packets that move in and out of the virtualized environment from
the host network or a corresponding traditional data center?




A. North-South traffic
B. Intrazone traffic
C. East-West traffic
D. Interzone traffic
North-South refers to data packets that move in and out of the virtualized environment from
the host network or a corresponding data center.
Question #5 Topic 1
Which organizational function is responsible for security automation and eventual vetting of
the solution to help ensure consistency through machine-driven responses to security issues?




A. NetOps
B. SecOps
C. SecDevOps
D. DevOps
SecOps needs to arm professionals to quickly identify and respond to threats. Must leverage
automation to reduce strain on analysts.
Question #8 Topic 1
On an endpoint, which method should you use to secure applications against exploits?




A. endpoint-based firewall
B. strong user passwords
C. full-disk encryption
D. software patches
New software vulnerabilities and exploits are discovered thus diligent software patch
management is required by system and security administrations.
Question #9 Topic 1
Which not-for-profit organization maintains the common vulnerability exposure catalog that is
available through their public website?




A. Department of Homeland Security
B. MITRE
C. Office of Cyber Security and Information Assurance
D. Cybersecurity Vulnerability Research Center
Question #10 Topic 1
Which Palo Alto Networks tools enable a proactive, prevention-based approach to network
automation that accelerates security analysis?




A. MineMeld
B. AutoFocus
C. WildFire
D. Cortex XDR
Cortex XDR brings a proactive approach to threat detection. Automatically detects
sophisticated attacks.
Question #11 Topic 1
Which endpoint product from Palo Alto Networks can help with SOC visibility?




A. STIX
B. Cortex XDR
C. WildFire
D. AutoFocus
It delivers visibility across all data, including endpoint, network and cloud data.
Question #12 Topic 1
Which technique changes protocols at random during a session?




A. use of non-standard ports
B. port hopping
C. hiding within SSL encryption
D. tunneling within commonly used services
Port hopping, in which ports and protocols are randomly changed during a session.
Question #13 Topic 1
What is the primary security focus after consolidating data center hypervisor hosts within trust
levels?




A. control and protect inter-host traffic using routers configured to use the Border
Gateway Protocol (BGP) dynamic routing protocol
B. control and protect inter-host traffic by exporting all your traffic logs to a sysvol log
server using the User Datagram Protocol (UDP)
C. control and protect inter-host traffic by using IPv4 addressing
D. control and protect inter-host traffic using physical network security appliances
This virtual systems capability enables a single physical to be used to simultaneously meet
the unique requirements of several VMs.
Question #14 Topic 1
Which product from Palo Alto Networks extends the Security Operating Platform with the
global threat intelligence and attack context needed to accelerate analysis, forensics, and
hunting workflows?




A. Global Protect
B. WildFire
C. AutoFocus
D. STIX
AutoFocus extends the product portfolio with the global threat intelligence and attack
context needed to acelerat analysis, forensics and hunting workflows.
Question #16 Topic 1
Which characteristic of serverless computing enables developers to quickly deploy application
code?




A. Uploading cloud service autoscaling services to deploy more virtual machines to run
their application code based on user demand
B. Uploading the application code itself, without having to provision a full container
image or any OS virtual machine components
C. Using cloud service spot pricing to reduce the cost of using virtual machines to run
their application code
D. Using Container as a Service (CaaS) to deploy application containers to run their
code.
In serverless apps, the dev uploads the app package itself, without a full container or any OS
components.
Question #17 Topic 1
Which key component is used to configure a static route?




A. router ID
B. enable setting
C. routing protocol
D. next hop IP address
When configuring a static router the next hop IP address needs to be defined.
Question #18 Topic 1
A native hypervisor runs:




A. with extreme demands on network throughput
B. only on certain platforms
C. within an operating system’s environment
D. directly on the host computer’s hardware
A type 1 hypervisor (native/bare metal) runs directly on the host’s computer hardware.
Question #19 Topic 1
Which Palo Alto Networks product provides playbooks with 300+ multivendor integrations that
help solve any security use case?




A. Cortex XSOAR
B. Prisma Cloud
C. AutoFocus
D. Cortex XDR
SOAR tools … before executing automatable, process-driven playbooks to enrich and
respond to these alerts
Question #20 Topic 1
Which activities do local organization security policies cover for a SaaS application?




A. how the data is backed up in one or more locations
B. how the application can be used
C. how the application processes the data
D. how the application can transit the Internet
Question #21 Topic 1
Which Palo Alto Networks subscription service complements App-ID by enabling you to
configure the next-generation firewall to identify and control access to websites and to protect
your organization from websites hosting malware and phishing pages?




A. Threat Prevention
B. DNS Security
C. WildFire
D. URL Filtering
URL filtering compliments App-ID by enabling you to configure the next-generation firewall
to identify and control access to websites and to protect your organization from websites
that host malware and phishing pages.
Question #22 Topic 1
Which option would be an example of PII that you need to prevent from leaving your
enterprise network?




A. Credit card number
B. Trade secret
C. National security information
D. A symmetric encryption key
PII is defined as any information about an individual including any information that can be
used to distinguish and trace an individual’s identity.
Question #23 Topic 1
Which network analysis tool can be used to record packet captures?




A. Smart IP Scanner
B. Wireshark
C. Angry IP Scanner
D. Netman
Question #24 Topic 1
Systems that allow for accelerated incident response through the execution of standardized
and automated playbooks that work upon inputs from security technology and other data
flows are known as what?




A. XDR
B. STEP
C. SOAR
D. SIEM
SOAR tools … before executing automatable, process-driven playbooks to enrich and
respond to these alerts
Question #25 Topic 1
Which Palo Alto Networks tool is used to prevent endpoint systems from running malware
executables such as viruses, trojans, and rootkits?




A. Expedition
B. Cortex XDR
C. AutoFocus
D. App-ID
Question #26 Topic 1
What does SIEM stand for?




A. Security Infosec and Event Management
B. Security Information and Event Management
C. Standard Installation and Event Media
D. Secure Infrastructure and Event Monitoring
Question #28 Topic 1
Which option is an example of a North-South traffic flow?




A. Lateral movement within a cloud or data center
B. An internal three-tier application
C. Client-server interactions that cross the edge perimeter
D. Traffic between an internal server and internal user
North-South refers to data packets that move in and out of the virtualized environment from
the host network or a corresponding data center.
Question #29 Topic 1
Which aspect of a SaaS application requires compliance with local organizational security
policies?




A. Types of physical storage media used
B. Data-at-rest encryption standards
C. Acceptable use of the SaaS application
D. Vulnerability scanning and management
Question #30 Topic 1
Which option describes the `selective network security virtualization` phase of incrementally
transforming data centers?




A. during the selective network security virtualization phase, all intra-host
communication paths are strictly controlled
B. during the selective network security virtualization phase, all intra-host traffic is
forwarded to a Web proxy server
C. during the selective network security virtualization phase, all intra-host traffic is
encapsulated and encrypted using the IPSEC protocol
D. during the selective network security virtualization phase, all intra-host traffic is
load balanced
Intra-host communications and live migrations are architected at this phase. All intra-host
communications paths are strictly controlled to ensure that traffic between VMs at different
trust levels is intermediated.
Question #31 Topic 1
Which TCP/IP sub-protocol operates at the Layer7 of the OSI model?




A. UDP
B. MAC
C. SNMP
D. NFS
Simple Network Management Protocol for collecting and organizing information about
managed devices on IP networks.
Layer 7 (Application layer) identifies and establishes availability of comms partners,
determines resource availability and synchronizes communication.
Question #32 Topic 1
Anthem server breaches disclosed Personally Identifiable Information (PII) from a number of
its servers. The infiltration by hackers was attributed to which type of vulnerability?




A. an intranet-accessed contractor's system that was compromised
B. exploitation of an unpatched security vulnerability
C. access by using a third-party vendor's password
D. a phishing scheme that captured a database administrator's password
Question #33 Topic 1
Routing Information Protocol (RIP), uses what metric to determine how network traffic should
flow?




A. Shortest Path
B. Hop Count
C. Split Horizon
D. Path Vector
It implements a hop limit of 15 which limits the size of networks to prevent routing loops.
Question #34 Topic 1
Why is it important to protect East-West traffic within a private cloud?




A. All traffic contains threats, so enterprises must protect against threats across the
entire network
B. East-West traffic contains more session-oriented traffic than other traffic
C. East-West traffic contains more threats than other traffic
D. East-West traffic uses IPv6 which is less secure than IPv4
Question #35 Topic 1
Which IPsec feature allows device traffic to go directly to the Internet?




A. Split tunneling
B. Diffie-Hellman groups
C. d.Authentication Header (AH)
D. IKE Security Association
Split tunneling allows internet traffic from the device to go directly to the internet.
Question #36 Topic 1
Which attacker profile uses the internet to recruit members to an ideology, to train them, and
to spread fear and include panic?




A. Cybercriminals
B. state-affiliated groups
C. hacktivists
D. cyberterrorists
Cyberterrorists: Terrorist organizations use the internet to recruit, train, instruct, and
communicate, and to spread fear and panic to advance their ideologies.
Question #37 Topic 1
What are two key characteristics of a Type 1 hypervisor? (Choose two.)




A. is hardened against cyber attacks
B. runs without any vulnerability issues
C. runs within an operating system
D. allows multiple, virtual (or guest) operating systems to run concurrently on a
single physical host computer
Question #38 Topic 1
The customer is responsible only for which type of security when using a SaaS application?




A. physical
B. platform
C. data
D. infrastructure
Security of the data is the customer’s responsibility.
Question #39 Topic 1
Which Palo Alto subscription service identifies unknown malware, zero-day exploits, and
advanced persistent threats (APTs) through static and dynamic analysis in a scalable, virtual
environment?




A. DNS Security
B. URL Filtering
C. WildFire
D. Threat Prevention
Wildfire is a cyber threat prevention service that identifies unknown malware, zero-day
threats and ATPs through static and dynamic analysis.
Question #40 Topic 1
In which step of the cyber-attack lifecycle do hackers embed intruder code within seemingly
innocuous files?




A. weaponization
B. reconnaissance
C. exploitation
D. delivery
Attackers determine which methods to use to compromise a target endpoint. They may
choose to embed intruder code with seemingly innocuous files or customize deliverables to
match specific interests of an individual.
Question #41 Topic 1
Which endpoint tool or agent can enact behavior-based protection?




A. AutoFocus
B. Cortex XDR
C. DNS Security
D. MineMeld
Question #42 Topic 1
Which tool supercharges security operations center (SOC) efficiency with the world's most
comprehensive operating platform for enterprise security?




A. Prisma SAAS
B. WildFire
C. Cortex XDR
D. Cortex XSOAR
Cortex XSOAR enhances SOC efficiency with the world’s most comprehensive operation
platform for enterprise security. It unifies case management, automation, real-time
collaboration and native threat intelligence.
Question #43 Topic 1
During the OSI layer 3 step of the encapsulation process, what is the Protocol Data Unit (PDU)
called when the IP stack adds source (sender) and destination
(receiver) IP addresses?




A. Frame
B. Segment
C. Packet
D. Data
The IP stack adds source and destination addresses to the TCP segment (which is now called
an IP packet).
Question #44 Topic 1
Which core component is used to implement a Zero Trust architecture?




A. VPN Concentrator
B. Content Identification
C. Segmentation Platform
D. Web Application Zone
For a full zero trust implementation, the network should be configured to ensure everything
in the same trust zone is intermediated by the corresponding zero trust segmentation
platform.
Question #45 Topic 1
In addition to local analysis, what can send unknown files to WildFire for discovery and deeper
analysis to rapidly detect potentially unknown malware?




A. Cortex XDR
B. AutoFocus
C. MineMild
D. Cortex XSOAR
Cortex XDR can send unknown files to WildFire for discovery and deeper analysis.
Question #46 Topic 1
On an endpoint, which method is used to protect proprietary data stored on a laptop that has
been stolen?




A. operating system patches
B. full-disk encryption
C. periodic data backups
D. endpoint-based firewall
If an encrypted disk is lost, stolen, or placed into another computed, the encrypted state of
the drive remains unchanged, only an authorized user can access its contents.
Question #47 Topic 1
Why have software developers widely embraced the use of containers?




A. Containers require separate development and production environments to promote
authentic code.
B. Containers share application dependencies with other containers and with their
host computer.
C. Containers simplify the building and deploying of cloud native applications.
D. Containers are host specific and are not portable across different virtual machine
hosts.
Containers balance separation, excellent compatibility with existing apps, and a high degree
of operational control with good density potential and easy integration into software
development flows.
Question #48 Topic 1
When signature-based antivirus software detects malware, what three things does it do to
provide protection? (Choose three.)




A. decrypt the infected file using base64
B. alert system administrators
C. quarantine the infected file
D. delete the infected file

E. remove the infected file's extension
For signature-based threats the system administrators don’t need to be alerted
Question #49 Topic 1
Which option is a Prisma Access security service?




A. Compute Security
B. Firewall as a Service (FWaaS)
C. Virtual Private Networks (VPNs)
D. Software-defined wide-area networks (SD-WANs)
Prisma access provides FWaaS that protects branch offices from threats while also providing
the security services expected from a new generation firewall.
Question #50 Topic 1
Which pillar of Prisma Cloud application security addresses ensuring that your cloud resources
and SaaS applications are correctly configured?




A. visibility, governance, and compliance
B. network protection
C. dynamic computing
D. compute security
Ensuring that your cloud resources and SaaS applications are correctly configured and
adhere to your organization’s security standards from day one is essential to prevent
successful attacks.
Question #51 Topic 1
Which item accurately describes a security weakness that is caused by implementing a `ports
first` data security solution in a traditional data center?




A. You may have to use port numbers greater than 1024 for your business-critical
applications.
B. You may have to open up multiple ports and these ports could also be used to
gain unauthorized entry into your datacenter.
C. You may not be able to assign the correct port to your business-critical applications.
D. You may not be able to open up enough ports for your business-critical applications
which will increase the attack surface area.
Many data center applications use a wide range of contiguous ports to function properly.
You therefore must open all those ports first, which then exposes those same ports to other
applications or cyberthreats.
Question #53 Topic 1
Which statement describes DevOps?




A. DevOps is its own separate team
B. DevOps is a set of tools that assists the Development and Operations teams
throughout the software delivery process
C. DevOps is a combination of the Development and Operations teams
D. DevOps is a culture that unites the Development and Operations teams
throughout the software delivery process
DevOps is not a combination of dev and ops teams; its own separate team; a tool or set of
tools.
Question #54 Topic 1
Which product from Palo Alto Networks enables organizations to prevent successful
cyberattacks as well as simplify and strengthen security processes?




A. Expedition
B. AutoFocus
C. MineMeld
D. Cortex XDR
From a business perspective, XDR platforms enable organization to prevent successful
cyberattacks as well as simplify and strengthen security processes.
Question #55 Topic 1
Which network firewall operates up to Layer 4 (Transport layer) of the OSI model and
maintains information about the communication sessions which have been established
between hosts on trusted and untrusted networks?




A. Group policy
B. Stateless
C. Stateful
D. Static packet-filter
Stateful packet inspection firewalls have the following characteristics: operate up to layer 4;
inspect individual packet headers; maintain state information about the communication
sessions.
Question #56 Topic 1
Which subnet does the host 192.168.19.36/27 belong?




A. 192.168.19.0
B. 192.168.19.16
C. 192.168.19.64
D. 192.168.19.32
/27 has 32 available IP addresses.
Question #58 Topic 1
How does adopting a serverless model impact application development?




A. costs more to develop application code because it uses more compute resources
B. slows down the deployment of application code, but it improves the quality of code
development
C. reduces the operational overhead necessary to deploy application code
D. prevents developers from focusing on just the application code because you need
to provision the underlying infrastructure to run the code
Serverless computing reduces costs, Increases agility and reduces operational overhead over
CaaS models.
Question #59 Topic 1
In addition to integrating the network and endpoint components, what other component does
Cortex integrate to speed up IoC investigations?




A. Computer
B. Switch
C. Infrastructure
D. Cloud
Cortex XDR breaks the silos of traditional detection and response by natively integrating
network, endpoint and cloud data to stop sophisticated attacks.
Question #61 Topic 1
In SecOps, what are two of the components included in the identify stage? (Choose two.)




A. Initial Research
B. Change Control
C. Content Engineering
D. Breach Response
The identify stage has 5 components: Alerting; Content Engineering; Initial Research;
Severity Triage; Escalation Process
Question #62 Topic 1
Data Loss Prevention (DLP) and Cloud Access Security Broker (CASB) fall under which Prisma
access service layer?




A. Network
B. Management
C. Cloud
D. Security
A SASE solution converges networking and security services into one unified, cloud-delivered
solution, that includes, among others, Networking and Security.
Question #63 Topic 1
In which two cloud computing service models are the vendors responsible for vulnerability and
patch management of the underlying operating system? (Choose two.)




A. SaaS
B. PaaS
C. On-premises
D. IaaS
In SaaS, the customer is only responsible for data security and does not manage or has
knowledge of the underlying infrastructure. In PaaS, the customer can deploy supported
apps but its only responsible of the deployed apps and data security, does not manage or
know about the underlying infrastructure.
Question #64 Topic 1
SecOps consists of interfaces, visibility, technology, and which other three elements? (Choose
three.)





A. People
B. Accessibility
C. Processes
D. Understanding
E. Business
The six pillars of SecOps are: Business; People; Interfaces; Visibility; Technology; Processes.
Question #65 Topic 1
Which IoT connectivity technology is provided by satellites?




A. 4G/LTE
B. VLF
C. L-band
D. 2G/2.5G
Satellite: C-band is used for some WiFi devices and weather radar systems. L-band is used for
radar, gps, radio and telecoms.
Question #66 Topic 1
What does Palo Alto Networks Cortex XDR do first when an endpoint is asked to run an
executable?




A. run a static analysis
B. check its execution policy
C. send the executable to WildFire
D. run a dynamic analysis
Question #67 Topic 1
What is the key to `taking down` a botnet?




A. prevent bots from communicating with the C2
B. install openvas software on endpoints
C. use LDAP as a directory service
D. block Docker engine software on endpoints
The key to taking down a botnet is to separate the bots from their C2 server. If the bots can’t
communicate with their server, they cannot get new instructions.
Question #68 Topic 1
How does Prisma SaaS provide protection for Sanctioned SaaS applications?




A. Prisma SaaS connects to an organizations internal print and file sharing services to
provide protection and sharing visibility
B. Prisma SaaS does not provide protection for Sanctioned SaaS applications because
they are secure
C. Prisma access uses Uniform Resource Locator (URL) Web categorization to provide
protection and sharing visibility
D. Prisma SaaS connects directly to sanctioned external service providers SaaS
application service to provide protection and sharing visibility
Prisma SaaS connects directly to the apps themselves, providing continuous silent
monitoring of the risks within sanctioned SaaS apps.
Question #69 Topic 1
Which type of Software as a Service (SaaS) application provides business benefits, is fast to
deploy, requires minimal cost and is infinitely scalable?




A. Benign
B. Tolerated
C. Sanctioned
D. Secure
Question #70 Topic 1
How does DevSecOps improve the Continuous Integration/Continuous Deployment (CI/CD)
pipeline?




A. DevSecOps improves pipeline security by assigning the security team as the lead
team for continuous deployment
B. DevSecOps ensures the pipeline has horizontal intersections for application code
deployment
C. DevSecOps unites the Security team with the Development and Operations teams to
integrate security into the CI/CD pipeline
D. DevSecOps does security checking after the application code has been processed
through the CI/CD pipeline
Question #72 Topic 1
An Administrator wants to maximize the use of a network address. The network is
192.168.6.0/24 and there are three subnets that need to be created that can not overlap.
Which subnet would you use for the network with 120 hosts?
Requirements for the three subnets:
Subnet 1: 3 host addresses Subnet 2: 25 host addresses Subnet 3: 120 host addresses 



A. 192.168.6.168/30
B. 192.168.6.0/25
C. 192.168.6.160/29
D. 192.168.6.128/27
Question #73 Topic 1
Which two network resources does a directory service database contain? (Choose two.)




A. Services
B. /etc/shadow files
C. Users
D. Terminal shell types on endpoints
Question #74 Topic 1
Which model would a customer choose if they want full control over the operating system(s)
running on their cloud computing platform?


A. SaaS
B. DaaS


C. PaaS
D. IaaS
Question #75 Topic 1
What is a key advantage and key risk in using a public cloud environment?




A. Multi-tenancy
B. Dedicated Networks
C. Dedicated Hosts
D. Multiplexing
Question #76 Topic 1
Which three layers of the OSI model correspond to the Application Layer (L4) of the TCP/IP
model?




A. Session, Transport, Network
B. Application, Presentation, and Session
C. Physical, Data Link, Network
D. Data Link, Session, Transport
Question #77 Topic 1
Which NGFW feature is used to provide continuous identification, categorization, and control
of known and previously unknown SaaS applications?




A. User-ID
B. Device-ID
C. App-ID
D. Content-ID
Question #78 Topic 1
What is a common characteristic of serverless and containers?




A. run for prolonged period of time
B. run on specific hosting platforms
C. automate and dynamically scale workloads
D. open source
Question #79 Topic 1
Which method is used to exploit vulnerabilities, services, and applications?




A. encryption
B. port scanning
C. DNS tunneling
D. port evasion
Question #80 Topic 1
Which security component should you configure to block viruses not seen and blocked by the
perimeter firewall?




A. endpoint antivirus software
B. strong endpoint passwords
C. endpoint disk encryption
D. endpoint NIC ACLs
Question #86 Topic 1
What differentiates Docker from a bare metal hypervisor?




A. Docker lets the user boot up one or more instances of an operating system on the
same host whereas hypervisors do not
B. Docker uses more resources than a bare metal hypervisor
C. Docker is more efficient at allocating resources for legacy systems
D. Docker uses OS-level virtualization, whereas a bare metal hypervisor runs
independently from the OS
Question #87 Topic 1
On which security principle does virtualization have positive effects?




A. integrity
B. confidentiality
C. availability
D. non-repudiation
Question #88 Topic 1
Which type of malware takes advantage of a vulnerability on an endpoint or server?




A. technique
B. patch
C. vulnerability
D. exploit
Question #90 Topic 1
What protocol requires all routers in the same domain to maintain a map of the network?




A. EIGRP
B. Static
C. RIP
D. OSPF
Question #91 Topic 1
A doctor receives an email about her upcoming holiday in France. When she clicks the URL
website link in the email, the connection is blocked by her office firewall because it's a known
malware website. Which type of attack includes a link to a malware website in an email?




A. whaling
B. phishing
C. pharming
D. spam
Question #92 Topic 1
With regard to cloud-native security in layers, what is the correct order of the four C's from the
top (surface) layer to the bottom (base) layer?




A. container, code, cluster, cloud
B. code, container, cluster, cloud
C. code, container, cloud, cluster
D. container, code, cloud, cluster
Question #93 Topic 1
Under which category does an application that is approved by the IT department, such as
Office 365, fall?




A. unsanctioned
B. prohibited
C. tolerated
D. sanctioned
Question #94 Topic 1
What is used to orchestrate, coordinate, and control clusters of containers?




A. Kubernetes
B. Prisma Saas
C. Docker
D. CN-Series
Question #95 Topic 1
A security team is looking for a solution that will offer them real-time analysis of security logs
as well as compliance-management and event-correlation features.
Which solution is the most suitable?




A. SOAR
B. antivirus
C. SIEM
D. IDS
TestTrainning
An organization’s network has been experiencing frequent cyber attacks, which have
resulted in data breaches and system downtime. What type of attack is most likely
responsible for this issue?




A) Phishing
B) SQL Injection
C) Denial of Service (DoS)
D) Cross-Site Scripting (XSS)
A network administrator has received a warning from the security system about a
suspicious IP address that is sending high volumes of traffic to the network. What
type of cyber attack is this likely to be?




A) Phishing
B) SQL Injection
C) Distributed Denial of Service (DDoS)
D) Cross-Site Scripting (XSS)
A user reports that they have received an email with a link to a fake website, asking
them to enter their login credentials. What type of cyber attack is this likely to be?




A) Phishing
B) SQL Injection
C) Denial of Service (DoS)
D) Cross-Site Scripting (XSS)
An attacker has managed to inject malicious code into a website, which executes
when a user visits the website. What type of cyber attack is this likely to be?




A) Phishing
B) SQL Injection
C) Denial of Service (DoS)
D) Cross-Site Scripting (XSS)
A network administrator has noticed that a database has been accessed and
modified by an unauthorized user. What type of cyber attack is this likely to be?




A) Phishing
B) SQL Injection
C) Denial of Service (DoS)
D) Cross-Site Scripting (XSS)
An organization’s firewall has been configured to block all incoming traffic from
known malicious IP addresses. What type of security measure is this?



A) Whitelisting
B) Blacklisting
C) Firewall

D) Antivirus
An organization has implemented a security policy that only allows employees to
access specific websites and applications while on the network. What type of
security measure is this?




A) Whitelisting
B) Blacklisting
C) Firewall
D) Antivirus
An organization has installed a software that examines all incoming and outgoing
network traffic and blocks any traffic that does not meet the security policy. What
type of security measure is this?




A) Whitelisting
B) Blacklisting
C) Firewall
D) Antivirus
An organization has installed a software on all of its computers that detects and
removes any malicious software. What type of security measure is this?




A) Whitelisting
B) Blacklisting
C) Firewall
D) Antivirus
An organization has implemented a security policy that requires all employees to use
strong passwords and regularly change them. What type of security measure is this?




A) Whitelisting
B) Blacklisting
C) Firewall
D) Password policy
Basic Sample Questions
Question 1. What is required for a SIEM to function properly to ensure an accurate translation of flow
between the system of interest and the SIEM data lake?



A. connectors and interfaces
B. infrastructure and containers
C. containers and developers

D. data center and UPS
Question 2. What is the term used to describe data packets that move from and into a virtualized
environment from the host network or corresponding traditional data center?




A. North-South traffic
B. Intrazone traffic
C. East-West traffic
D. Interzone traffic
Question 3. Security automation and security vetting of the solution to ensure consistency through
machine-driven responses to security issues is the responsibility of which function within the
organization?




A. NetOps
B. SecOps
C. SecDevOps
D. DevOps
Question 4. What is the best method to protect applications against exploits on an endpoint?




A. endpoint-based firewall
B. strong user passwords
C. full-disk encryption
D. software patches
Question 5. What Palo Alto Networks tools make network automation proactive, prevention-based,
and expedite security analysis?




A. Mine-Meld
B. AutoFocus
C. WildFire
D. Cortex XDR
Question 6. Which of Palo Alto Networks’ endpoint products can help with SOC visibility?



A. STIX
B. Cortex XDR
C. WildFire

D. AutoFocus
Question 7. Being a Palo Alto Certified Cybersecurity Entry-level Technician (PCCET), when
consolidating data center hypervisors within trust levels, what would be your primary focus in terms
of security?




A. controlling and protecting inter-host traffic using routers configured for
using the Border Gateway Protocol (BGP) dynamic routing protocol
B. controlling and protecting inter-host traffic by exporting all traffic logs to a
Sysvol log server using the User Datagram Protocol (UDP)
C. controlling and protecting inter-host traffic using IPv4 addressing
D. controlling and protecting inter-host traffic using physical network security
appliances
Question 8. Which product is offered by Palo Alto Networks that extends its Security Operating
Platform with global threat intelligence and attack context allowing for faster and more accurate
analysis, forensics, and hunting workflows?




A. Global Protect
B. WildFire
C. AutoFocus
D. STIX
Question 9. How does serverless computing enable developers to deploy applications more quickly?




A. By uploading cloud service auto-scaling services for deploying more virtual
machines for running their application code based on user demand
B. By uploading the application code itself, without provisioning a full container
image or any OS virtual machine components
C. By using cloud service spot pricing for a reduction in the cost of using virtual
machines for running their application code
D. By using Container as a Service (CaaS) for deploying application containers to
run their code.
Question 10. Playbooks are available with 300+ multivendor integrations with which Palo Alto
Networks products help solve any security use case?




A. Cortex XSOAR
B. Prisma Cloud
C. AutoFocus
D. Cortex XDR
Question 11. As a complement to Palo Alto Networks App-ID, which subscription service enables you
to configure the next-generation firewall to identify and control website access, as well as protect
your organization from malicious websites?




A. Threat Prevention
B. DNS Security
C. WildFire
D. URL Filtering
Question 12. What is the technical term for systems that allow for improved incident response by
executing standardized and automated playbooks and using input from security technology and other
data flows?




A. XDR
B. STEP
C. SOAR
D. SIEM
Question 13. Which network analysis program allows you to record packet captures?




A. Smart IP Scanner
B. Wireshark
C. Angry IP Scanner
D. Netman
Question 14. What does SIEM stand for?




A. Security Infosec and Event Management
B. Security Information and Event Management
C. Standard Installation and Event Media
D. Secure Infrastructure and Event Monitoring
Question 15. Which of the below options is an example of a North-South traffic flow?




A. Lateral movement within a cloud or data center
B. An internal three-tier application
C. Client-server interactions crossing the edge perimeter
D. Traffic between an internal server and internal user
Question 16. Being a PCCET, to prevent malware executables such as viruses, trojans, and rootkits
from running on endpoint systems, which Palo Alto Networks tool is used?




A. Expedition
B. Cortex XDR
C. AutoFocus
D. App-ID
Question 17. Which of the following options is an example of PII that is needed for preventing
someone from leaving your enterprise network?




A. Credit card number
B. Trade secret
C. National security information
D. A symmetric encryption key
Question 18. Which activities are covered by local organization security policies for a SaaS
application?




A. how the data is being backed up in one or more locations
B. how the application could be used
C. how the application is processing the data
D. how the application could transit the Internet
Question 19. For maintaining the common vulnerability exposure catalog available through their
public website, which not-for-profit organization is responsible?




A. Department of Homeland Security
B. MITRE
C. Cyber Security and Information Assurance
D. Cybersecurity Vulnerability Research Center
Question 20. For changing protocols at random during a session, which technique is used as a Palo
Alto Certified Cybersecurity Entry-level Technician (PCCET)?




A. using non-standard ports
B. port hopping
C. hiding within SSL encryption
D. tunneling within commonly used services
Free Brain Dumps PCCET Exercises
Question: 1
Which analysis detonates previously unknown submissions in a custom-built, evasionresistant virtual environment to determine real-world effects and behavior?
A.
B.
C.
D.
Dynamic
Pre-exploit protection
Bare-metal
Static
Question: 2
When developing SOC business objectives, what is the primary purpose behind
planning?
A.
B.
C.
D.
Ensuring that the business has clear business objectives
Demonstrating a clear ROI for security operations
Providing a long-term investment strategy
Preparing for mergers and acquisitions
Question: 3
Which option is a sequence of events that an attacker would perform to in ltrate a
network and steal data?
A.
B.
C.
D.
Advanced persistent threats
Cyber-attack lifecycle
Evil twin
Spamming botnets
Question: 4
Which application types are not provided by IT but are allowed with restrictions
because of their business bene ts?
A.
B.
C.
D.
Unsanctioned
Monitored
Tolerated
Sanctioned
Question: 5
How does Cortex XSOAR improve the e ciency of security operations?
A. It controls who has access to resources on the network with user and permission
mapping.
B. It aggregates logs from multiple sources that are viewable via a query language.
C. It enriches and responds to incidents and alerts via process-driven playbooks.
D. It delivers consistent security to mobile users and remote networks.
Question: 6
Which two malware types can replicate themselves? (Choose two.)
A.
B.
C.
D.
Worm
Virus
Ransomware
Trojan horse
Question: 7
What inspects data that is egressing a network and prevents certain sensitive data
based on de ned policies from leaving the network?
A. Secure sockets Layer (SSL)
B. Public key infrastructure (PKI)
C. Internet protocol security (IPsec)
D. Data loss prevention (DLP)
Question: 8
Which technique is used to limit information about lost or stolen mobile devices?
A.
B.
C.
D.
Remote erase/wipe
De-centralized software upgrades
Provide jailbreaking tools
Unrestricted geo-location
Question: 9
Which security model relies on the assumption that everything on the internal network
can be trusted?
A. Perimeter-based security model
B. OSI model
C. Cloud Computing model
D. Zero Trust security model
Question: 10
What are three capabilities of mobile device management? (Choose three.)
A.
B.
C.
D.
E.
Exploit protection
Advanced data loss prevention
Remote erase/wipe
Container-based endpoint protection
Malware protection
Question: 11
What is the goal of a watering hole attack?
A. Compromise websites that are likely to be visited by a targeted victim
B. Target senior executives or other high-pro le individuals within an organization
C. Use speci c information about the target to make the phishing attempt appear
legitimate
D. Redirect a legitimate website's tra c to a fake site
Question: 12
Which capability of the network-as-a-service layer uses the philosophy of "never trust,
always verify"?
A.
B.
C.
D.
Zero Trust network access (ZTNA)
Software-de ned wide area network (SD-WAN)
Quality of service (QoS)
Virtual private network (VPN)
Question: 13
What is the port for SMTP?
A.
B.
C.
D.
25
80
21
8080
Question: 14
Which law strengthens data protection for EU residents and addresses the export of
personal data outside the EU?
A. European Union (EU) Network and Information Security (NIS) Directive
B. The e-Privacy Directive (ePD)
C. Payment Card Industry Data Security Standard (PCI DSS)
D. European Union (EU) General Data Protection Regulation (GDPR)
Question: 16
Which type of rewall con guration should be deployed to protect north-south tra c?
A.
B.
C.
D.
High-throughput appliance deployed as stand-alone
Virtualized rewall deployed in stand-alone
High-throughput appliance deployed in high availability
Virtualized rewall deployed in high availability
Question: 17
What does the MITRE ATT&CK matrix techniques contain?
A.
B.
C.
D.
A set of speci c implementations an attacker uses for techniques.
A set of techniques to be used after an attack has occurred.
A set of techniques used by adversaries to accomplish an objective.
A set of goals or reasoning for performing an action.
Question: 18
Which network is using a subnet mask of 255.255.255.192?
A.
B.
C.
D.
192.10.100.0/26
172.16.72.0/29
172.168.5.0/27
192.168.100.0/24
Question: 19
In a Software-as-a-Service (SaaS) environment, which two data exposures result from
well-intentioned end users? (Choose two.)
A.
B.
C.
D.
Malicious Outsider
Promiscuous Share
Ghost Share
Malicious Insider
Question: 20
Which core NGFW subscription service defends networks from advanced persistent
threats (APTs)?
A.
B.
C.
D.
WildFire
DNS Security
Threat Prevention
URL Filtering
Question: 21
Before incorporating the DevSecOps process, when was security applied in the
software-development lifecycle?
A.
B.
C.
D.
In every step of the lifecycle
Right in the middle
Right at the end, after the development ended
Right at the beginning, before the development started
Question: 22
Which protocol is responsible for the translation of an IP address to a MAC address?
A.
B.
C.
D.
DNS
ARP
NAT
DHCP
Question: 23
An administrator has just completed the "Consolidating servers within trust levels"
phase of hybrid data-center security.
Which phase does the administrator perform next?
A.
B.
C.
D.
Selective network security virtualization
Dynamic computing fabric
Generate server inventory
Consolidating servers across trust levels
Question: 24
In what way does a DDoS attack differ from a DoS attack?
A. It typically uses a script or a tool to carry out the attack from a single machine.
B. It tries to cause denial-of-service on the target network.
C. It uses a network of bots to overwhelm a target network.
D. It originates from a single source.
Question: 25
Which solution was designed to help organizations embrace cloud and mobility by
providing network and network security services from a common cloud-delivered
architecture?
A.
B.
C.
D.
Secure access service edge (SASE)
Next-Generation Firewall (NGFW)
Software as a service (SaaS)
Security orchestration automation and response (SOAR)
Question: 26
Which two characteristics are associated with a security zone? (Choose two.)
A.
B.
C.
D.
Perimeter-based network security
Trust levels
Cloud-based network security
Segmentation
Question: 27
What is a characteristic of the National Institute Standards and Technology (NIST) de
ned cloud computing model?
A.
B.
C.
D.
requires the use of only one cloud service provider
enables on-demand network services
requires the use of two or more cloud service providers
de nes any network service
Question: 28
Which three services are part of Prisma SaaS? (Choose three.)
A.
B.
C.
D.
E.
Data Loss Prevention
DevOps
Denial of Service
Data Exposure Control
Threat Prevention
Question: 29
Based on how much is managed by the vendor, where can CaaS be situated in the
spread of cloud computing services?
A.
B.
C.
D.
between PaaS and FaaS
between IaaS and PaaS
between On-Prem and IaaS
between FaaS and Serverless
Question: 30
In a traditional data center what is one result of sequential tra c analysis?
A.
B.
C.
D.
simpli es security policy management
reduces network latency
causes security policies to be complex
improves security policy application ID enforcement
Question: 31
Which attacker pro le acts independently or as part of an unlawful organization?
A.
B.
C.
D.
cybercriminal
cyberterrorist
state-a liated group
hacktivist
Question: 32
What does SOAR technology use to automate and coordinate work ows?
A.
B.
C.
D.
algorithms
Cloud Access Security Broker
Security Incident and Event Management
playbooks
Question: 33
What are three bene ts of SD-WAN infrastructure? (Choose three.)
A. Improving performance of SaaS applications by requiring all tra c to be back-hauled
through the corporate headquarters network
B. Promoting simplicity through the utilization of a centralized management structure
C. Utilizing zero-touch provisioning for automated deployments
D. Leveraging remote site routing technical support by relying on MPLS
E. Improving performance by allowing e cient access to cloud-based resources without
requiring back-haul tra c to a centralized location
Question: 34
From which resource does Palo Alto Networks AutoFocus correlate and gain URL
ltering intelligence?
A.
B.
C.
D.
Unit 52
PAN-DB
BrightCloud
MineMeld
Question: 35
Which type of malware replicates itself to spread rapidly through a computer
network?
A.
B.
C.
D.
ransomware
Trojan horse
virus
worm
Question: 36
Which classi cation of IDS/IPS uses a database of known vulnerabilities and attack pro
les to identify intrusion attempts?
A.
B.
C.
D.
Statistical-based
Knowledge-based
Behavior-based
Anomaly-based
Question: 37
In an IDS/IPS, which type of alarm occurs when legitimate tra c is improperly identi ed
as malicious tra c?
A.
B.
C.
D.
False-positive
True-negative
False-negative
True-positive
Question: 38
Which network device breaks networks into separate broadcast domains?
A.
B.
C.
D.
Hub
Layer 2 switch
Router
Wireless access point
Question: 39
Identify a weakness of a perimeter-based network security strategy to protect an
organization's endpoint systems.
A.
B.
C.
D.
It cannot identify command-and-control tra c
It assumes that all internal devices are untrusted
It assumes that every internal endpoint can be trusted
It cannot monitor all potential network ports
Question: 40
A user is provided access over the internet to an application running on a cloud
infrastructure. The servers, databases, and code of that application are hosted and
maintained by the vendor.
Which NIST cloud service model is this?
A.
B.
C.
D.
IaaS
SaaS
PaaS
CaaS
Question: 41
What should a security operations engineer de when reviewing suspicious, but
successful, login activity?
A.
B.
C.
D.
Immediately disable the suspicious user until they conclude their investigation.
Look for other types of suspicious activity in the moments before or after the login.
Inspect the network rewall for any open ports and include those in their investigation.
Review who else was logged in at the same time and inspect all active user accounts.
Question: 42
Which regulation is speci cally mandated to payment account data security?
A.
B.
C.
D.
GLBA
PCI DSS
EU GDPR
SOX
Question: 43
For which three platforms does the SASE solution provide consistent security services
and access? (Choose three.)
A.
B.
C.
D.
E.
On-site
Software as a service (SaaS)
Private cloud
Public cloud
On-premises
Question: 44
Which type of le sharing occurs when an employee shares a le with another user who
then shares with other people who shouldn't have access?
A.
B.
C.
D.
Ghost
Trusted
Promiscuous
Accidental
Question: 45
Which type of organization bene ts most from the features SD-WAN offers?
A.
B.
C.
D.
Businesses with one o ce and many remote employees
Small businesses in a single location
Large businesses with a single location
Businesses with several branches
Question: 46
What is an example of a Web 3.0 application?
A.
B.
C.
D.
Github
Bitcoin
Pinterest
Facebook
Question: 47
What are two effective ways to prevent port scanning? (Choose two.)
A.
B.
C.
D.
Inspect network tra c ows.
Install GlobalProtect.
Implement continuous monitoring.
Virtualize network tra c.
Question: 48
Which protocol is used by both internet service providers (ISPs) and network service
providers (NSPs)?
A.
B.
C.
D.
Routing Information Protocol (RIP)
Border Gateway Protocol (BGP)
Open Shortest Path First (OSPF)
Split horizon
Question: 49
Which of the following is a service that allows you to control permissions assigned to
users in order for them to access and utilize cloud resources?
A.
B.
C.
D.
User-ID
Lightweight Directory Access Protocol (LDAP)
User and Entity Behavior Analytics (UEBA)
Identity and Access Management (IAM)
Question: 50
Which two tools are used for both DevOps and software development? (Choose two.)
A.
B.
C.
D.
Scikit-learn
Jenkins
Tensor ow
Git
Question: 51
What is the function of SOAR?
A. It records, monitors, correlates, and analyzes the security events in an IT environment
in real time.
B. It helps with the coordination, execution, and automation of tasks between people
and tools for faster response to cybersecurity attacks.
C. It collects, integrates, and normalizes your security data to simplify your security
operations.
D. It provides prevention, detection, response, and investigation of attacks and threats by
gathering and integrating all security data.
Question: 52
Which feature of the VM-Series rewalls allows them to fully integrate into the DevOps
work ows and CI/CD pipelines without slowing the pace of business?
A.
B.
C.
D.
Elastic scalability
5G
External dynamic lists
Log export
Question: 53
You received an email, allegedly from a bank, that asks you to click a malicious link to
take action on your account.
Which type of attack is this?
A.
B.
C.
D.
Whaling
Spamming
Spear phishing
Phishing
Question: 55
In which type of Wi-Fi attack does the attacker intercept and redirect the victim's web
tra c to serve content from a web server it controls?
A. Evil Twin
B. Emotet
C. Meddler-in-the-middle
D. Jasager
Question: 56
Web 2.0 applications provide which type of service?
A.
B.
C.
D.
SaaS
FWaaS
IaaS
PaaS
Question: 57
What type of DNS record maps an IPV6 address to a domain or subdomain to another
hostname?
A.
B.
C.
D.
SOA
NS
AAAA
MX
Question: 58
Which two statements are true about servers in a demilitarized zone (DMZ)? (Choose
two.)
A.
B.
C.
D.
They can be accessed by tra c from the internet.
They are located in the internal network.
They can expose servers in the internal network to attacks.
They are isolated from the internal network.
Which two pieces of information are considered personally identi able information
(PII)? (Choose two.)
A.
B.
C.
D.
Birthplace
Login 10
Profession
Name
Question: 60
TCP is the protocol of which layer of the OSI model?
A.
B.
C.
D.
Transport
Session
Data Link
Application
Question: 61
What is the purpose of SIEM?
A.
B.
C.
D.
Securing cloud-based applications
Automating the security team's incident response
Real-time monitoring and analysis of security events
Filtering webpages employees are allowed to access
Question: 62
Which network rewall primarily lters tra c based on source and destination IP address?
A.
B.
C.
D.
Proxy
Stateful
Stateless
Application
Question: 63
Which capability of a Zero Trust network security architecture leverages the
combination of application, user, and content identi cation to prevent unauthorized
access?
A.
B.
C.
D.
Cyber threat protection
Inspection of all tra c
Least privileges access control
Network segmentation
Question: 64
Which statement is true about advanced persistent threats?
A.
B.
C.
D.
They use script kiddies to carry out their attacks.
They have the skills and resources to launch additional attacks.
They lack the nancial resources to fund their activities.
They typically attack only once.
Question: 65
What are three bene ts from leveraging Cortex XSIAM for threat intelligence
management? (Choose three.)
A.
B.
C.
D.
E.
Gain con dence in incident response decisions
Automate repetitive daily indicator management tasks
Get instant ROI from existing threat intel feeds
Easier troubleshooting because it is open-source
Reduce analyst fatigue and turnover
Question: 66
Which two of the following are CaaS services? (Choose two.)
A.
B.
C.
D.
Amazon ECS
Google Edge TPU
Azure AKS
IBM Cloudant
Question: 67
What is a method a security operating platform uses to reduce threats?
A. Enabling applications based on user and device requirements and blocking unneeded
applications
B. Allowing all SaaS applications
C. Enabling all cloud native applications that are part of the Dev/Sec/Ops CI/CD pipeline
D. Disabling all SaaS applications
Question: 68
What are the three main reasons for the introduced risks associated with IoT devices?
(Choose three.)
A.
B.
C.
D.
E.
IoT devices are unencrypted and unsecured.
IoT devices are assumed to be visible to IT teams.
IoT cyberattacks are targeting legacy protocols.
IoT devices only rely on a wired connection.
Internet of Medical Things (IoMT) devices are running outdated software.
Question: 69
Which type of SaaS application offers no business bene ts and creates risk for an
organization?
A.
B.
C.
D.
Tolerated
Sanctioned
Unsanctioned
Prohibited
Question: 70
You have been invited to a public cloud design and architecture session to help deliver
secure east west ows and secure Kubernetes workloads.
What deployment options do you have available? (Choose two.)
A.
B.
C.
D.
PA-Series
VM-Series
Panorama
CN-Series
Question: 73
Which SOAR feature coordinates across technologies, security teams, and external
users for centralized data visibility and action?
A.
B.
C.
D.
Case management
Integrations
Ticketing system
Playbooks
Question: 74
Network isolation can be achieved using what kind of logical network attribute?
A.
B.
C.
D.
Untrust Zone
Wide Area Network (WAN)
Virtual LAN (VLAN)
Trust Zone
What are the two most prominent characteristics of the malware type rootkit?
(Choose two.)
A. It encrypts user data.
B. It cannot be detected by antivirus because of its masking techniques.
C. It takes control of the operating system.
D. It steals personal information.
Question: 77
Which endpoint security solution protects against malicious software designed to
invade a device and collect user data?
A.
B.
C.
D.
Anti-spyware
Anti-virus
Sandboxing
Software-de ned wide-area networks (SD-WAN)
Question: 78
Network vulnerability scanners and analyzers, such as Nessus and Wireshark, are used
in which step of the cyberattack lifecycle?
A.
B.
C.
D.
Installation
Exploitation
Reconnaissance
Weaponization
Question: 79
How can Cortex XSIAM reduce incident response times dramatically?
A.
B.
C.
D.
Through its incorporated threat intelligence management
Through its installation directly on the endpoint
Through its integration with custom TAXII feeds
Through its Al-driven threat detection and remediation capabilities
Question: 80
What is the recommended method for collecting security logs from multiple
endpoints?
A.
B.
C.
D.
Leverage an EDR solution to request the logs from endpoints.
Connect to the endpoints remotely and download the logs.
Con gure endpoints to forward logs to a SIEM.
Build a script that pulls down the logs from all endpoints.
Question: 81
What does "forensics" refer to in a Security Operations process?
A.
B.
C.
D.
Collecting raw data needed to complete the detailed analysis of an investigation
Validating cyber analysts' backgrounds before hiring
Reviewing information about a broad range of activities
Analyzing new IDS/IPS platforms for an enterprise
Question: 82
If an endpoint does not know how to reach its destination, what path will it take to get
there?
A.
B.
C.
D.
The endpoint will broadcast to all connected network devices.
The endpoint will not send the tra c until a path is clari ed.
The endpoint will send data to the speci ed default gateway.
The endpoint will forward data to another endpoint to send instead.
Question: 83
A user is given access to a service that gives them access to cloud-hosted physical and
virtual servers, storage, and networking.
Which NIST cloud service model is this?
A.
B.
C.
D.
IaaS
SaaS
PaaS
CaaS
Question: 84
What is a key bene t of Cortex XDR?
A.
B.
C.
D.
It acts as a safety net during an attack while patches are developed.
It secures internal network tra c against unknown threats.
It manages applications accessible on endpoints.
It reduces the need for network security.
Question: 85
Which Palo Alto Networks subscription dynamically discovers and maintains a realtime inventory of devices on your network?
A.
B.
C.
D.
DNS Security
Threat Prevention
IoT Security
Wild re
Question: 86
Which method is used to enumerate vulnerabilities, services, and applications?
A.
B.
C.
D.
Port evasion
Encryption
DNS tunneling
Port scanning
Question: 87
Which encryption protocol is most commonly used in site-to-site or device-to-device
VPN connections?
A.
B.
C.
D.
Transport Layer Security (TLS)
Secure Sockets Layer (SSL)
Layer 2 Tunneling Protocol (L2TP)
Internet Protocol Security (IPsec)
Question: 88
In the Transport layer of the OSI model, what is a protocol data unit (PDU) called?
A.
B.
C.
D.
Frame
Packet
Datagram
Bit
Question: 89
Network tra c capture and endpoint data capture are elements of which pillar of
SecOps?
A.
B.
C.
D.
Technology
Interfaces
People
Visibility
Question: 90
Which technique uses le sharing or an instant messenger client such as Meebo running
over Hypertext Transfer Protocol (HTTP)?
A.
B.
C.
D.
Use of non-standard ports
Hiding within SSL encryption
Port hopping
Tunneling within commonly used services
Question: 91
What type of area network connects end-user devices?
A.
B.
C.
D.
Wide Area Network (WAN)
Campus Area Network (CAN)
Local Area Network (LAN)
Personal Area Network (PAN)
Question: 92
What should a security operations engineer do if they are presented with an encoded
string during an incident investigation?
A.
B.
C.
D.
Save it to a new le and run it in a sandbox.
Run it against VirusTotal.
Append it to the investigation notes but do not alter it.
Decode the string and continue the investigation.
Question: 93
What is the primary purpose of a case management system?
A.
B.
C.
D.
To consolidate alerts into a single queue for streamlined incident handling
To incorporate an additional layer in the escalation procedure
To be a centralized tool pointing to other, separate alerting systems
To minimize the number of duplicate alerts
Question: 94
What are three bene ts of the cloud native security platform? (Choose three.)
A.
B.
C.
D.
E.
Increased throughput
Exclusivity
Agility
Digital transformation
Flexibility
Question: 95
Which security component can detect command-and-control tra c sent from multiple
endpoints within a corporate data center?
A.
B.
C.
D.
Personal endpoint rewall
Port-based rewall
Next-generation rewall
Stateless rewall
Question: 96
Which native Windows application can be used to inspect actions taken at a speci c
time?
A.
B.
C.
D.
Event Viewer
Timeline inspector
Task Manager
Task Scheduler
Question: 97
Which of the following is a Routed Protocol?
A.
B.
C.
D.
Routing Information Protocol (RIP)
Transmission Control Protocol (TCP)
Internet Protocol (IP)
Domain Name Service (DNS)
Question: 98
What is a key method used to secure sensitive data in Software-as-a-Service (SaaS)
applications?
A.
B.
C.
D.
Allow downloads to managed devices but block them from unmanaged devices.
Allow downloads to both managed and unmanaged devices.
Leave data security in the hands of the cloud service provider.
Allow users to choose their own applications to access data.
Question: 99
Which pillar of Prisma Cloud application security does vulnerability management fall
under?
A.
B.
C.
D.
dynamic computing
identity security
compute security
network protection
Question: 100
What is the proper subnet mask for the network 192.168.55.0/27?
A.
B.
C.
D.
255.255.255.192
255.255.255.248
255.255.255.224
255.255.255.0
Question: 103
Which option is an example of a North-South tra c ow?
A.
B.
C.
D.
Lateral movement within a cloud or data center
An internal three-tier application
Client-server interactions that cross the edge perimeter
Tra c between an internal server and internal user
Question: 104
Which aspect of a SaaS application requires compliance with local organizational
security policies?
A.
B.
C.
D.
Types of physical storage media used
Data-at-rest encryption standards
Acceptable use of the SaaS application
Vulnerability scanning and management
Question: 105
Which option describes the `selective network security virtualization` phase of
incrementally transforming data centers?
A. during the selective network security virtualization phase, all intra-host
communication paths are strictly controlled
B. during the selective network security virtualization phase, all intra-host tra c is
forwarded to a Web proxy server
C. during the selective network security virtualization phase, all intra-host tra c is
encapsulated and encrypted using the IPSEC protocol
D. during the selective network security virtualization phase, all intra-host tra c is load
balanced
Question: 106
Which TCP/IP sub-protocol operates at the Layer7 of the OSI model?
A.
B.
C.
D.
UDP
MAC
SNMP
NFS
Question: 107
Anthem server breaches disclosed Personally Identi able Information (PII) from a
number of its servers. The in ltration by hackers was attributed to which type of
vulnerability?
A.
B.
C.
D.
an intranet-accessed contractor's system that was compromised
exploitation of an unpatched security vulnerability
access by using a third-party vendor's password
a phishing scheme that captured a database administrator's password
Question: 108
Routing Information Protocol (RIP), uses what metric to determine how network tra c
should ow?
A.
B.
C.
D.
Shortest Path
Hop Count
Split Horizon
Path Vector
Related documents
Cloud Computing - Lutheran Services in America
Cloud Computing - Lutheran Services in America
Assignment 1
Assignment 1
ELEMENTS OF WEATHER SUMMARY
ELEMENTS OF WEATHER SUMMARY
Aero English
Aero English
One of the lead activities assigned to ITU-T Study Group... presentation gives an overview on the ongoing work of Study... SG13 Activities and Achievements Related to Cloud Computing
One of the lead activities assigned to ITU-T Study Group... presentation gives an overview on the ongoing work of Study... SG13 Activities and Achievements Related to Cloud Computing
30. English Language (sts)
30. English Language (sts)
Download
advertisement