Palo Alto PCCET
Which TCP/IP sub-protocol operates at the Layer7 of the OSI model? UDP MAC NFS SNMP
SNMP
How many bytes are in an IPv6 address? 4 8 16 32
16
Providing education opportunities to SOC analysts can help Erik's staff grow into different career paths. What advanced roles are available for the SOC analysts? Tier 2 or Tier 3 Analyst Team Lead/Shift Lead SOC Manager Threat Hunter All of the above
All of the above
Can you recommend what kind of configuration and operational questions they would need to answer? (Choose three.) Are the technologies in place configured to best practice? How many analysts are resolving incidents per day? How often are there deviations to SOC procedures? How many events are analysts handling per hour? How many firewall and endpoint technologies are in place?
Are the technologies in place configured to best practice? How often are there deviations to SOC procedures? How many events are analysts handling per hour?
Which item is not one of the four Cs of cloud native security? Code Containers Cache Clusters
Cache
Which class of address begins with the decimal 130 in the first octet? Class A Class B Class C Class D
Class B
In which area of focus can the SOC team use the Cortex XSOAR War Room to conduct a joint investigation? Ticketing Workflow automation Collaborate Manage incidents
Collaborate
What types of training content can Erik teach to create consistency within an organization? (Choose three.) Company security and privacy training. Continuous education training. Incident response training. Event triage training. Tool-feature use training.
Company security and privacy training. Continuous education training. Tool-feature use training.
Which one of the four Prisma Cloud pillars enforces machine learning-based runtime protection to protect applications and workloads in real time? Compute security Identity security Network protection Visibility, governance, and compliance
Compute security
Which type of endpoint protection wraps a protective virtual barrier around vulnerable processes while they are running? Container-based Anomaly-based Application-based Signature-based
Container-based
Which Cortex technology has strict privacy and security controls in place to prevent unauthorized access to sensitive or identifiable information? Data Lake XDR XSOAR XSIAM
Data Lake
What tool or technology can Erik and the SOC team use to detect and prevent accidental or malicious release of proprietary or sensitive information? Vulnerability management URL Filtering SSL Decryption Data Loss Prevention (DLP)
Data Loss Prevention (DLP)
What is the purpose of the shared responsibility model? Pools resources to achieve economies of scale. Defines who (customer and/or provider) is responsible for what, related to security, in the public cloud. Helps your organization scale. Brings cost and operational benefits but also technology benefits.
Defines who (customer and/or provider) is responsible for what, related to security, in the public cloud.
Erik is concerned that some of these alerts may be critical and the team will need help mitigating all of them. What should Erik do? Deploy more SIEMs to collect and process the data before having a SOC analyst interpret the data and take appropriate action. Deploy additional endpoint security to protect servers, PCs, laptops, and tablets so that alerts that are missed can be caught before exfiltrating data from the end user. Deploy SOAR technologies so he can accelerate incident response and automatically execute process-driven playbooks to mitigate critical alerts. Deploy more firewalls to protect the network while SOC analysts are interpreting data and taking appropriate action.
Deploy SOAR technologies so he can accelerate incident response and automatically execute process-driven playbooks to mitigate critical alerts.
Can you remind Erik what is the SOC team's main goal? Detect, analyze, and respond to cybersecurity incidents using a combination of technology solutions and a set of processes to help mitigate the incidents. Improve the security posture of the business, its products, and services by introducing security as a shared responsibility. Reduce the time required to contain a breach. Connect disparate security technologies through standardized and automatable workflows.
Detect, analyze, and respond to cybersecurity incidents using a combination of technology solutions and a set of processes to help mitigate the incidents.
Introducing security checks early in the software development process is part of which development model? DevSecOps DevCyberOps DevOps DevSecTestOps
DevSecOps
Erik's SOC team is divided into groups with different functions. Which three teams are responsible for the development, implementation, and maintenance of security policies? Endpoint Security, Network Security, and Cloud Security. Enterprise Security, Endpoint Security, and Cloud Security. HelpDesk Security, Operational Security, and Information Technology Security. Telemetry Security, Forensics Security, and Threat Intelligence Security
Endpoint Security, Network Security, and Cloud Security.
True or false? Prisma SaaS is deployed as a standalone inline service between the organization's traditional perimeter-based firewalls and requires a software agent to be installed on mobile devices. True False
False
Which cloud infrastructure comprises two or more cloud deployment models, bound by standardized or proprietary technology that enables data and application portability? Community Private Public Hybrid
Hybrid
Which statement about hybrid clouds is incorrect? Hybrid clouds optimize existing hardware resources. Hybrid clouds increase data center costs. Hybrid clouds can handle "bursty" applications through autoscaling. Hybrid clouds increase operational efficiencies.
Hybrid clouds increase data center costs.
What allows multiple, virtual operating systems to run concurrently on a single physical host computer? Micro-VMs Hypervisor Serverless computing Virtual machines
Hypervisor
Which model would a customer choose if they want full control over the operating system(s) running on their cloud computing platform? PaaS SaaS DaaS IaaS
IaaS
What tool or technology can provide Erik and his SOC team control for the provisioning, maintenance, and operation of user identities? Identity and access management Mobile device management Network access controls Virtual private networks
Identity and access management
Which SecOp function is proactive? Identify Investigate Mitigate Improve The correct answer was "Improve".
Improve
Which team can Erik turn to for assistance for operational changes to cloud technology? Help Desk Team DevOps Team Operational Technology Team Information Technology Operations Team
Information Technology Operations Team
In which cloud computing service model does a provider secure the physical computers running the virtual environment? Software as a service (SaaS) Infrastructure as a service (IaaS) Public cloud Platform as a service (PaaS)
Infrastructure as a service (IaaS)
Which Prisma Cloud feature enables templates for vulnerabilities and builds cloud-agnostic policies for the build and runtime development phases? Cloud asset inventory Infrastructure-as-Code (IaC) scanning Integrated development environment (IDE) Compliance monitoring and reporting
Infrastructure-as-Code (IaC) scanning
Erik has identified the alert and opened an incident in the ticketing system. What Security Operations function would Erik perform next? Perform a detail analysis of the alert. Investigate the root cause and impact of the incident. Stop the attack and close the ticket. Adjust and improve operations to stay current with changing and emerging threats.
Investigate the root cause and impact of the incident.
Which WildFire verdict is given for a submission that is malicious in nature and intent and can pose security threats (for example, viruses, worms, Trojan horses, rootkits, botnets, and remote-access toolkits?) phishing grayware benign malware
Malware
Which Prisma Cloud feature helps users identify and protect against known and unknown file-based threats that have infiltrated S3 buckets? Data governance Data visibility and classification Alert and remediation Malware detection
Malware detection
Which step of implementing a Zero Trust model includes scanning and mapping the transaction flows inside your network to determine how various data, applications, assets, and service components interact with other resources on your network? Define your protect surface. Architect a Zero Trust network. Create the Zero Trust policy. Map the transaction flows.
Map the transaction flows.
What are scaled-down, lightweight virtual machines that run on hypervisor software and contain only the Linux operating system kernel features necessary to run a container? Kubernetes Containers Micro-VMs Serverless
Micro-VMs
What is the first step Erik should consider when setting the budget? Establish a budget to meet the minimum requirements of the team. Obtain an agreement regarding the mission of the Security Operations and the SOC. Identify the technology, staff, facility, training, and additional needs. Define the processes needed to change the allocated budget and for emergency budget relief.
Obtain an agreement regarding the mission of the Security Operations and the SOC.
What are the three components of SOAR that Erik and the SOC team can use to help secure the business? (Choose three.) Orchestration Innovation Automation Collaboration Response
Orchestration Automation Response
What parameter can Erik and the SOC team use that allows for the immediate containment or prevention of a security incident without further approvals? Automatic mitigation scenarios. Automatic resolution scenarios. Pre-approved breach scenarios. Pre-approved mitigation scenarios.
Pre-approved mitigation scenarios.
Organizations are using which resource to expand their on-premises private cloud compute capacity? Software defined data centers Virtual storage Public cloud Virtual networks
Public cloud
If the SOC team is unable to detect a security breach, what are the two potential damages that can happen to the business? (Choose two.) Infrastructure and server uptime. Ransom payments to attackers. Legal and media fees while dealing with breach. Increase in customer switching to your company.
Ransom payments to attackers. Legal and media fees while dealing with breach.
Which SOAR goal enables the SOC team to use playbook orchestration to extract more value through task automation and coordination? Accelerated response Standardize process Reduce risk Collaboration and learning
Reduce risk
Which cloud feature continuously monitors an app's behavior and the context of behavior to immediately identify and prevent malicious activity? Integrated development environment (IDE) Cloud access security broker (CASB) Software configuration management (SCM) Runtime application self protection (RASP)
Runtime application self protection (RASP)
What tool or technology can Erik and the SOC team use to ingest aggregated alerts and execute an automated process-driven playbook? SIEM CERT CSIRT SOAR
SOAR
What tool or technology can Erik and the SOC team use to provide visibility into HTTPS traffic to find IOCs or high-fidelity indicators? Application Monitoring SSL Decryption URL Filtering Data Loss Prevention
SSL Decryption
Which SaaS application behavior is allowed and provided by information technology (IT)? Sanctioned Tolerated Unsanctioned Prohibited
Sanctioned
What details should Erik's weekly reports include? Open incidents and other daily activity that have been accomplished. Overall effectiveness of the SecOps functions, how long events are sitting in queue before being triaged, and if staffing in the SOC is appropriate. Security trends to initiate threat-hunting activities, open and closed cases, and conclusions of tickets (malicious, benign, false-positive.) All of the above
Security trends to initiate threat-hunting activities, open and closed cases, and conclusions of tickets (malicious, benign, false-positive.)
n which model do applications rely on managed services that abstract away the need to manage, patch, and secure infrastructure and virtual machines? PaaS Serverless Containers SaaS
Serverless
What methods can the SOC team employ to mitigate employee burnout? (Choose three.) Create a plan to move all employees into management roles. Create on-the-job training only, because it's more helpful than reading documentation. Shift turnover stand-up meeting (beginning or end of shift.) Schedule shifts to avoid high-traffic commute times. Train at least two employees on the same tasks so there is no single point of failure.
Shift turnover stand-up meeting (beginning or end of shift.) Schedule shifts to avoid high-traffic commute times. Train at least two employees on the same tasks so there is no single point of failure.
Palo Alto Networks firewalls are built on which type of architecture? Multi-pass Ultimate-pass Single-pass Strict-pass
Single-pass
Activity gathered by Erik and the SOC team electronically and in real-time from a given source is called? Telemetry Log Forensic (raw) Alert
Telemetry
What are relevant information that Erik and the SOC team's detailed analysis investigation can gather? (Choose three.) How the alert should be triaged The potential impact of the security incident Where the attacker will exfiltrate data from next The adversary's objective Whether the incident is a true incident or a false positive
The potential impact of the security incident. The adversary's objective. Whether the incident is a true incident or a false positive.
What could Erik and the team do if they wanted to reclassify the severity level of the attack? The team can reclassify the severity to 3 - Medium because the team is already working on mitigating the issue. Nothing. Severity 1 - Critical indicates a breach and is the highest severity level. The team can reclassify the attack as a Severity 0 to indicate an ongoing breach where the attacker is attempting to exfiltrate, encrypt, or corrupt data. The team can reclassify the severity to 5 - Informational, because the attack has already been identified.
The team can reclassify the attack as a Severity 0 to indicate an ongoing breach where the attacker is attempting to exfiltrate, encrypt, or corrupt data.
Which path or tool is used by attackers? SaaS Anti-malware update Threat vector Storage-area networks (SAN)
Threat vector
True or false? Prisma Access consistently protects all traffic, on all ports and from all applications. True False
True
True or false? Prisma SaaS protects data in hosted files and application entries. True False
True
Which phrase best describes a DevOps software development model? Employs DevOps engineers to deliver new features and do bug fixes Unites the development and operations teams throughout the entire software delivery process to speed up code deployment. Develops all the code in one big software package for delivery to the Ops team, which then tests the code for deployment. Uses automation tools and is almost identical to the traditional software development model.
Unites the development and operations teams throughout the entire software delivery process to speed up code deployment.
Which Prisma Cloud threat detection feature analyzes millions of audit events and then uses machine learning to detect anomalous activities that could signal account compromises, insider threats, stolen access keys, and other potentially malicious user activities? Network anomaly detection Visibility, governance, and compliance Automated investigation and response User and entity behavior analytics
User and entity behavior analytics
In which step of the cyber-attack lifecycle do hackers embed intruder code within seemingly innocuous files? delivery weaponization reconnaissance exploitation
Weaponization
Which three areas of focus can Cortex XSOAR help the SOC team combat security challenges? (Choose three.) Workflow automation Isolation Ticketing Training Collaboration
Workflow automation Ticketing Collaboration
Which Cortex technology combines multiple methods of prevention at critical phases within the attack lifecycle to halt the execution of malicious programs and stop the exploitation of legitimate applications, regardless of operating system? TIM XDR XSOAR XSIAM
XDR
Which Cortex technology ingests granular data to fuel many layers of machine learning that automate critical threat detection and remediation steps downstream? XDR XSOAR XSIAM Data Lake
XSIAM
Which statement about private clouds is incorrect? North-south traffic refers to data packets moving in and out of a virtualized environment. You can combine multiple physical hosts into one computer cluster. You need to secure east-west traffic only in a private cloud. Compute clusters allow virtual machines to move freely while preserving compute, storage, networking, and security configurations.
You need to secure east-west traffic only in a private cloud.
What security technology can Erik and the SOC team use to identify anomalous behavior indicative of attacks? endpoint security analytics behavioral analytics malware analytics honey pot analytics
behavioral analytics
Which networking device increases the number of collision domains? Router Switch Hub Wireless repeater
Switch
Which device is M2M (machine to machine)? Internet-connected TV home alarm that dials the police for response car GPS temperature sensor connected to a fire suppression system
Temperature sensor connected to a fire suppression system.
Mobile devices are easy targets for attacks for which two reasons? (Choose two.) They have poor battery-charging capabilities. They roam in unsecured areas. They stay in an always-on, always-present state. They use speaker phones.
They roam in unsecured areas. They stay in an always-on, always-present state.
The Prisma suite secures public cloud environments, SaaS applications, internet access, mobile users, and remote locations through a cloud-delivered architecture. True False
True
True or false? Another term for a bot is a "zombie". True False
True
WPA2 includes a function that generates a 256-bit key based on a much shorter passphrase created by the administrator of the Wi-Fi network and the service set identifier (SSID) of the AP is used as a salt (random data) for the one-way hash function. True False
True
Which TCP/IP sub-protocol operates at Layer4 of the OSI model? UDP SSH FTP HTTPS
UDP
Which Palo Alto Networks NGFW subscription service enables you to identify and control access to websites that host malware and phishing pages? Threat Prevention URL Filtering DNS Security WildFire
URL Filtering
Which characteristic of serverless computing enables developers to quickly deploy application code? Using Container as a Service (CaaS) to deploy application containers to run their code. Uploading cloud service autoscaling services to deploy more virtual machines to run their application code based on user demand. Using cloud service spot pricing to reduce the cost of using virtual machines to run their application code. Uploading the application code itself, without having to provision a full container image or any OS virtual machine components.
Uploading the application code itself, without having to provision a full container image or any OS virtual machine components.
Which action is part of the identity security pillar? user and entity behavior analytics (UEBA) Microservice-aware micro-segmentation integration with the CI/CD workflow automated asset inventory
User and entity behavior analytics (UEBA.)
Which two network resources does a directory service database contain? (Choose two.) Users Terminal shell types on endpoints /etc/shadow files Services
Users Services
What is the decimal representation of binary 1111 1101? 251 252 253 254
253
Which two malware types are self-replicating? (Choose two.) logic bomb back door virus trojan horse worm
Virus Worm
When is it impossible to secure SaaS data? When a user uses an unmanaged device to access an unsanctioned SaaS instance. When a user uses a managed device to access an unsanctioned SaaS instance. When a user uses an unmanaged device to access a sanctioned SaaS instance. When a user uses a managed device to access a sanctioned SaaS instance.
When a user uses an unmanaged device to access an unsanctioned SaaS instance.
Which type of malware disables protection software? ransomware Trojan horse worm Anti-AV
Anti-AV
Which feature of the NGFW can distinguish between reading Facebook and commenting? App-ID Content-ID User-ID Global Protect
App-ID
Question 17 of 70 What is the collective term for software versions, OS settings, and configuration file settings? configuration items configurable values computer settings the configuration
Configuration items
Which type of malware protection requires in-depth knowledge of applications and how they communicate? signature-based container-based application allow lists anomaly detection
Container-based
What are the two meanings of the CI/CD pipeline? (Choose two.) continuous integration/continuous delivery continuous implementation/continuous delivery continuous integration/continuous deployment continuous implementation/continuous deployment
Continuous integration/continuous delivery Continuous integration/continuous deployment
Which Palo Alto Networks product suite is used to manage alerts, obtain additional information, and orchestrate responses? Strata Prisma Cortex WildFire
Cortex
Which option would be an example of PII that you need to prevent from leaving your enterprise network? Credit card number Trade secret National security information A symmetric encryption key
Credit card number
Which group is primarily motivated by money? hacktivists cybercriminals cyberterrorists state-affiliated groups
Cybercriminals
Which attacker profile uses the internet to recruit members to an ideology, to train them, and to spread fear and induce panic? Cybercriminals State-affiliated groups Hacktivists Cyberterrorists
Cyberterrorists
Which two attacks typically use a botnet? (Choose two.) Ssocial engineering DoS DDoS Sending spam to a lengthy mailing list Spear phishing
DDoS Sending spam to a lengthy mailing list.
The customer is responsible only for which type of security when using a SaaS application? data platform physical infrastructure
Data
Which layer of the OSI model ensures that messages are delivered to the proper device across a physical network? Presentation Network Application Data Link
Data Link
How does DevSecOps improve the Continuous Integration/Continuous Deployment (CI/CD) pipeline? DevSecOps ensures the pipeline has horizontal intersections for application code deployment. DevSecOps does security checking after the application code has been processed through the CI/CD pipeline. DevSecOps unites the Security team with the Development and Operations teams to integrate security into the CI/CD pipeline. DevSecOps improves pipeline security by assigning the security team as the lead team for continuous deployment.
DevSecOps unites the Security team with the Development and Operations teams to integrate security into the CI/CD pipeline.
Which Panorama object is used to manage the security policy? template device group virtual system Decryption Profile
Device group
A native hypervisor runs: Within an operating system's environment Directly on the host computer's hardware Only on certain platforms With extreme demands on network throughput
Directly on the host computer's hardware
Which type of attack utilizes many endpoints as bots or attackers in a coordinated effort, and can be extremely effective in taking down a website or some other publicly accessible service? Adware Bluetooth Man-in-the-middle Distributed denial-of-service
Distributed denial-of-service
Question 21 of 70 Which of the following security issues can cause a long patched vulnerability to resurface? VM sprawl intra-vm communications hypervisor vulnerabilities dormant virtual machines
Dormant virtual machines
Which type of traffic can stay contained in a single physical server? North-south East-west unknown trusted
East-west
Which type of Wi-Fi attack depends on the victim initiating the connection? Jasager Mirai Evil twin Parager
Evil twin
In an IDS/IPS, which type of alarm occurs when legitimate traffic is improperly identified as malicious traffic? False-negative True-negative False-positive True-positive
False-positive
What User identification for network and services access is implemented by applying policies? Key Security Management Identity Tag Management Network Management Protocols Identity and Access Management
Identity and Access Management
Which action is part of the compute security pillar? user and entity behavior analytics (UEBA) Microservice-aware micro-segmentation integration with the CI/CD workflow automated asset inventory
Integration with the CI/CD workflow.
Which type of system automatically blocks or drops suspicious, pattern-matching activity on the network in real time? Intrusion Prevention Data Loss Prevention Intrusion Detection Unified Threat Management
Intrusion Prevention
Who is the most likely target of social engineering? Executive management, because it has the most permissions. Senior IT engineers, because the attacker hopes to get them to disable the security infrastructure. Junior people, because they are easier to stress and probably not as well trained. The accounting department, because it can wire money directly to the attacker's account.
Junior people, because they are easier to stress and probably not as well trained.
Which next-generation firewall deployment option prevents successful cyberattacks from targeting mobile network services? VM-Series K2-Series CN-Series PA-Series
K2-Series
Which three operating systems are supported by Cortex XDR? (Choose three.) z/OS Linux macOS Minix Android
Linux MacOS Android
Which zero trust deployment method obtains a detailed picture of traffic flows throughout the network, including where, when, and to what extent specific users are using specific applications and data resources? Listen-only mode Establish trust zones Implement at major access points Define trust zones
Listen-only mode
Of the endpoint checks, what is bypassed for known programs? WildFire query behavioral threat protection local analysis Firewall analysis
Local analysis
What is the name of the attack in which the attacker gets the victim to connect to an access point the attack controls? Person in the middle Man in the middle Access point in the middle Access point masquerading
Man in the middle
Which type of LAN technology is being displayed in the diagram? Star Topology Bus Topology Spine Leaf Topology Mesh Topology
Mesh Topology
Which action is part of the network security pillar? user and entity behavior analytics (UEBA) Microservice-aware micro-segmentation integration with the CI/CD workflow automated asset inventory
Microservice-aware micro-segmentation
Which key component is used to configure a static route? routing protocol next hop IP address enable setting router ID
Next hop IP address
Which environment allows you to install an appliance that sees all traffic? LAN when people work from home Non-virtualized data center virtualized data center VPC network
Non-virtualized data center
During the OSI layer 3 step of the encapsulation process, what is the Protocol Data Unit (PDU) called when the IP stack adds source (sender) and destination (receiver) IP addresses? Data Segment Packet Frame
Packet
Which three options partially comprise the six elements of SecOps? (Choose three.) People Networking Data storage Technology Processes
People Technology Processes
Question 18 of 70 A provider's applications run on a cloud infrastructure. The consumer does not manage or control the underlying infrastructure. Which cloud computing service model is this? platform as a service (PaaS) infrastructure as a service (IaaS) software as a service (SaaS) public cloud
Platform as a service (PaaS)
Which technique changes protocols at random during a session? port hopping use of non-standard ports tunneling within commonly used services hiding within SSL encryption
Port Hopping
What is the key to "taking down" a botnet? install openvas software on endpoints use LDAP as a directory service prevent bots from communicating with the C2 block Docker engine software on endpoints
Prevent bots from communicating with the C2.
Which NIST cloud deployment model would you recommend for a startup that does not have much money to pay for hosting or a data center and needs a 24x7 server? public private community hybrid
Public
When signature-based antivirus software detects malware, what three things does it do to provide protection? (Choose three.) Quarantine the infected file. Delete the infected file. Remove the infected file's extension. Alert system administrators. Decrypt the infected file using base64.
Quarantine the infected file. Delete the infected file. Alert system administrators.
How does adopting a serverless model impact application development? Prevents developers from focusing on just the application code because you need to provision the underlying infrastructure to run the code. Slows down the deployment of application code, but it improves the quality of code development. Reduces the operational overhead necessary to deploy application code. Costs more to develop application code because it uses more compute resources.
Reduces the operational overhead necessary to deploy application code.
What are two key characteristics of a Type 2 hypervisor? (Choose two.) Runs without any vulnerability issues Runs within an operating system Is hardened against cyber attacks Allows multiple, virtual (or guest) operating systems to run concurrently on a single physical host computer
Runs within an operating system Allows multiple, virtual (or guest) operating systems to run concurrently on a single physical host computer
What is the relationship between SIEM and SOAR? SIEM products implement the SOAR business process. SIEM and SOAR are different names for the same product category. SIEM systems collect information to identify issues that SOAR products help mitigate. SOAR systems collect information to identify issues that SIEM products help mitigate.
SIEM systems collect information to identify issues that SOAR products help mitigate.
Which VPN technology has become the standard method of connecting remote endpoint devices back to the enterprise network? SSL L2TP PPTP IPsec
SSL
Which Wi-Fi attack intercepts the victim's web traffic, redirects the victim's browser to a web server that it controls, and serves up whatever content the attacker desires? Jasager Emotet SSLstrip Evil Twin
SSLstrip
Which IPsec feature allows device traffic to go directly to the Internet? IKE Security Association Split tunneling Diffie-Hellman groups Authentication Header (AH)
Split tunneling
Which category of IoT enables real-time use cases, such as autonomous vehicles, with 4G LTE Advanced Pro delivering speeds in excess of 3Gbps and less than 2 milliseconds of latency? satellite low-power WAN short-range wireless cellular
cellular
Which type of firewall operates up to Layer 4 (transport layer) of the OSI model and inspects individual packet headers to determine source and destination IP address, protocol (TCP, UDP, ICMP), and port number? proxy application packet filtering stateful inspection
packet filtering
Which MDM capability requires passcodes, enables encryption, locks down security settings, and prevents jailbreaking or rooting? data loss prevention remote erase/wipe software distribution policy enforcement
policy enforcement
Which DNS record type do you use to find the IPv4 address of a host? A AAAA PTR MX
A
Anthem server breaches disclosed Personally Identifiable Information (PII) from a number of its servers. The infiltration by hackers was attributed to which type of vulnerability? Exploitation of an unpatched security vulnerability. A phishing scheme that captured a database administrator's password. An intranet-accessed contractor's system that was compromised. Access by using a third-party vendor's password.
A phishing scheme that captured a database administrator's password
Which two advantages does endpoint protection technology have over network traffic analysis? (Choose two.) Ability to identify most common attacks by their symptoms. Deployed and managed centrally. Easier to deploy endpoint protection when people work from home. Detects command and control channels. Can easily identify worms.
Ability to identify most common attacks by their symptoms. Easier to deploy endpoint protection when people work from home.
Which part of APTs indicate that attackers use advanced malware and exploits and typically also have the skills and resources necessary to develop additional cyberattack tools and techniques? Threat Persistent Secure Advanced
Advanced
What type of malware can have multiple control servers distributed all over the world with multiple fallback options? Logic bombs Rootkits Advanced or modern Exploits
Advanced or modern
Which predefined malware signature action notifies the user that malware has been detected? Delete Quarantine Alert Isolate
Alert
Which defensive tool is installed on endpoints to mitigate malware attacks? Antivirus software germ scans DNS client DHCP client
Antivirus software
Which systems must you secure to ensure compliance with security standards? The servers in the data center. The devices owned by the enterprise, whether they are servers in the data center, cloud vms you manage, or user endpoint devices. Any system where the data for which you are responsible goes. Every device that is either owned by the enterprise, or used by enterprise employees.
Any system where the data for which you are responsible goes.
What does the acronym CIDR represent? Classful Inter Dependant Routing Classless Inter-Domain Routing Classless Inter Dependant Routing Classful Inter Domain Routing
Classless Inter-Domain Routing
Which option is an example of a North-South traffic flow? Traffic between an internal server and internal user Client-server interactions that cross the edge perimeter An internal three-tier application Lateral movement within a cloud or data center
Client-server interactions that cross the edge perimeter.
Why have software developers widely embraced the use of containers? Containers require separate development and production environments to promote authentic code. Containers simplify the building and deploying of cloud native applications. Containers share application dependencies with other containers and with their host computer. Containers are host specific and are not portable across different virtual machine hosts.
Containers simplify the building and deploying of cloud native applications.
In the attached network diagram, which device is the switch? A B C D
D
Routing Information Protocol (RIP), uses what metric to determine how network traffic should flow? Shortest Path Split Horizon Path Vector Hop Count
Hop Count
What is the meaning of a SaaS application that is advertised as being HIPAA compliant? Regardless of how you configure the application for your enterprise, you will be HIPAA compliant. If your administrator configures the security settings on the application correctly, you will be HIPAA compliant. If your administrator and your users use the application correctly, you will be HIPAA compliant. If your administrator and your users use the application correctly, the application will not cause you to not be HIPAA compliant.
If your administrator and your users use the application correctly, the application will not cause you to not be HIPAA compliant.
What does a directory service associate with users in order to control access to resources? Position descriptions Permissions Supervisor status Tenure within an organization
Permissions
The spread of unsolicited content to targeted endpoints is known as what? Pharming Phishing Exploiting Spamming
Phishing
Which component may be shared with other cloud tenants even when using IaaS? application runtime virtual machine (guest) physical machine (host)
Physical machine (host)
What does Cortex XSOAR use to automate security processes? bash scripts Windows PowerShell playbooks Python scripts
Playbooks
Which component of the zero trust conceptual architecture is called a "platform" to reflect that it is made up of multiple distinct (and potentially distributed) security technologies that operate as part of a holistic threat protection framework to reduce the attack surface and correlate information about discovered threats? Management infrastructure Single component Pocket of trust Trust zone
Single component
Which area network separates the control and management processes from the underlying networking hardware for simplified configuration and deployment? Wireless local area network (WLAN) Software-defined wide area network (SD-WAN) Wide area network (WAN) Local area network (LAN)
Software-defined wide area network (SD-WAN)
Which type of attack includes an email advertisement for a dry cleaning service? spamming phishing spear phishing whaling
Spamming
On which device do you configure VLANs? wireless repeater hub switch router
Switch
Which Palo Alto Networks subscription service complements App-ID by enabling you to configure the next-generation firewall to identify and control access to websites and to protect your organization from websites hosting malware and phishing pages? DNS Security WildFire URL Filtering Threat Prevention
URL Filtering
Which three options partially comprise the six elements of SecOps? (Choose three.) Visibility Disaster recovery Business Interfaces Regular audits
Visibility Business Interfaces
Which kind of server is a master server that is designed to listen to individual compromised endpoints and respond with appropriate attack commands? web bot directory services command and control
command and control
Which three security functions are integrated with a UTM device? (Choose three.) cloud access security broker (CASB) firewall Remote Browser Isolation (RBI) Intrusion Detection System (IDS) anti-spam DevOps automation
firewall Intrusion Detection System (IDS) anti-spam
Which three options describe the relationship and interaction between a customer and SaaS? (Choose three.) internet- or application-based convenient and economical subscription service extensive manpower required complex deployment
internet- or application-based convenient and economical subscription service
Which physical or virtual device sends data packets to destination networks along a network path using logical addresses? access point router switch hub
router