Palo Alto All Post Exams Questions
Which acronym represents a set of routines, protocols, and tools for building software applications and integrations? a. PCAP b. API c. IoC d. IoT
API
Which IP address type is commonly self-assigned by a DHCP client when no DHCP server is available? a. NAT b. PAT c. APIPA d. Static
APIPA
On the NGFW, which type of User-ID technique can be configured to probe Microsoft Windows servers for active network sessions of a user? a. Client Probing b. Internet Probing c. Server Probing d. Connection Probing
Client probing
What is the primary function of coin miner malware? a. Coin miner is a sophisticated macro virus that propagates through sharing of Microsoft Office documents, and captures user online banking logon information. b. Coin miner malware's primary function is to use .lnk shortucts to secretly deliver additional malware. c. Coin miner malware hijacks systems to create or mine cybercurrency without victims consent or awareness.
Coin miner malware hijacks systems to create or mine cybercurrency without victims consent or awareness.
Select the Prisma Cloud capability that decouples workload identity from IP addresses, leverages tags and metadata to assign a logical identity to applications and workloads, and then uses it to enforce ID-based micro-segmentation and security policies that adapt to your dynamic environments. a. Machine identity b. UEBA c. Identity and access management (IAM) security d. Access management
Machine identity
The term "cloud native" refers to an approach to building and running applications that takes full advantage of a cloud computing delivery model instead of an on-premises data center.
True
Traps leverages the intelligence obtained from tens of thousands of subscribers to the WildFire cloud-based threat analysis service to continuously aggregate threat data and maintain the collective immunity of all users across endpoints, networks, and cloud applications.
True
True or False. The compute cluster is the building block for hosting the application infrastructure and provides the necessary resources in terms of compute, storage, networking, and security.
True
True or False. The process in which end users find personal technology and apps that are more powerful or capable, more convenient, less expensive, quicker to install, and easier to use, than enterprise IT solutions is known as consumerization.
True
To safely enable SaaS usage in your organization, start by clearly defining the SaaS applications that should be used and which behaviors within those applications are allowed. Which category of applications are not allowed, then controlling their usage with granular policies a. Tolerated b. Permitted c. Unsanctioned d. Sanctioned
Unsanctioned
Which type of Wildfire analysis method supports a custom-built, evasion-resistant virtual environment in which previously unknown submissions are executed within a virtualized test environment to determine real world effects and behavior. a. Machine b. Static c. Bare Metal d. Dynamic
Dynamic
The terms 'ingress/egress' best match the following descriptions: Ingoing/outgoing, detection/prevention, trusted/untrusted, patching/updating
Ingoing/outgoing
In the serverless model, applications rely on managed services that abstract away the need to manage, patch, and secure infrastructure and virtual machines.
True
Which three options are threat intelligence sources for AutoFocus? A. WildFire B. URL Filtering with PAN-DB Service C. Unit 42 Threat Intelligence and Research Team D. Third-Party Intrusion Prevention Systems
A B C
WIldFire prevents known and unknown malware threats.
False
A mutex is a program object that allows multiple program threads to share the same resource, such as file access, but not simultaneously.
True
Playbooks (or runbooks) are task-based graphic workflows that help visualize processes across security products. These playbooks can be fully automated, fully manual, or anywhere in between.
True
Which capability of a Zero-Trust segmentation platform uses a combination of anti-malware, intrusion prevention, and cyberthreat prevention technologies to provide comprehensive protection against both known and unknown threats, including threats on mobile devices? a. Least privilege access control b. Secure access c. Inspection of all traffic d. Cyberthreat protection
Cyberthreat prevention
Which of the following are typical mobile device management software capabilities? Select all that apply. DLP Personal Firewalls Policy enforcement Malware prevention
DLP, Policy enforcement, Malware prevention
Which OSI layer has 'sublayers' where you will find the LLC and MAC content? a. Transport b. Application c. Network d. Data Link e. Physical
Data Link
Which Content-ID filtering capability controls the transfer of sensitive data patterns such as credit card and social security numbers in application content and attachments? a. Data filtering b. File blocking by type c. File filtering by size d. File transfer function control
Data filtering
When two devices on the same LAN are establishing an IP connection, which IP address setting is not relevant? a. IP Address b. Subnet Mask c. Default Gateway
Default Gateway
Attacks that result in a Data Breach are most likely performed by internal threat actors (employees).
False
True or False. Wired Equivalent Privacy (WEP) is the most effective protocol for securing wireless networks.
False
True or False. The Lockheed Martin Cyber Kill Chain® framework is a five-step process that an attacker goes through in order to attack a network.
False, it is 7-steps
The ability to withstand a catastrophic series of events is commonly known as:
Fault tolerance
CRC, Cyclic Redundancy Check, is used to verify: a. Frame Integrity b. UDP handshakes c. QoS - Quality of Service d. Least-Cost path
Frame Integrity
Which type of attacker is motivated by political or social causes? Cyberterrorist State-affiliated Cybercriminal Hacktivist
Hacktivist
What would be the best description of 'polymorphism and metamorphism' ? Hiding techniques, Encrypting algorithm, SPIM, SPAM
Hiding techniques
A cloud access security broker (CASB) is software that monitors activity and enforces security policies on traffic between an organization's users and cloud-based applications and services.
True
Identity and access management (IAM) uniquely identifies users and groups in a directory service (such as Active Directory), controls what resources those users and groups can access, and what functions they can perform on a resource (such as read, write, delete, and execute).
True
True or False. Business intelligence (BI) software consists of tools and techniques used to surface large amounts of raw unstructured data to perform a variety of tasks including data mining, event processing, and predictive analytics.
True
True or False. Certain personal characteristics, such as a photographic image or fingerprint, when combined with other personal information, such as a name or phone number, is considered Personally Identifiable Information (PII).
True
True or False. Hubs traditionally operate at Layer 1 - Physical Layer, of the OSI model, while Switches traditionally operate at Layer 2 - Data Link Layer, of the OSI model.
True
True or False. Most Botnets are designed to withstand the loss of a command and control (CnC) server, meaning that the entire Botnet infrastructure must be disabled almost simultaneously.
True
WildFIre performs deep packet inspection of malicious outbound communications to disrupt C&C activity.
True
Select the type of cybersecurity solution or feature that discovers threats by identifying activity that deviates from a baseline. a. Software configuration management (SCM) b. Integrated development environment (IDE) c. Dynamic User List (DUL) d. User and entity behavior analytics (UEBA)
UEBA
Select the appropriate slash notation for an IPV4 class C address. a. /24 b. /16 c. /8 d. /32
/24
Which of the following netbit subnet values is the default for IPv4 Class C addresses? a. /24 b. /16 c. /8 d. /30
/24
Which PA series firewall brings next-generation firewall capabilities to distributed enterprise branch offices, retail locations, and midsize businesses in a small form factor. a. 220 b. 220R c. 800 d. 3200
220
Which key method does Traps not use to prevent malicious executables on the endpoint? a. Wildfire inspection and analysis b. Access control inspection c. Malware techniques mitigation d. Policy-based restrictions
Access control inspection
Windows Directory Services allows you to: a. Administer user accounts and logon policies b. Create VPN network connections c. Open and close firewall ports
Administer user accounts and logon policies
Seventh layer of OSI model
Application
Which application identification technique determines whether the initially detected application protocol is the "real one" or if it is being used as a tunnel to hide the actual application (for example, Tor might run inside HTTPS). a. Heuristics b. Application protocol detection and decryption c. Application signatures d. Application protocol decoding
Application Protocol Decoding
Which is not a Zero Trust design principle? A. Adopt a least privilege strategy and strictly enforce access control B. Allow internal users to access network services through remote access C. Ensure that all resources are accessed securely, regardless of location D. Inspect and log all traffic
B
Which security-as-a-service layer in Prisma Access SASE capability provides visibility into SaaS application usage, understands where their sensitive data resides, enforces company policies for user access, and protects their data from hackers. a. Cloud Access Security Broker (CASB) b. Threat Prevention c. Secure Web Gateway (SWG) d. Data Loss Prevention (DLP)
CASB
The first phase of implementing security in virtualized data centers consists of: a. Consolidating servers across trust levels b. Consolidating servers within trust levels c. Selectively virtualizing network security functions d. Implementing a dynamic computing fabric
Consolidating servers WITHIN trust levels
Select the scalable, cloud-based log repository that stores context-rich logs generated by Palo Alto Networks security products, including next-generation firewalls, Prisma Access, and Cortex XDR agents. a. Cortex XDR management console b. Cortex XDR endpoint agent. T c. WildFire malware prevention service d. Cortex Data Lake
Cortex data lake
Which Palo Alto Networks NGFW report can be created and scheduled to show exactly the information you want to see by filtering on conditions and columns to include. You can also include query builders for more specific details in report data? a. Custom reports b. Botnet reports c. Predefined reports d. PDF summary reports
Custom Reports
What type of attack is intended to rapidly cause damage to the victim's network and system infrastructure, as well as their business and reputation? Reconnaissance Attack Distributed Denial of Service (DDoS) Man in the Middle Attack (MITM) Social Engineering Attack
DDoS
Second layer of OSI model
Data link
A 'rootkit' is usually associated with which of the following: DoS Christmas tree attack Escalation of privelage
Escalation of Privilege
What are the results of techniques used against a system that are designed to gain access through vulnerabilities in the code of an operating system or application?
Exploits
An attacker only needs to successfully execute one step of the Cyber Kill Chain® to infiltrate a network, whereas a defender must "be right every time" and break every step of the chain to prevent an attack.
False
AutoFocus is an optional module that can be added to Next Generation Firewalls?
False
HTTPS is an application protocol used to transfer clear text data between web servers and web browsers.
False
Prisma SaaS is an inline service, so it doesn't impact latency, bandwidth, or end-user experience.
False
Representational state transfer (REST) is an Extensible Markup Language (XML) format for conveying data about cybersecurity threats in a standardized format
False
The principle of least privilege in network security requires that only the permission or access rights necessary to perform an authorized task is denied.
False
True or False. An effective security strategy is to deploy Perimeter-Based Network defenses, where countermeasures are defined at a handful of well-defined ingress/egress points to the network. You can then assume that everything on the internal network can be trusted.
False
Which of the following does ARP mapping resolve? a. IP to DNS mapping b. DNS to IP mapping c. MAC to DNS mapping d. IP to MAC mapping e. MAC to IP mapping f. DNS to MAC mapping
IP to Mac mapping
Select the DevOps process in which developers or IT operations teams can programmatically provision and manage the infrastructure stack (such as virtual machines, networks, and connectivity) for an application in software. a. IaC b. PaaS c. IaaS d. SaaS
IaC
A Zero Trust network security model is based on which security principle? a. Least privilege b. negative control c. Due diligence d. non-repudiation
Least Privelage
Which protocol requires every router to calculate and maintain a complete map, or routing table, of the entire network. a. Link State b. Static c. Distance-Vector d. Convergence
Link State
Malicious software or code that typically damages, takes control of, or collects information from an infected endpoint is known as: Vulnerability Exploit Anti-Virus Malware
Malware
Third layer of OSI model
Network
Data that moves in and out of the virtualized environment from the host network or a corresponding traditional data center is also known as: a. East-West b. Unknown c. North-East d. North-South
North South
PCI DSS is mandated and administered by the: PCI Security Standards Council (SSC) European Union (EU) U.S. Federal Government United Nations (UN)
PCI SSC
Select the three pillars of security orchestration. a. SaaS, IaaS, PaaS b. Virtualization, Storage, Cloud c. Software, Hardware, Storage d. People, Process, Technology
People, process, technology
First layer of OSI model
Physical
Sixth layer of OSI model
Presentation
Which Prisma Access SASE capability can be used to block inappropriate content (such as pornography and gambling) or websites that businesses simply don't want users accessing while at work, such as streaming services like Netflix. a. Firewall as a Service (FWaaS) b. Zero Trust Network Access (ZTNA) c. Secure Web Gateway (SWG) d. Virtual Private Network (VPN)
SWG
Fifth layer of OSI model
Session
Fourth layer of OSI model
Transport
An Android Package Kit (APK) file is an app created for the Android mobile operating system.
True
An autonomous system (AS) is a group of contiguous IP address ranges under the control of a single internet entity. Individual autonomous systems are assigned a 16-bit or 32-bit AS number (ASN) that uniquely identifies the network on the internet. ASNs are assigned by the Internet Assigned Numbers Authority (IANA).
True
AutoFocus allows you to build sophisticated multilayer searches at the host and network-based artifact levels, and target your search within industry, time period, and other filters. These searches allow you to make previously unknown connections between attacks and plan your incident response actions accordingly.
True
Before a file runs, the Cortex XDR agent queries WildFire with the hash of any Windows, macOS, or Linux executable file, as well as any dynamic link library (DLL) or Office macro, to assess its standing within the global threat community. WildFire returns a near-instantaneous verdict on whether a file is malicious or benign.
True
Botnets are commonly designed to be managed by a CnC - Command and Control - server.
True
Development and Operations teams meet regularly, share analytics, and co-own projects from beginning to end.
True
IronSkillet is a set of day-one, next-generation firewall configuration templates for PAN-OS® that are based on security best practice recommendations.
True
Sanctioned SaaS applications fulfill a legitimate business need, but certain usage restrictions may be necessary to reduce risk.
True
The Security Operating Platform proactively blocks known threats, which provides baseline defenses against known exploits, malware, malicious URLs, and C2 activity.
True
The Traps agent injects itself into each process as it is started and automatically blocks advanced attacks that would otherwise evade detection.
True
The internet of things (IoT) refers to the network of physical smart, connected objects that are embedded with electronics, software, sensors, and network connectivity.
True
The key to Traps is blocking core exploit and malware techniques, not the individual attacks.
True
The primary issue with a perimeter-based network security strategy in which countermeasures are deployed at a handful of well-defined ingress and egress points to the network is that it relies on the assumption that everything on the internal network can be trusted.
True
WIldFire operates on which concept? a. virtualized sandbox b. IPS and SIEM tool correlation c. cloud-based reputation service d. file-based scanning against a signature database
Virtualized Sandbox
Which of the following WLAN standards is the LEAST secure? Pick two. WPA WEP WPA2 WPS
WEP WPS
What type of malware typically targets a computer network by replicating itself in order to spread rapidly? Backdoor Worm Virus Logic Bomb
Worm
What does the Linux 'man' command let you do? a. Manage Passwords b. Get Help c. Manually configure the network interface d. Manage Accounts
get help
The cloud computing service model in which a provider's applications run on a cloud infrastructure and the consumer does not manage or control the underlying infrastructure is known as: Identity as a Service (IDAAS) Platform as a Service (PAAS) Infrastructure as a Service (IAAS) Software as a Service (SAAS)
SAAS
Which type of network separates the control and management processes from the underlying networking hardware, making them available as software that can be easily configured and deployed. a. SD-MAN b. LAN c. SD-WAN d. WAN
SD-WAN
Which protocol would you use when setting up a 'trap' or 'trigger' for event notifications? a. SNMP b. UPS c. HTTPS d. SMTP
SNMP
Put the TCP/IP layers in order from 1 to 4, with 1 being the physical or lowest layer: Transport Application Internet work Network access
1.Network Access 2.Internet work 3.Transport 4.Application
What is the bit-strength of an IPv6 address? a. 16 b. 128 c. 64 d. 32 e. 256
128
Select the appropriate 1st octet associated with an IPV4 Class B address. a. 10 b. 172 c. 192 d. 255
172
Which subnet is 172.168.33.20/20 on? a. 172.168.16.0 b. 172.168.8.0 c. 172.168.0.0 d. 172.168.32.0
172.168.32.0
How many host addresses can the following network IP and subnet mask support: 192.168.1.0 /24 a. 1,022 b. 254 c. 256 d. 512 e. 510 f. 1,024
254
Select the subnet mask for a class A address. a. 255.255.255.255 b. 255.0.0.0 c. 255.255.0.0 d. 255.255.255.0
255.0.0.0
What is the bit-strength of an IPv4 address? a. 16 b. 128 c. 64 d. 32 e. 256
32
Which of the following are examples of an 'endpoint'? a. Desktop b. Website c. Mainframe Server d. Point of Sale (Terminal) e. Chat Application f. Mobile Phone
A D F
Platform as a Service - PaaS - is best described as: a.A licensing and delivery model in which software is licensed on a subscription basis and is centrally hosted. b. An online space where customers can develop, run, and manage applications without the complexity of building and maintaining the infrastructure typically associated with developing and launching an app. c.An underlying network infrastructure that virtualizes physical computing resources, data partitioning, scaling, security, backup
An online space where customers can develop, run, and manage applications without the complexity of building and maintaining the infrastructure typically associated with developing and launching an app.
Which Palo Alto Networks NGFW logs display entries for the security rules that help prevent sensitive information such as credit card numbers from leaving the area that the firewall protects? a. Data Filtering logs. b. Threat logs. c. URL Filtering logs. d. Correlation logs.
Data filtering logs
Which of the following features are found in the OSI Transport layer? a. Flow Control b. Frame Sequencing c. Addressing d. MAC to IP mappings e. ACK - acknowledgements f. Encryption
Flow Control, ACK - acknowledgements, Frame Sequencing
Which Wildfire verdict indicates no security risk but might display obtrusive behavior (for example, adware, spyware, and browser helper objects)? a. Malware b. Phishing c. Grayware d. Benign
Grayware
Which Traps capability enables organizations to identify non-malicious but otherwise undesirable software, such as adware, and prevent it from running in their environment? a. Execution Restrictions b. Behavior-based ransomware protection c. Granular child process protection d. Grayware Classification
Grayware classification
Which of the following is not a benefit of implementing a Zero-Trust network? a. Clearly improved effectiveness in mitigating data loss with visibility and safe enablement of applications. b. Higher total cost of ownership (TCO) with a consolidated and fully integrated security operating platform. c. Improved ability to securely enable transformative IT initiatives. d. Greater efficiency for achieving and maintaining compliance with security and privacy mandates.
Higher total cost of ownership (TCO) with a consolidated and fully integrated security operating platform.
Why would you use a Time Domain Reflectometer? a. Simulate load on a network segment b. Identify bottlenecks in the network architecture c. Identify the location of a break in the network cable
Identify the location of a break in the network cable
Windows Directory Services uses which certificate / authentication method? a. PEAP b. Kerberos c. MS-CHAP v2 d. AES
Kerberos
Which tool is used to probe for open TCP and UDP ports? a. Port Scanner b. Web Application Scanner c. Network Analyzer d. Password Cracker
Port scanner
Which Security Operating Platform capability supports a coordinated security platform that accounts for the full scope of an attack, across the various security controls that compose the security posture. This allows organizations to quickly identify and block known threats. a. Reduce the attack surface. b. Full Visibility. c. Detect and prevent new, unknown threats with automation. d. Prevent all known threats, fast.
Prevent all known threats, fast
Which VPN technology is currently considered the preferred method for securely connecting a remote endpoint device back to an enterprise network? PPTP SSL IPSEC SSTP
SSL
Which of the following describes a cooling problem often found in server rooms? a. Ground Loops b. Cache Depletion c. Traffic Bottlenecks d. Server Creep
Server Creep
Which of the following are enhancements of Wi-Fi 802.11ac compared to WiFi 802.11n? Select more than one. a. Integrity b. Speed c. Beamforming Transmissions d. Support for WEP
Speed, beamforming transmissions
A default gateway is a network device, such as a router or switch, to which an endpoint sends network traffic when a specific destination IP address is not specified by an application or service, or when the endpoint does not know how to reach a specified destination.
True
Content-ID is an Intrusion Prevention feature that protects networks from all types of vulnerability exploits, buffer overflows, DoS attacks, and port scans that lead to the compromise of confidential and sensitive enterprise information.
True
The single pass architecture of the NGFW integrates multiple threat prevention disciplines (IPS, anti-malware, URL filtering, etc.) into a single stream-based engine with a uniform signature format.
True