Palo Alto PCCSA Questions
Aperture protects data in hosted files and application entries.
T
An IPv4 address consists of four ______-bit octets.
8
The primary issue with a perimeter-based network security strategy is that it relies on which assumption? A. All components on the internal network can be trusted. B. Critical components on the internal network can be trusted. C. No components on the internal network can be trusted. D. Some components on the internal network can be trusted.
A
Which Palo Alto Networks security product uses a proactive prevention strategy to block exploit and malware techniques and deliver Advanced Endpoint Protection? a. Traps b. WildFire c. Prisma Public Cloud d. Prisma SaaS
A
Which option can be used to protect data privacy for remote users connecting to an organization's home office over the public internet? A. IPsec authentication headers B. encryption C. strong passwords D. hashing the data
A
In Prisma Public Cloud, which three methods can be used to resolve alerts? (Choose three.) A. Automated remediation B. Guided remediation C. Manual remediation D. Metadata remediation
ABC
Which three important security considerations are associated with virtualization? (Choose three.) a) dormant VMs b) hypervisor vulnerabilities c) hypervisor sprawl d) intra-VM communications
ABD
Which three options would be classified as "VPN Challenges"? (Choose three.) a. deep packet inspection b. analysis of data per Regulatory and Compliance policies c. file screening and classification services d. maintenance and updating of client apps and services e. enablement of SSL on web browsers
ABD
Traps is a highly scalable Advanced Endpoint Protection solution that consists of which two endpoints? (Choose two.) a. Endpoint Security Manager server b. storage-area network c. Traps agent d. web server
AC
Which three items are evaluated by least privilege security policies? (Choose three.) a. application identity b. hacker signatures c. device identity d. content identity e. user identity
ADE
Which three modes can Panorama be deployed in? (Choose three.) a. Panorama b. SaaS c. North-South d. Management e. Log Collector
ADE
A Zero Trust network security model is based on which security principle? a) due diligence b) least privilege c) non-repudiation d) negative control
B
In Prisma Access, GlobalProtect allows secure access from where when enabling of partner or contractor access to protected applications is needed? a. Bluetooth b. SSL-enabled web browsers c. email d. App Store services
B
In a PKI, what does one host use to encrypt data when it initiates a network connection to another host? A. KDC ticket B. private key C. SSH key D. public key
B
Prisma Public Cloud provides support for which public cloud provider? A. OpenStack B. Google Cloud Platform C. Rackspace D. IBM Cloud
B
What does Prisma SaaS use to connect directly to a SaaS application? a. portal b. API c. gateway d. VPN
B
What is a capability of the Palo Alto Networks Traps advanced endpoint protection product? A. dynamically launches virtual containers to test unknown files in a local sandbox B. identifies unknown, zero-day vulnerabilities C. identifies all known and unknown viruses using advanced signatures D. dynamically assigns all discovered endpoints into trusted and untrusted categories
B
Which Palo Alto Networks cloud security management service provides continuous security monitoring, compliance validation and reporting, and comprehensive storage security? a. Cortex XDR b. Prisma Public Cloud c. Prisma SaaS d. Panorama
B
Which option describes malicious software or code that typically takes control of, collects information from, or damages an infected endpoint? A. Exploit B. Malware C. Vulnerability D. None of the above
B
Which option is not a defining characteristic of a NGFW? a) low latency packet processing with minimal throughput loss b) adherence to strict port and protocol enforcement for allow or block decisions c) integrated security tools d) bidirectional full-stack analysis of packets
B
Which three terms are recognized software-as-a-service (SaaS) classifications? (Choose three.) a. denied b. tolerated c. licensed d. sanctioned e. unsanctioned
BDE
Communications that occur within the data center are commonly referred to as what? a. hybrid b. north-south c. east-west d. agile
C
Intra-VM traffic is also known as which type of traffic? a) north-south b) unknown c) east-west d) untrusted
C
What Palo Alto Networks product provides centralized control of next-generation firewalls at the internet edge, in the data center, and in the private and public cloud deployments? a. Prisma Public Cloud b. WildFire c. Panorama d. GlobalProtect
C
Which IPsec protocol secures communication with encryption? A. Generic Routing Encapsulation B. Authentication Header C. Encapsulating Security Payload D. Internet Key Exchange
C
Which Palo Alto Networks product identifies unknown threats by comparing executable files against a database of shared data from the industry's largest enterprise malware analysis community? a. Panorama b. MineMeld c. WildFire d. Prisma Public Cloud
C
Which option describes the strength of Palo Alto Networks Traps operation? A. blocks malware by testing unknown code in a local container B. blocks exploits and malware using dynamically generated signatures C. blocks core exploit and malware techniques D. blocks exploits and malware by preventing memory buffer overflows
C
Which option is an example of a static routing protocol? A. Open Shortest Path First (OSPF) B. Border Gateway Protocol (BGP) C. Routing Information Protocol (RIP) D. Split horizon
C
__________ endpoint protection wraps a protective virtual barrier around vulnerable processes while they're running.
Container-based
What does the Palo Alto Networks Large Scale VPN feature use to authenticate network devices? A. beacons B. tokens C. passwords D. certificates
D
What is the GlobalProtect dashboard that allows you to use widgets and filters to evaluate and summarize trends related to your mobile devices and compliance status? a. Endpoint Security Manager (ESM) b. GlobalProtect Portal c. Virus Protection Node (VPN) d. Mobile Security Manager (MSM)
D
Which integration does the Traps Endpoint Security Manager (ESM) support to provide more insight into malware activity? a. Prisma SaaS b. Cortex XDR c. Prisma Public Cloud d. WildFire
D
Which password is the strongest? A. MyPassword1 B. mypasswordone C. mypassword1 D. MyP@s$wOrd1
D
Which type of wireless attack intercepts the victim's web traffic, redirects the victim's browser to a web server that it controls, and sends whatever content the attacker desires? A. DDoS B. Jasager C. Evil Twin D. SSLstrip
D
WildFire operates on which concept? a) file-based scanning against a signature database b) IPS and SIEM tool correlation c) cloud-based reputation service d) virtualized sandbox
D
__________ provides continuous monitoring of public clouds and helps organizations achieve a continuous state of compliance in their public cloud workloads.
Evident
A dynamic packet filtering firewall inspects each individual packet during a session to determine if the traffic should be allowed, blocked, or dropped by the firewall. (True or False)
F
In Prisma Access, GlobalProtect Gateways direct all client traffic to the appropriate GlobalProtect Portal. (True or False)
F
WildFire prevents known and unknown malware threats. (True or False)
F
__________ is a purpose-built, fully integrated cybersecurity approach that helps organizations get control of their networks and protect critical assets.
Security Operating Platform
An organization can be compliant with all applicable security and privacy regulations for its industry, yet still not be secure. (True or False)
T
The __________ defines who (customer and/or provider) is responsible for what, related to security, in the public cloud.
Shared Responsibility Model
_________________ is a technique used to divide a large network into smaller, multiple subnetworks by segmenting an IPv4 address into a network and host portion.
Subnetting
GlobalProtect provides a VPN solution. (True or False)
T
In Prisma Public Cloud, you can view your public cloud resources on the Dashboard. (True or False)
T
Panorama uses a fully customizable Application Command Center to provide comprehensive, correlated insight into current and historical network and threat data. (True or False)
T
Prisma Public Cloud resides in the public cloud.
T
Prisma Public Cloud supports the downloading of compliance reports. (True or False)
T
Prisma SaaS can inspect documents in unstructured and structured environments for common sensitive data strings, such as credit card numbers and social security numbers. (True or False)
T
The Palo Alto Networks Security Operating Platform delivers solutions that address three main security topics: network security, Advanced Endpoint Protection, and cloud security. (True or False)
T
The process that wraps protocol information from the (OSI or TCP/IP) layer immediately above in the data section of the layer immediately below is known as __________.
encapsulation
A _________________ is a mathematical function that creates a unique representation of a larger set of data in a manner that is easy to compute in one direction, but not in the reverse direction.
hash
Magnifier leverages __________ to analyze network, endpoint, and cloud data, which helps security analysts rapidly confirm threats by reviewing actionable alerts.
machine learning
A _________________ sends data packets to destination networks along a network path using logical addresses.
router
Which four services typically are supported by the provider with the platform-as-a-service (PaaS) model? (Choose four.) a. servers b. operating system c. virtualization d. application e. storage f. data
ABCE
What are three typical mobile device management software capabilities? (Choose three.) a) data loss prevention (DLP) b) policy enforcement c) intrusion detection d) malware prevention
ABD
Which three cloud computing service models are defined by NIST? (Choose three.) a) software as a service (SaaS) b) platform as a service (PaaS) c) desktop as a service (DaaS) d) infrastructure as a service (IaaS)
ABD
Which four layers comprise the TCP/IP model? (Choose four.) A. Application B. Transport C. Physical D. Internet E. Network Access
ABDE
Mobile devices are easy targets for attacks for which two reasons? (Choose two.) a. They roam in unsecured areas. b. They have poor battery-charging capabilities. c. They stay in an always-on, always-present state. d. They use speaker phones.
AC
Which two protocols function at the Transport layer of the OSI model? A. Transmission Control Protocol (TCP) B. Internet Protocol (IP) C. User Datagram Protocol (UDP) D. Hypertext Transfer Protocol (HTTP)
AC
What are the three core capabilities of an NGFW? (Choose three.) a) user identification b) splunk identification c) application identification d) content identification
ACD
What are the three keys to safely enabling mobile devices in the enterprise? (Choose three) A. control the data B. provision the device C. manage the device D. protect the device
ACD
Which three tasks are performed by signature-based anti-malware? (Choose three.) a. quarantines infected files b. prevents against zero-day attacks c. deletes infected files d. downloads signature file updates from the vendor site e. prevents spam
ACD
Which four items are examined by a next-generation firewall? (Choose four.) a. ports b. north-south traffic c. User-ID d. Content-ID e. Application-ID f. gateway
ACDE
Which four components are part of a traditional data center? (Choose four.) a. logging and monitoring services b. Domain Name Services (DNS) c. file screening and classification services d. IP address management e. storage-area network (SAN) f. perimeter firewalls
ACEF
__________ is a network directory service developed by Microsoft for Windows networks.
Active Directory
A __________ cloud infrastructure comprises two or more cloud deployment models, bound by standardized or proprietary technology that enables data and application portability.
hybrid
A __________ allows multiple, virtual operating systems to run concurrently on a single physical host computer.
hypervisor
What challenges attackers to overcome security barriers at the perimeter, on the local network, and on the endpoint itself? a. defense-in-depth b. packet filtering c. anomaly detection d. application management
A
Which option is an example of a logical address? A. IP address B. Hardware address C. MAC address D. Burned-in address
A
Which option is not a core technique for identifying applications in Palo Alto Networks NGFWs? a) packet headers b) application signatures c) protocol decoding d) behavioral analysis
A
Which path or tool is used by attackers? a. threat vector b. software as a service (SaaS) c. storage-area networks (SAN) d. anti-malware update
A
Which type of malware disables protection software? a. anti-AV b. trojan c. ransomware d. worm
A
What are three characteristics of application firewalls? (Choose three.) a) proxies traffic rather than permitting direct communication between hosts b) can be used to implement strong user authentication c) masks the internal network from untrusted networks d) is extremely fast and has no impact on network performance
ABC
Which three features are associated with a Zero Trust security model? (Choose three.) a. logging services b. segmentation zones c. no native trusts d. ports-first firewall rules e. packet management
ABC
Which three options are dynamic routing protocols? (Choose three.) A. Distance-vector B. Path-vector C. Link-state D. Point-to-point
ABC
Which three options are key components of the Security Operating Platform? (Choose three.) a) network security b) advanced endpoint protection c) cloud security d) application development security
ABC
Which three options are threat intelligence sources for AutoFocus? (Choose three.) a) WildFire b) URL filtering with PAN-DB service c) Unit 42 threat intelligence and research team d) third-party intrusion prevention systems
ABC
Which four items typically are analyzed by a next-generation firewall? (Choose four.) a. uniform resource locators b. User-ID c. Content-ID d. server performance e. App-ID
ABCE
Which kind of server is a master server that is designed to listen to individual compromised endpoints and respond with appropriate attack commands? a. bot b. web c. command and control d. directory services
C
What does the first phase of implementing security in virtualized data centers consist of? a) consolidating servers across trust levels b) consolidating servers within trust levels c) selectively virtualizing network security functions d) implementing a dynamic computing fabric
B
Which VPN technology requires the installation of IPsec certificates? a. SSTP b. L2TP c. SSL d. PPTP
B
Which security model ensures that all resources are accessed securely, regardless of location? a. perimeter b. Zero Trust c. cloud-based d. mobile device management
B
Which type of attack utilizes many endpoints as bots or attackers in a coordinated effort, and can be extremely effective in taking down a website or some other publicly accessible service? a. Bluetooth b. distributed denial-of-service c. man-in-the-middle d. adware
B
Which technique is not used to break the command-and-control (C&C) phase of the Cyber-Attack Lifecycle? A. Blocking outbound traffic to known malicious sites and IP addresses B. DNS sinkholing and DNS poisoning C. Vulnerability and patch management D. All of the above
C
Which is NOT a characteristic of Unified Threat Management (UTM)? a) It combines security functions such as firewalls, intrusion detection systems (IDS), anti-malware, and data loss prevention (DLP) in a single appliance. b) enabling all of the security functions in a UTM device can have a significant performance impact. c) It fully integrates all the security functions installed on the device. d) It can be a convenient solution for small networks.
C
Which three entities have been identified for defining security responsibilities and commitments as dictated in the Shared Responsibility Model? (Choose three.) a. federal government b. Cloud Service Providers c. corporate customers d. end users e. application developers
BCD
Which three options describe the relationship and interaction between a customer and software as a service (SaaS)? (Choose three.) a. complex deployment b. convenient and economical c. subscription service d. internet or application-based e. extensive manpower required
BCD
A man-in-the middle attack requires that the attacker successfully spoof the identities of __________ a. the network appliance b. the internal user c. both endpoints and users d. the external user
C
Data storage services commonly utilize compression and encryption formats, both of which impact the ability of which services to accurately identify and secure content? a. backup and restore b. authentication c. data loss prevention d. logging
C
In which cloud computing service model does a provider's applications run on a cloud infrastructure and the consumer does not manage or control the underlying infrastructure? A. Platform as a Service (PaaS) B. Infrastructure as a Service (IaaS) C. Software as a Service (SaaS) D. Public Cloud
C
Mobile device management can be utilized to apply security policies that support malware protection and data loss prevention classifications after what happens to a mobile device? a. It is placed in a virtual container. b. It is installed with a personal firewall. c. It is properly identified and authenticated. d. It is quarantined.
C
The OSI model consists of how many layers? A. Four B. Six C. Seven D. Nine
C
Which VPN technology is currently considered the preferred method for securely connecting a remote endpoint device back to an enterprise network? a) point-to-point tunneling protocol (PPTP) b) secure socket tunneling protocol (SSTP) c) Secure Sockets Layer (SSL) d) Internet Protocol Security (IPsec)
C
An IPS (intrusion prevention system) is more advanced than an IDS (intrusion detection system). What does an IPS also perform? a. signature-based detection b. false-positive detection c. encryption d. statistical anomaly (behavioral) detection
D
Containers that are built according to which design are built with an image manifest that describes all of the metadata and container properties? a. whitelist b. positive control model c. Application Awareness d. open container initiative
D
Panorama does not integrate with which option? a) WildFire b) Splunk c) Palo Alto Networks NGFWs d) traditional port-based firewalls
D
The spread of unsolicited content to targeted endpoints is known as what? a. pharming b. phishing c. exploiting d. spamming
D
Which option is an important characteristic or capability of advanced malware? A. Distributed, fault-tolerant architecture B. Multi-functionality C. Hiding techniques such as polymorphism, metamorphism, and obfuscation D. All of the above
D
_________________ is a distributed, hierarchical internet database that maps FQDNs to IP addresses.
DNS
The U.S. law that establishes national standards to protect individuals' medical records and other health information is known as _______.
HIPAA
A risk assessment examines the vulnerabilities associated with each asset and then assigns one risk factor valuation to globally protect all assets. (True or False)
F
A vulnerability is a small piece of software code, part of a malformed data file, or a sequence (string) of commands created by an attacker to cause unintended or unanticipated behavior in a system or software. (True or False)
F
An attacker needs to succeed in executing only one step of the Cyber-Attack Lifecycle to infiltrate a network, whereas a defender must "be right every time" and break every step of the chain to prevent an attack. (True or False)
F
Aperture is deployed as a standalone inline service between the organization's traditional perimeter-based firewalls and requires a software agent to be installed on mobile devices.
F
AutoFocus is an optional module that can be installed on NGFWs.
F
Most cyberattacks today are perpetrated by internal threat actors such as malicious employees engaging in corporate espionage. (True or False)
F
New exploits can be crafted from any number of more than a thousand core exploit techniques. (True or False)
F
Signature-based anti-malware software is considered a proactive security countermeasure. (True or False)
F
The Cyber-Attack Lifecycle is a five-step process that an attacker goes through to attack a network. (True or False)
F
The Zero Trust security model is primarily concerned with packet management at the network border, gateway, or perimeter, because it monitors frames that are entering and leaving the internal network and generally applies packet filtering firewall rules. (True or False)
F
Wired Equivalent Privacy (WEP) is an effective protocol for securing wireless networks. (True or False)
F
__________ is a set of IT service management best practices.
ITIL
The Data Link layer of the OSI model is further divided into these two sublayers: _____ and _____.
LLC and MAC
__________ is an open-source application, available directly on GitHub, that streamlines the aggregation, enforcement, and sharing of threat intelligence.
MineMeld
List the steps of the Cyber-Attack Lifecycle.
Reconnaissance, Weaponization, Delivery, Exploitation, Installation, Command and Control, Actions on Objectives
An organization can be fully compliant with the various cybersecurity laws and regulations that are applicable for that organization, yet still not be secure. (True or False.)
T
Another term for a "bot" is a "zombie". (True or False)
T
Business intelligence (BI) software consists of tools and techniques used to surface large amounts of raw unstructured data to perform a variety of tasks including data mining, event processing, and predictive analytics. (True or False)
T
Network firewalls cannot completely protect hosts from zero-day exploits. (True or False)
T
Signature-based anti-malware detection is a static process that compares file contents against a database of known malware bits and bytes. Anomaly or behavioral heuristics anti-malware detection is a dynamic process that uses learning processes to determine acceptable practices. (True or False)
T
The internet is an example of a wide-area network (WAN). (True or False)
T
The key to Traps is blocking core exploit and malware techniques, not the individual attacks. (True or False)
T
The key to breaking the Cyber-Attack Lifecycle during the Installation phase is to implement network segmentation, a Zero Trust model, and granular control of applications to limit or restrict an attacker's lateral movement within the network. (True or False)
T
The ports-first focus used by traditional data security perimeter firewalls limits their ability to see all traffic on all ports, meaning they do not effectively evaluate evasive or encrypted applications. (True or False)
T
The process in which end users find personal technology and apps that are more powerful or capable, more convenient, less expensive, quicker to install, and easier to use than enterprise IT solutions is known as consumerization. (True or False)
T
UTM can significantly improve a company's security posture by simplifying a company's security product portfolio. It should reduce the management complexity and costs associated with deploying a variety of third-party products and licenses. (True or False)
T
WildFire performs deep packet inspection of malicious outbound communications to disrupt C&C activity. (True or False)
T
_______________ exploits target unknown vulnerabilities in operating system and application software on a host machine.
Zero-day
A storage area network (SAN) uses __________-based storage.
block