Palo Alto All Post Exams Questions

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Which acronym represents a set of routines, protocols, and tools for building software applications and integrations? a. PCAP b. API c. IoC d. IoT

API

Which IP address type is commonly self-assigned by a DHCP client when no DHCP server is available? a. NAT b. PAT c. APIPA d. Static

APIPA

On the NGFW, which type of User-ID technique can be configured to probe Microsoft Windows servers for active network sessions of a user? a. Client Probing b. Internet Probing c. Server Probing d. Connection Probing

Client probing

What is the primary function of coin miner malware? a. Coin miner is a sophisticated macro virus that propagates through sharing of Microsoft Office documents, and captures user online banking logon information. b. Coin miner malware's primary function is to use .lnk shortucts to secretly deliver additional malware. c. Coin miner malware hijacks systems to create or mine cybercurrency without victims consent or awareness.

Coin miner malware hijacks systems to create or mine cybercurrency without victims consent or awareness.

Select the Prisma Cloud capability that decouples workload identity from IP addresses, leverages tags and metadata to assign a logical identity to applications and workloads, and then uses it to enforce ID-based micro-segmentation and security policies that adapt to your dynamic environments. a. Machine identity b. UEBA c. Identity and access management (IAM) security d. Access management

Machine identity

The term "cloud native" refers to an approach to building and running applications that takes full advantage of a cloud computing delivery model instead of an on-premises data center.

True

Traps leverages the intelligence obtained from tens of thousands of subscribers to the WildFire cloud-based threat analysis service to continuously aggregate threat data and maintain the collective immunity of all users across endpoints, networks, and cloud applications.

True

True or False. The compute cluster is the building block for hosting the application infrastructure and provides the necessary resources in terms of compute, storage, networking, and security.

True

True or False. The process in which end users find personal technology and apps that are more powerful or capable, more convenient, less expensive, quicker to install, and easier to use, than enterprise IT solutions is known as consumerization.

True

To safely enable SaaS usage in your organization, start by clearly defining the SaaS applications that should be used and which behaviors within those applications are allowed. Which category of applications are not allowed, then controlling their usage with granular policies a. Tolerated b. Permitted c. Unsanctioned d. Sanctioned

Unsanctioned

Which type of Wildfire analysis method supports a custom-built, evasion-resistant virtual environment in which previously unknown submissions are executed within a virtualized test environment to determine real world effects and behavior. a. Machine b. Static c. Bare Metal d. Dynamic

Dynamic

The terms 'ingress/egress' best match the following descriptions: Ingoing/outgoing, detection/prevention, trusted/untrusted, patching/updating

Ingoing/outgoing

In the serverless model, applications rely on managed services that abstract away the need to manage, patch, and secure infrastructure and virtual machines.

True

Which three options are threat intelligence sources for AutoFocus? A. WildFire B. URL Filtering with PAN-DB Service C. Unit 42 Threat Intelligence and Research Team D. Third-Party Intrusion Prevention Systems

A B C

WIldFire prevents known and unknown malware threats.

False

A mutex is a program object that allows multiple program threads to share the same resource, such as file access, but not simultaneously.

True

Playbooks (or runbooks) are task-based graphic workflows that help visualize processes across security products. These playbooks can be fully automated, fully manual, or anywhere in between.

True

Which capability of a Zero-Trust segmentation platform uses a combination of anti-malware, intrusion prevention, and cyberthreat prevention technologies to provide comprehensive protection against both known and unknown threats, including threats on mobile devices? a. Least privilege access control b. Secure access c. Inspection of all traffic d. Cyberthreat protection

Cyberthreat prevention

Which of the following are typical mobile device management software capabilities? Select all that apply. DLP Personal Firewalls Policy enforcement Malware prevention

DLP, Policy enforcement, Malware prevention

Which OSI layer has 'sublayers' where you will find the LLC and MAC content? a. Transport b. Application c. Network d. Data Link e. Physical

Data Link

Which Content-ID filtering capability controls the transfer of sensitive data patterns such as credit card and social security numbers in application content and attachments? a. Data filtering b. File blocking by type c. File filtering by size d. File transfer function control

Data filtering

When two devices on the same LAN are establishing an IP connection, which IP address setting is not relevant? a. IP Address b. Subnet Mask c. Default Gateway

Default Gateway

Attacks that result in a Data Breach are most likely performed by internal threat actors (employees).

False

True or False. Wired Equivalent Privacy (WEP) is the most effective protocol for securing wireless networks.

False

True or False. The Lockheed Martin Cyber Kill Chain® framework is a five-step process that an attacker goes through in order to attack a network.

False, it is 7-steps

The ability to withstand a catastrophic series of events is commonly known as:

Fault tolerance

CRC, Cyclic Redundancy Check, is used to verify: a. Frame Integrity b. UDP handshakes c. QoS - Quality of Service d. Least-Cost path

Frame Integrity

Which type of attacker is motivated by political or social causes? Cyberterrorist State-affiliated Cybercriminal Hacktivist

Hacktivist

What would be the best description of 'polymorphism and metamorphism' ? Hiding techniques, Encrypting algorithm, SPIM, SPAM

Hiding techniques

A cloud access security broker (CASB) is software that monitors activity and enforces security policies on traffic between an organization's users and cloud-based applications and services.

True

Identity and access management (IAM) uniquely identifies users and groups in a directory service (such as Active Directory), controls what resources those users and groups can access, and what functions they can perform on a resource (such as read, write, delete, and execute).

True

True or False. Business intelligence (BI) software consists of tools and techniques used to surface large amounts of raw unstructured data to perform a variety of tasks including data mining, event processing, and predictive analytics.

True

True or False. Certain personal characteristics, such as a photographic image or fingerprint, when combined with other personal information, such as a name or phone number, is considered Personally Identifiable Information (PII).

True

True or False. Hubs traditionally operate at Layer 1 - Physical Layer, of the OSI model, while Switches traditionally operate at Layer 2 - Data Link Layer, of the OSI model.

True

True or False. Most Botnets are designed to withstand the loss of a command and control (CnC) server, meaning that the entire Botnet infrastructure must be disabled almost simultaneously.

True

WildFIre performs deep packet inspection of malicious outbound communications to disrupt C&C activity.

True

Select the type of cybersecurity solution or feature that discovers threats by identifying activity that deviates from a baseline. a. Software configuration management (SCM) b. Integrated development environment (IDE) c. Dynamic User List (DUL) d. User and entity behavior analytics (UEBA)

UEBA

Select the appropriate slash notation for an IPV4 class C address. a. /24 b. /16 c. /8 d. /32

/24

Which of the following netbit subnet values is the default for IPv4 Class C addresses? a. /24 b. /16 c. /8 d. /30

/24

Which PA series firewall brings next-generation firewall capabilities to distributed enterprise branch offices, retail locations, and midsize businesses in a small form factor. a. 220 b. 220R c. 800 d. 3200

220

Which key method does Traps not use to prevent malicious executables on the endpoint? a. Wildfire inspection and analysis b. Access control inspection c. Malware techniques mitigation d. Policy-based restrictions

Access control inspection

Windows Directory Services allows you to: a. Administer user accounts and logon policies b. Create VPN network connections c. Open and close firewall ports

Administer user accounts and logon policies

Seventh layer of OSI model

Application

Which application identification technique determines whether the initially detected application protocol is the "real one" or if it is being used as a tunnel to hide the actual application (for example, Tor might run inside HTTPS). a. Heuristics b. Application protocol detection and decryption c. Application signatures d. Application protocol decoding

Application Protocol Decoding

Which is not a Zero Trust design principle? A. Adopt a least privilege strategy and strictly enforce access control B. Allow internal users to access network services through remote access C. Ensure that all resources are accessed securely, regardless of location D. Inspect and log all traffic

B

Which security-as-a-service layer in Prisma Access SASE capability provides visibility into SaaS application usage, understands where their sensitive data resides, enforces company policies for user access, and protects their data from hackers. a. Cloud Access Security Broker (CASB) b. Threat Prevention c. Secure Web Gateway (SWG) d. Data Loss Prevention (DLP)

CASB

The first phase of implementing security in virtualized data centers consists of: a. Consolidating servers across trust levels b. Consolidating servers within trust levels c. Selectively virtualizing network security functions d. Implementing a dynamic computing fabric

Consolidating servers WITHIN trust levels

Select the scalable, cloud-based log repository that stores context-rich logs generated by Palo Alto Networks security products, including next-generation firewalls, Prisma Access, and Cortex XDR agents. a. Cortex XDR management console b. Cortex XDR endpoint agent. T c. WildFire malware prevention service d. Cortex Data Lake

Cortex data lake

Which Palo Alto Networks NGFW report can be created and scheduled to show exactly the information you want to see by filtering on conditions and columns to include. You can also include query builders for more specific details in report data? a. Custom reports b. Botnet reports c. Predefined reports d. PDF summary reports

Custom Reports

What type of attack is intended to rapidly cause damage to the victim's network and system infrastructure, as well as their business and reputation? Reconnaissance Attack Distributed Denial of Service (DDoS) Man in the Middle Attack (MITM) Social Engineering Attack

DDoS

Second layer of OSI model

Data link

A 'rootkit' is usually associated with which of the following: DoS Christmas tree attack Escalation of privelage

Escalation of Privilege

What are the results of techniques used against a system that are designed to gain access through vulnerabilities in the code of an operating system or application?

Exploits

An attacker only needs to successfully execute one step of the Cyber Kill Chain® to infiltrate a network, whereas a defender must "be right every time" and break every step of the chain to prevent an attack.

False

AutoFocus is an optional module that can be added to Next Generation Firewalls?

False

HTTPS is an application protocol used to transfer clear text data between web servers and web browsers.

False

Prisma SaaS is an inline service, so it doesn't impact latency, bandwidth, or end-user experience.

False

Representational state transfer (REST) is an Extensible Markup Language (XML) format for conveying data about cybersecurity threats in a standardized format

False

The principle of least privilege in network security requires that only the permission or access rights necessary to perform an authorized task is denied.

False

True or False. An effective security strategy is to deploy Perimeter-Based Network defenses, where countermeasures are defined at a handful of well-defined ingress/egress points to the network. You can then assume that everything on the internal network can be trusted.

False

Which of the following does ARP mapping resolve? a. IP to DNS mapping b. DNS to IP mapping c. MAC to DNS mapping d. IP to MAC mapping e. MAC to IP mapping f. DNS to MAC mapping

IP to Mac mapping

Select the DevOps process in which developers or IT operations teams can programmatically provision and manage the infrastructure stack (such as virtual machines, networks, and connectivity) for an application in software. a. IaC b. PaaS c. IaaS d. SaaS

IaC

A Zero Trust network security model is based on which security principle? a. Least privilege b. negative control c. Due diligence d. non-repudiation

Least Privelage

Which protocol requires every router to calculate and maintain a complete map, or routing table, of the entire network. a. Link State b. Static c. Distance-Vector d. Convergence

Link State

Malicious software or code that typically damages, takes control of, or collects information from an infected endpoint is known as: Vulnerability Exploit Anti-Virus Malware

Malware

Third layer of OSI model

Network

Data that moves in and out of the virtualized environment from the host network or a corresponding traditional data center is also known as: a. East-West b. Unknown c. North-East d. North-South

North South

PCI DSS is mandated and administered by the: PCI Security Standards Council (SSC) European Union (EU) U.S. Federal Government United Nations (UN)

PCI SSC

Select the three pillars of security orchestration. a. SaaS, IaaS, PaaS b. Virtualization, Storage, Cloud c. Software, Hardware, Storage d. People, Process, Technology

People, process, technology

First layer of OSI model

Physical

Sixth layer of OSI model

Presentation

Which Prisma Access SASE capability can be used to block inappropriate content (such as pornography and gambling) or websites that businesses simply don't want users accessing while at work, such as streaming services like Netflix. a. Firewall as a Service (FWaaS) b. Zero Trust Network Access (ZTNA) c. Secure Web Gateway (SWG) d. Virtual Private Network (VPN)

SWG

Fifth layer of OSI model

Session

Fourth layer of OSI model

Transport

An Android Package Kit (APK) file is an app created for the Android mobile operating system.

True

An autonomous system (AS) is a group of contiguous IP address ranges under the control of a single internet entity. Individual autonomous systems are assigned a 16-bit or 32-bit AS number (ASN) that uniquely identifies the network on the internet. ASNs are assigned by the Internet Assigned Numbers Authority (IANA).

True

AutoFocus allows you to build sophisticated multilayer searches at the host and network-based artifact levels, and target your search within industry, time period, and other filters. These searches allow you to make previously unknown connections between attacks and plan your incident response actions accordingly.

True

Before a file runs, the Cortex XDR agent queries WildFire with the hash of any Windows, macOS, or Linux executable file, as well as any dynamic link library (DLL) or Office macro, to assess its standing within the global threat community. WildFire returns a near-instantaneous verdict on whether a file is malicious or benign.

True

Botnets are commonly designed to be managed by a CnC - Command and Control - server.

True

Development and Operations teams meet regularly, share analytics, and co-own projects from beginning to end.

True

IronSkillet is a set of day-one, next-generation firewall configuration templates for PAN-OS® that are based on security best practice recommendations.

True

Sanctioned SaaS applications fulfill a legitimate business need, but certain usage restrictions may be necessary to reduce risk.

True

The Security Operating Platform proactively blocks known threats, which provides baseline defenses against known exploits, malware, malicious URLs, and C2 activity.

True

The Traps agent injects itself into each process as it is started and automatically blocks advanced attacks that would otherwise evade detection.

True

The internet of things (IoT) refers to the network of physical smart, connected objects that are embedded with electronics, software, sensors, and network connectivity.

True

The key to Traps is blocking core exploit and malware techniques, not the individual attacks.

True

The primary issue with a perimeter-based network security strategy in which countermeasures are deployed at a handful of well-defined ingress and egress points to the network is that it relies on the assumption that everything on the internal network can be trusted.

True

WIldFire operates on which concept? a. virtualized sandbox b. IPS and SIEM tool correlation c. cloud-based reputation service d. file-based scanning against a signature database

Virtualized Sandbox

Which of the following WLAN standards is the LEAST secure? Pick two. WPA WEP WPA2 WPS

WEP WPS

What type of malware typically targets a computer network by replicating itself in order to spread rapidly? Backdoor Worm Virus Logic Bomb

Worm

What does the Linux 'man' command let you do? a. Manage Passwords b. Get Help c. Manually configure the network interface d. Manage Accounts

get help

The cloud computing service model in which a provider's applications run on a cloud infrastructure and the consumer does not manage or control the underlying infrastructure is known as: Identity as a Service (IDAAS) Platform as a Service (PAAS) Infrastructure as a Service (IAAS) Software as a Service (SAAS)

SAAS

Which type of network separates the control and management processes from the underlying networking hardware, making them available as software that can be easily configured and deployed. a. SD-MAN b. LAN c. SD-WAN d. WAN

SD-WAN

Which protocol would you use when setting up a 'trap' or 'trigger' for event notifications? a. SNMP b. UPS c. HTTPS d. SMTP

SNMP

Put the TCP/IP layers in order from 1 to 4, with 1 being the physical or lowest layer: Transport Application Internet work Network access

1.Network Access 2.Internet work 3.Transport 4.Application

What is the bit-strength of an IPv6 address? a. 16 b. 128 c. 64 d. 32 e. 256

128

Select the appropriate 1st octet associated with an IPV4 Class B address. a. 10 b. 172 c. 192 d. 255

172

Which subnet is 172.168.33.20/20 on? a. 172.168.16.0 b. 172.168.8.0 c. 172.168.0.0 d. 172.168.32.0

172.168.32.0

How many host addresses can the following network IP and subnet mask support: 192.168.1.0 /24 a. 1,022 b. 254 c. 256 d. 512 e. 510 f. 1,024

254

Select the subnet mask for a class A address. a. 255.255.255.255 b. 255.0.0.0 c. 255.255.0.0 d. 255.255.255.0

255.0.0.0

What is the bit-strength of an IPv4 address? a. 16 b. 128 c. 64 d. 32 e. 256

32

Which of the following are examples of an 'endpoint'? a. Desktop b. Website c. Mainframe Server d. Point of Sale (Terminal) e. Chat Application f. Mobile Phone

A D F

Platform as a Service - PaaS - is best described as: a.A licensing and delivery model in which software is licensed on a subscription basis and is centrally hosted. b. An online space where customers can develop, run, and manage applications without the complexity of building and maintaining the infrastructure typically associated with developing and launching an app. c.An underlying network infrastructure that virtualizes physical computing resources, data partitioning, scaling, security, backup

An online space where customers can develop, run, and manage applications without the complexity of building and maintaining the infrastructure typically associated with developing and launching an app.

Which Palo Alto Networks NGFW logs display entries for the security rules that help prevent sensitive information such as credit card numbers from leaving the area that the firewall protects? a. Data Filtering logs. b. Threat logs. c. URL Filtering logs. d. Correlation logs.

Data filtering logs

Which of the following features are found in the OSI Transport layer? a. Flow Control b. Frame Sequencing c. Addressing d. MAC to IP mappings e. ACK - acknowledgements f. Encryption

Flow Control, ACK - acknowledgements, Frame Sequencing

Which Wildfire verdict indicates no security risk but might display obtrusive behavior (for example, adware, spyware, and browser helper objects)? a. Malware b. Phishing c. Grayware d. Benign

Grayware

Which Traps capability enables organizations to identify non-malicious but otherwise undesirable software, such as adware, and prevent it from running in their environment? a. Execution Restrictions b. Behavior-based ransomware protection c. Granular child process protection d. Grayware Classification

Grayware classification

Which of the following is not a benefit of implementing a Zero-Trust network? a. Clearly improved effectiveness in mitigating data loss with visibility and safe enablement of applications. b. Higher total cost of ownership (TCO) with a consolidated and fully integrated security operating platform. c. Improved ability to securely enable transformative IT initiatives. d. Greater efficiency for achieving and maintaining compliance with security and privacy mandates.

Higher total cost of ownership (TCO) with a consolidated and fully integrated security operating platform.

Why would you use a Time Domain Reflectometer? a. Simulate load on a network segment b. Identify bottlenecks in the network architecture c. Identify the location of a break in the network cable

Identify the location of a break in the network cable

Windows Directory Services uses which certificate / authentication method? a. PEAP b. Kerberos c. MS-CHAP v2 d. AES

Kerberos

Which tool is used to probe for open TCP and UDP ports? a. Port Scanner b. Web Application Scanner c. Network Analyzer d. Password Cracker

Port scanner

Which Security Operating Platform capability supports a coordinated security platform that accounts for the full scope of an attack, across the various security controls that compose the security posture. This allows organizations to quickly identify and block known threats. a. Reduce the attack surface. b. Full Visibility. c. Detect and prevent new, unknown threats with automation. d. Prevent all known threats, fast.

Prevent all known threats, fast

Which VPN technology is currently considered the preferred method for securely connecting a remote endpoint device back to an enterprise network? PPTP SSL IPSEC SSTP

SSL

Which of the following describes a cooling problem often found in server rooms? a. Ground Loops b. Cache Depletion c. Traffic Bottlenecks d. Server Creep

Server Creep

Which of the following are enhancements of Wi-Fi 802.11ac compared to WiFi 802.11n? Select more than one. a. Integrity b. Speed c. Beamforming Transmissions d. Support for WEP

Speed, beamforming transmissions

A default gateway is a network device, such as a router or switch, to which an endpoint sends network traffic when a specific destination IP address is not specified by an application or service, or when the endpoint does not know how to reach a specified destination.

True

Content-ID is an Intrusion Prevention feature that protects networks from all types of vulnerability exploits, buffer overflows, DoS attacks, and port scans that lead to the compromise of confidential and sensitive enterprise information.

True

The single pass architecture of the NGFW integrates multiple threat prevention disciplines (IPS, anti-malware, URL filtering, etc.) into a single stream-based engine with a uniform signature format.

True


Ensembles d'études connexes

Ch.11 Weight and Body Composition

View Set

Chapter 7: What is Memory and What are Memory Systems?

View Set

Starfish, fish frog, rat, embryology lab

View Set