Palo Alto PCCET

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Which TCP/IP sub-protocol operates at the Layer7 of the OSI model? UDP MAC NFS SNMP

SNMP

How many bytes are in an IPv6 address? 4 8 16 32

16

Providing education opportunities to SOC analysts can help Erik's staff grow into different career paths. What advanced roles are available for the SOC analysts? Tier 2 or Tier 3 Analyst Team Lead/Shift Lead SOC Manager Threat Hunter All of the above

All of the above

Can you recommend what kind of configuration and operational questions they would need to answer? (Choose three.) Are the technologies in place configured to best practice? How many analysts are resolving incidents per day? How often are there deviations to SOC procedures? How many events are analysts handling per hour? How many firewall and endpoint technologies are in place?

Are the technologies in place configured to best practice? How often are there deviations to SOC procedures? How many events are analysts handling per hour?

Which item is not one of the four Cs of cloud native security? Code Containers Cache Clusters

Cache

Which class of address begins with the decimal 130 in the first octet? Class A Class B Class C Class D

Class B

In which area of focus can the SOC team use the Cortex XSOAR War Room to conduct a joint investigation? Ticketing Workflow automation Collaborate Manage incidents

Collaborate

What types of training content can Erik teach to create consistency within an organization? (Choose three.) Company security and privacy training. Continuous education training. Incident response training. Event triage training. Tool-feature use training.

Company security and privacy training. Continuous education training. Tool-feature use training.

Which one of the four Prisma Cloud pillars enforces machine learning-based runtime protection to protect applications and workloads in real time? Compute security Identity security Network protection Visibility, governance, and compliance

Compute security

Which type of endpoint protection wraps a protective virtual barrier around vulnerable processes while they are running? Container-based Anomaly-based Application-based Signature-based

Container-based

Which Cortex technology has strict privacy and security controls in place to prevent unauthorized access to sensitive or identifiable information? Data Lake XDR XSOAR XSIAM

Data Lake

What tool or technology can Erik and the SOC team use to detect and prevent accidental or malicious release of proprietary or sensitive information? Vulnerability management URL Filtering SSL Decryption Data Loss Prevention (DLP)

Data Loss Prevention (DLP)

What is the purpose of the shared responsibility model? Pools resources to achieve economies of scale. Defines who (customer and/or provider) is responsible for what, related to security, in the public cloud. Helps your organization scale. Brings cost and operational benefits but also technology benefits.

Defines who (customer and/or provider) is responsible for what, related to security, in the public cloud.

Erik is concerned that some of these alerts may be critical and the team will need help mitigating all of them. What should Erik do? Deploy more SIEMs to collect and process the data before having a SOC analyst interpret the data and take appropriate action. Deploy additional endpoint security to protect servers, PCs, laptops, and tablets so that alerts that are missed can be caught before exfiltrating data from the end user. Deploy SOAR technologies so he can accelerate incident response and automatically execute process-driven playbooks to mitigate critical alerts. Deploy more firewalls to protect the network while SOC analysts are interpreting data and taking appropriate action.

Deploy SOAR technologies so he can accelerate incident response and automatically execute process-driven playbooks to mitigate critical alerts.

Can you remind Erik what is the SOC team's main goal? Detect, analyze, and respond to cybersecurity incidents using a combination of technology solutions and a set of processes to help mitigate the incidents. Improve the security posture of the business, its products, and services by introducing security as a shared responsibility. Reduce the time required to contain a breach. Connect disparate security technologies through standardized and automatable workflows.

Detect, analyze, and respond to cybersecurity incidents using a combination of technology solutions and a set of processes to help mitigate the incidents.

Introducing security checks early in the software development process is part of which development model? DevSecOps DevCyberOps DevOps DevSecTestOps

DevSecOps

Erik's SOC team is divided into groups with different functions. Which three teams are responsible for the development, implementation, and maintenance of security policies? Endpoint Security, Network Security, and Cloud Security. Enterprise Security, Endpoint Security, and Cloud Security. HelpDesk Security, Operational Security, and Information Technology Security. Telemetry Security, Forensics Security, and Threat Intelligence Security

Endpoint Security, Network Security, and Cloud Security.

True or false? Prisma SaaS is deployed as a standalone inline service between the organization's traditional perimeter-based firewalls and requires a software agent to be installed on mobile devices. True False

False

Which cloud infrastructure comprises two or more cloud deployment models, bound by standardized or proprietary technology that enables data and application portability? Community Private Public Hybrid

Hybrid

Which statement about hybrid clouds is incorrect? Hybrid clouds optimize existing hardware resources. Hybrid clouds increase data center costs. Hybrid clouds can handle "bursty" applications through autoscaling. Hybrid clouds increase operational efficiencies.

Hybrid clouds increase data center costs.

What allows multiple, virtual operating systems to run concurrently on a single physical host computer? Micro-VMs Hypervisor Serverless computing Virtual machines

Hypervisor

Which model would a customer choose if they want full control over the operating system(s) running on their cloud computing platform? PaaS SaaS DaaS IaaS

IaaS

What tool or technology can provide Erik and his SOC team control for the provisioning, maintenance, and operation of user identities? Identity and access management Mobile device management Network access controls Virtual private networks

Identity and access management

Which SecOp function is proactive? Identify Investigate Mitigate Improve The correct answer was "Improve".

Improve

Which team can Erik turn to for assistance for operational changes to cloud technology? Help Desk Team DevOps Team Operational Technology Team Information Technology Operations Team

Information Technology Operations Team

In which cloud computing service model does a provider secure the physical computers running the virtual environment? Software as a service (SaaS) Infrastructure as a service (IaaS) Public cloud Platform as a service (PaaS)

Infrastructure as a service (IaaS)

Which Prisma Cloud feature enables templates for vulnerabilities and builds cloud-agnostic policies for the build and runtime development phases? Cloud asset inventory Infrastructure-as-Code (IaC) scanning Integrated development environment (IDE) Compliance monitoring and reporting

Infrastructure-as-Code (IaC) scanning

Erik has identified the alert and opened an incident in the ticketing system. What Security Operations function would Erik perform next? Perform a detail analysis of the alert. Investigate the root cause and impact of the incident. Stop the attack and close the ticket. Adjust and improve operations to stay current with changing and emerging threats.

Investigate the root cause and impact of the incident.

Which WildFire verdict is given for a submission that is malicious in nature and intent and can pose security threats (for example, viruses, worms, Trojan horses, rootkits, botnets, and remote-access toolkits?) phishing grayware benign malware

Malware

Which Prisma Cloud feature helps users identify and protect against known and unknown file-based threats that have infiltrated S3 buckets? Data governance Data visibility and classification Alert and remediation Malware detection

Malware detection

Which step of implementing a Zero Trust model includes scanning and mapping the transaction flows inside your network to determine how various data, applications, assets, and service components interact with other resources on your network? Define your protect surface. Architect a Zero Trust network. Create the Zero Trust policy. Map the transaction flows.

Map the transaction flows.

What are scaled-down, lightweight virtual machines that run on hypervisor software and contain only the Linux operating system kernel features necessary to run a container? Kubernetes Containers Micro-VMs Serverless

Micro-VMs

What is the first step Erik should consider when setting the budget? Establish a budget to meet the minimum requirements of the team. Obtain an agreement regarding the mission of the Security Operations and the SOC. Identify the technology, staff, facility, training, and additional needs. Define the processes needed to change the allocated budget and for emergency budget relief.

Obtain an agreement regarding the mission of the Security Operations and the SOC.

What are the three components of SOAR that Erik and the SOC team can use to help secure the business? (Choose three.) Orchestration Innovation Automation Collaboration Response

Orchestration Automation Response

What parameter can Erik and the SOC team use that allows for the immediate containment or prevention of a security incident without further approvals? Automatic mitigation scenarios. Automatic resolution scenarios. Pre-approved breach scenarios. Pre-approved mitigation scenarios.

Pre-approved mitigation scenarios.

Organizations are using which resource to expand their on-premises private cloud compute capacity? Software defined data centers Virtual storage Public cloud Virtual networks

Public cloud

If the SOC team is unable to detect a security breach, what are the two potential damages that can happen to the business? (Choose two.) Infrastructure and server uptime. Ransom payments to attackers. Legal and media fees while dealing with breach. Increase in customer switching to your company.

Ransom payments to attackers. Legal and media fees while dealing with breach.

Which SOAR goal enables the SOC team to use playbook orchestration to extract more value through task automation and coordination? Accelerated response Standardize process Reduce risk Collaboration and learning

Reduce risk

Which cloud feature continuously monitors an app's behavior and the context of behavior to immediately identify and prevent malicious activity? Integrated development environment (IDE) Cloud access security broker (CASB) Software configuration management (SCM) Runtime application self protection (RASP)

Runtime application self protection (RASP)

What tool or technology can Erik and the SOC team use to ingest aggregated alerts and execute an automated process-driven playbook? SIEM CERT CSIRT SOAR

SOAR

What tool or technology can Erik and the SOC team use to provide visibility into HTTPS traffic to find IOCs or high-fidelity indicators? Application Monitoring SSL Decryption URL Filtering Data Loss Prevention

SSL Decryption

Which SaaS application behavior is allowed and provided by information technology (IT)? Sanctioned Tolerated Unsanctioned Prohibited

Sanctioned

What details should Erik's weekly reports include? Open incidents and other daily activity that have been accomplished. Overall effectiveness of the SecOps functions, how long events are sitting in queue before being triaged, and if staffing in the SOC is appropriate. Security trends to initiate threat-hunting activities, open and closed cases, and conclusions of tickets (malicious, benign, false-positive.) All of the above

Security trends to initiate threat-hunting activities, open and closed cases, and conclusions of tickets (malicious, benign, false-positive.)

n which model do applications rely on managed services that abstract away the need to manage, patch, and secure infrastructure and virtual machines? PaaS Serverless Containers SaaS

Serverless

What methods can the SOC team employ to mitigate employee burnout? (Choose three.) Create a plan to move all employees into management roles. Create on-the-job training only, because it's more helpful than reading documentation. Shift turnover stand-up meeting (beginning or end of shift.) Schedule shifts to avoid high-traffic commute times. Train at least two employees on the same tasks so there is no single point of failure.

Shift turnover stand-up meeting (beginning or end of shift.) Schedule shifts to avoid high-traffic commute times. Train at least two employees on the same tasks so there is no single point of failure.

Palo Alto Networks firewalls are built on which type of architecture? Multi-pass Ultimate-pass Single-pass Strict-pass

Single-pass

Activity gathered by Erik and the SOC team electronically and in real-time from a given source is called? Telemetry Log Forensic (raw) Alert

Telemetry

What are relevant information that Erik and the SOC team's detailed analysis investigation can gather? (Choose three.) How the alert should be triaged The potential impact of the security incident Where the attacker will exfiltrate data from next The adversary's objective Whether the incident is a true incident or a false positive

The potential impact of the security incident. The adversary's objective. Whether the incident is a true incident or a false positive.

What could Erik and the team do if they wanted to reclassify the severity level of the attack? The team can reclassify the severity to 3 - Medium because the team is already working on mitigating the issue. Nothing. Severity 1 - Critical indicates a breach and is the highest severity level. The team can reclassify the attack as a Severity 0 to indicate an ongoing breach where the attacker is attempting to exfiltrate, encrypt, or corrupt data. The team can reclassify the severity to 5 - Informational, because the attack has already been identified.

The team can reclassify the attack as a Severity 0 to indicate an ongoing breach where the attacker is attempting to exfiltrate, encrypt, or corrupt data.

Which path or tool is used by attackers? SaaS Anti-malware update Threat vector Storage-area networks (SAN)

Threat vector

True or false? Prisma Access consistently protects all traffic, on all ports and from all applications. True False

True

True or false? Prisma SaaS protects data in hosted files and application entries. True False

True

Which phrase best describes a DevOps software development model? Employs DevOps engineers to deliver new features and do bug fixes Unites the development and operations teams throughout the entire software delivery process to speed up code deployment. Develops all the code in one big software package for delivery to the Ops team, which then tests the code for deployment. Uses automation tools and is almost identical to the traditional software development model.

Unites the development and operations teams throughout the entire software delivery process to speed up code deployment.

Which Prisma Cloud threat detection feature analyzes millions of audit events and then uses machine learning to detect anomalous activities that could signal account compromises, insider threats, stolen access keys, and other potentially malicious user activities? Network anomaly detection Visibility, governance, and compliance Automated investigation and response User and entity behavior analytics

User and entity behavior analytics

In which step of the cyber-attack lifecycle do hackers embed intruder code within seemingly innocuous files? delivery weaponization reconnaissance exploitation

Weaponization

Which three areas of focus can Cortex XSOAR help the SOC team combat security challenges? (Choose three.) Workflow automation Isolation Ticketing Training Collaboration

Workflow automation Ticketing Collaboration

Which Cortex technology combines multiple methods of prevention at critical phases within the attack lifecycle to halt the execution of malicious programs and stop the exploitation of legitimate applications, regardless of operating system? TIM XDR XSOAR XSIAM

XDR

Which Cortex technology ingests granular data to fuel many layers of machine learning that automate critical threat detection and remediation steps downstream? XDR XSOAR XSIAM Data Lake

XSIAM

Which statement about private clouds is incorrect? North-south traffic refers to data packets moving in and out of a virtualized environment. You can combine multiple physical hosts into one computer cluster. You need to secure east-west traffic only in a private cloud. Compute clusters allow virtual machines to move freely while preserving compute, storage, networking, and security configurations.

You need to secure east-west traffic only in a private cloud.

What security technology can Erik and the SOC team use to identify anomalous behavior indicative of attacks? endpoint security analytics behavioral analytics malware analytics honey pot analytics

behavioral analytics

Which networking device increases the number of collision domains? Router Switch Hub Wireless repeater

Switch

Which device is M2M (machine to machine)? Internet-connected TV home alarm that dials the police for response car GPS temperature sensor connected to a fire suppression system

Temperature sensor connected to a fire suppression system.

Mobile devices are easy targets for attacks for which two reasons? (Choose two.) They have poor battery-charging capabilities. They roam in unsecured areas. They stay in an always-on, always-present state. They use speaker phones.

They roam in unsecured areas. They stay in an always-on, always-present state.

The Prisma suite secures public cloud environments, SaaS applications, internet access, mobile users, and remote locations through a cloud-delivered architecture. True False

True

True or false? Another term for a bot is a "zombie". True False

True

WPA2 includes a function that generates a 256-bit key based on a much shorter passphrase created by the administrator of the Wi-Fi network and the service set identifier (SSID) of the AP is used as a salt (random data) for the one-way hash function. True False

True

Which TCP/IP sub-protocol operates at Layer4 of the OSI model? UDP SSH FTP HTTPS

UDP

Which Palo Alto Networks NGFW subscription service enables you to identify and control access to websites that host malware and phishing pages? Threat Prevention URL Filtering DNS Security WildFire

URL Filtering

Which characteristic of serverless computing enables developers to quickly deploy application code? Using Container as a Service (CaaS) to deploy application containers to run their code. Uploading cloud service autoscaling services to deploy more virtual machines to run their application code based on user demand. Using cloud service spot pricing to reduce the cost of using virtual machines to run their application code. Uploading the application code itself, without having to provision a full container image or any OS virtual machine components.

Uploading the application code itself, without having to provision a full container image or any OS virtual machine components.

Which action is part of the identity security pillar? user and entity behavior analytics (UEBA) Microservice-aware micro-segmentation integration with the CI/CD workflow automated asset inventory

User and entity behavior analytics (UEBA.)

Which two network resources does a directory service database contain? (Choose two.) Users Terminal shell types on endpoints /etc/shadow files Services

Users Services

What is the decimal representation of binary 1111 1101? 251 252 253 254

253

Which two malware types are self-replicating? (Choose two.) logic bomb back door virus trojan horse worm

Virus Worm

When is it impossible to secure SaaS data? When a user uses an unmanaged device to access an unsanctioned SaaS instance. When a user uses a managed device to access an unsanctioned SaaS instance. When a user uses an unmanaged device to access a sanctioned SaaS instance. When a user uses a managed device to access a sanctioned SaaS instance.

When a user uses an unmanaged device to access an unsanctioned SaaS instance.

Which type of malware disables protection software? ransomware Trojan horse worm Anti-AV

Anti-AV

Which feature of the NGFW can distinguish between reading Facebook and commenting? App-ID Content-ID User-ID Global Protect

App-ID

Question 17 of 70 What is the collective term for software versions, OS settings, and configuration file settings? configuration items configurable values computer settings the configuration

Configuration items

Which type of malware protection requires in-depth knowledge of applications and how they communicate? signature-based container-based application allow lists anomaly detection

Container-based

What are the two meanings of the CI/CD pipeline? (Choose two.) continuous integration/continuous delivery continuous implementation/continuous delivery continuous integration/continuous deployment continuous implementation/continuous deployment

Continuous integration/continuous delivery Continuous integration/continuous deployment

Which Palo Alto Networks product suite is used to manage alerts, obtain additional information, and orchestrate responses? Strata Prisma Cortex WildFire

Cortex

Which option would be an example of PII that you need to prevent from leaving your enterprise network? Credit card number Trade secret National security information A symmetric encryption key

Credit card number

Which group is primarily motivated by money? hacktivists cybercriminals cyberterrorists state-affiliated groups

Cybercriminals

Which attacker profile uses the internet to recruit members to an ideology, to train them, and to spread fear and induce panic? Cybercriminals State-affiliated groups Hacktivists Cyberterrorists

Cyberterrorists

Which two attacks typically use a botnet? (Choose two.) Ssocial engineering DoS DDoS Sending spam to a lengthy mailing list Spear phishing

DDoS Sending spam to a lengthy mailing list.

The customer is responsible only for which type of security when using a SaaS application? data platform physical infrastructure

Data

Which layer of the OSI model ensures that messages are delivered to the proper device across a physical network? Presentation Network Application Data Link

Data Link

How does DevSecOps improve the Continuous Integration/Continuous Deployment (CI/CD) pipeline? DevSecOps ensures the pipeline has horizontal intersections for application code deployment. DevSecOps does security checking after the application code has been processed through the CI/CD pipeline. DevSecOps unites the Security team with the Development and Operations teams to integrate security into the CI/CD pipeline. DevSecOps improves pipeline security by assigning the security team as the lead team for continuous deployment.

DevSecOps unites the Security team with the Development and Operations teams to integrate security into the CI/CD pipeline.

Which Panorama object is used to manage the security policy? template device group virtual system Decryption Profile

Device group

A native hypervisor runs: Within an operating system's environment Directly on the host computer's hardware Only on certain platforms With extreme demands on network throughput

Directly on the host computer's hardware

Which type of attack utilizes many endpoints as bots or attackers in a coordinated effort, and can be extremely effective in taking down a website or some other publicly accessible service? Adware Bluetooth Man-in-the-middle Distributed denial-of-service

Distributed denial-of-service

Question 21 of 70 Which of the following security issues can cause a long patched vulnerability to resurface? VM sprawl intra-vm communications hypervisor vulnerabilities dormant virtual machines

Dormant virtual machines

Which type of traffic can stay contained in a single physical server? North-south East-west unknown trusted

East-west

Which type of Wi-Fi attack depends on the victim initiating the connection? Jasager Mirai Evil twin Parager

Evil twin

In an IDS/IPS, which type of alarm occurs when legitimate traffic is improperly identified as malicious traffic? False-negative True-negative False-positive True-positive

False-positive

What User identification for network and services access is implemented by applying policies? Key Security Management Identity Tag Management Network Management Protocols Identity and Access Management

Identity and Access Management

Which action is part of the compute security pillar? user and entity behavior analytics (UEBA) Microservice-aware micro-segmentation integration with the CI/CD workflow automated asset inventory

Integration with the CI/CD workflow.

Which type of system automatically blocks or drops suspicious, pattern-matching activity on the network in real time? Intrusion Prevention Data Loss Prevention Intrusion Detection Unified Threat Management

Intrusion Prevention

Who is the most likely target of social engineering? Executive management, because it has the most permissions. Senior IT engineers, because the attacker hopes to get them to disable the security infrastructure. Junior people, because they are easier to stress and probably not as well trained. The accounting department, because it can wire money directly to the attacker's account.

Junior people, because they are easier to stress and probably not as well trained.

Which next-generation firewall deployment option prevents successful cyberattacks from targeting mobile network services? VM-Series K2-Series CN-Series PA-Series

K2-Series

Which three operating systems are supported by Cortex XDR? (Choose three.) z/OS Linux macOS Minix Android

Linux MacOS Android

Which zero trust deployment method obtains a detailed picture of traffic flows throughout the network, including where, when, and to what extent specific users are using specific applications and data resources? Listen-only mode Establish trust zones Implement at major access points Define trust zones

Listen-only mode

Of the endpoint checks, what is bypassed for known programs? WildFire query behavioral threat protection local analysis Firewall analysis

Local analysis

What is the name of the attack in which the attacker gets the victim to connect to an access point the attack controls? Person in the middle Man in the middle Access point in the middle Access point masquerading

Man in the middle

Which type of LAN technology is being displayed in the diagram? Star Topology Bus Topology Spine Leaf Topology Mesh Topology

Mesh Topology

Which action is part of the network security pillar? user and entity behavior analytics (UEBA) Microservice-aware micro-segmentation integration with the CI/CD workflow automated asset inventory

Microservice-aware micro-segmentation

Which key component is used to configure a static route? routing protocol next hop IP address enable setting router ID

Next hop IP address

Which environment allows you to install an appliance that sees all traffic? LAN when people work from home Non-virtualized data center virtualized data center VPC network

Non-virtualized data center

During the OSI layer 3 step of the encapsulation process, what is the Protocol Data Unit (PDU) called when the IP stack adds source (sender) and destination (receiver) IP addresses? Data Segment Packet Frame

Packet

Which three options partially comprise the six elements of SecOps? (Choose three.) People Networking Data storage Technology Processes

People Technology Processes

Question 18 of 70 A provider's applications run on a cloud infrastructure. The consumer does not manage or control the underlying infrastructure. Which cloud computing service model is this? platform as a service (PaaS) infrastructure as a service (IaaS) software as a service (SaaS) public cloud

Platform as a service (PaaS)

Which technique changes protocols at random during a session? port hopping use of non-standard ports tunneling within commonly used services hiding within SSL encryption

Port Hopping

What is the key to "taking down" a botnet? install openvas software on endpoints use LDAP as a directory service prevent bots from communicating with the C2 block Docker engine software on endpoints

Prevent bots from communicating with the C2.

Which NIST cloud deployment model would you recommend for a startup that does not have much money to pay for hosting or a data center and needs a 24x7 server? public private community hybrid

Public

When signature-based antivirus software detects malware, what three things does it do to provide protection? (Choose three.) Quarantine the infected file. Delete the infected file. Remove the infected file's extension. Alert system administrators. Decrypt the infected file using base64.

Quarantine the infected file. Delete the infected file. Alert system administrators.

How does adopting a serverless model impact application development? Prevents developers from focusing on just the application code because you need to provision the underlying infrastructure to run the code. Slows down the deployment of application code, but it improves the quality of code development. Reduces the operational overhead necessary to deploy application code. Costs more to develop application code because it uses more compute resources.

Reduces the operational overhead necessary to deploy application code.

What are two key characteristics of a Type 2 hypervisor? (Choose two.) Runs without any vulnerability issues Runs within an operating system Is hardened against cyber attacks Allows multiple, virtual (or guest) operating systems to run concurrently on a single physical host computer

Runs within an operating system Allows multiple, virtual (or guest) operating systems to run concurrently on a single physical host computer

What is the relationship between SIEM and SOAR? SIEM products implement the SOAR business process. SIEM and SOAR are different names for the same product category. SIEM systems collect information to identify issues that SOAR products help mitigate. SOAR systems collect information to identify issues that SIEM products help mitigate.

SIEM systems collect information to identify issues that SOAR products help mitigate.

Which VPN technology has become the standard method of connecting remote endpoint devices back to the enterprise network? SSL L2TP PPTP IPsec

SSL

Which Wi-Fi attack intercepts the victim's web traffic, redirects the victim's browser to a web server that it controls, and serves up whatever content the attacker desires? Jasager Emotet SSLstrip Evil Twin

SSLstrip

Which IPsec feature allows device traffic to go directly to the Internet? IKE Security Association Split tunneling Diffie-Hellman groups Authentication Header (AH)

Split tunneling

Which category of IoT enables real-time use cases, such as autonomous vehicles, with 4G LTE Advanced Pro delivering speeds in excess of 3Gbps and less than 2 milliseconds of latency? satellite low-power WAN short-range wireless cellular

cellular

Which type of firewall operates up to Layer 4 (transport layer) of the OSI model and inspects individual packet headers to determine source and destination IP address, protocol (TCP, UDP, ICMP), and port number? proxy application packet filtering stateful inspection

packet filtering

Which MDM capability requires passcodes, enables encryption, locks down security settings, and prevents jailbreaking or rooting? data loss prevention remote erase/wipe software distribution policy enforcement

policy enforcement

Which DNS record type do you use to find the IPv4 address of a host? A AAAA PTR MX

A

Anthem server breaches disclosed Personally Identifiable Information (PII) from a number of its servers. The infiltration by hackers was attributed to which type of vulnerability? Exploitation of an unpatched security vulnerability. A phishing scheme that captured a database administrator's password. An intranet-accessed contractor's system that was compromised. Access by using a third-party vendor's password.

A phishing scheme that captured a database administrator's password

Which two advantages does endpoint protection technology have over network traffic analysis? (Choose two.) Ability to identify most common attacks by their symptoms. Deployed and managed centrally. Easier to deploy endpoint protection when people work from home. Detects command and control channels. Can easily identify worms.

Ability to identify most common attacks by their symptoms. Easier to deploy endpoint protection when people work from home.

Which part of APTs indicate that attackers use advanced malware and exploits and typically also have the skills and resources necessary to develop additional cyberattack tools and techniques? Threat Persistent Secure Advanced

Advanced

What type of malware can have multiple control servers distributed all over the world with multiple fallback options? Logic bombs Rootkits Advanced or modern Exploits

Advanced or modern

Which predefined malware signature action notifies the user that malware has been detected? Delete Quarantine Alert Isolate

Alert

Which defensive tool is installed on endpoints to mitigate malware attacks? Antivirus software germ scans DNS client DHCP client

Antivirus software

Which systems must you secure to ensure compliance with security standards? The servers in the data center. The devices owned by the enterprise, whether they are servers in the data center, cloud vms you manage, or user endpoint devices. Any system where the data for which you are responsible goes. Every device that is either owned by the enterprise, or used by enterprise employees.

Any system where the data for which you are responsible goes.

What does the acronym CIDR represent? Classful Inter Dependant Routing Classless Inter-Domain Routing Classless Inter Dependant Routing Classful Inter Domain Routing

Classless Inter-Domain Routing

Which option is an example of a North-South traffic flow? Traffic between an internal server and internal user Client-server interactions that cross the edge perimeter An internal three-tier application Lateral movement within a cloud or data center

Client-server interactions that cross the edge perimeter.

Why have software developers widely embraced the use of containers? Containers require separate development and production environments to promote authentic code. Containers simplify the building and deploying of cloud native applications. Containers share application dependencies with other containers and with their host computer. Containers are host specific and are not portable across different virtual machine hosts.

Containers simplify the building and deploying of cloud native applications.

In the attached network diagram, which device is the switch? A B C D

D

Routing Information Protocol (RIP), uses what metric to determine how network traffic should flow? Shortest Path Split Horizon Path Vector Hop Count

Hop Count

What is the meaning of a SaaS application that is advertised as being HIPAA compliant? Regardless of how you configure the application for your enterprise, you will be HIPAA compliant. If your administrator configures the security settings on the application correctly, you will be HIPAA compliant. If your administrator and your users use the application correctly, you will be HIPAA compliant. If your administrator and your users use the application correctly, the application will not cause you to not be HIPAA compliant.

If your administrator and your users use the application correctly, the application will not cause you to not be HIPAA compliant.

What does a directory service associate with users in order to control access to resources? Position descriptions Permissions Supervisor status Tenure within an organization

Permissions

The spread of unsolicited content to targeted endpoints is known as what? Pharming Phishing Exploiting Spamming

Phishing

Which component may be shared with other cloud tenants even when using IaaS? application runtime virtual machine (guest) physical machine (host)

Physical machine (host)

What does Cortex XSOAR use to automate security processes? bash scripts Windows PowerShell playbooks Python scripts

Playbooks

Which component of the zero trust conceptual architecture is called a "platform" to reflect that it is made up of multiple distinct (and potentially distributed) security technologies that operate as part of a holistic threat protection framework to reduce the attack surface and correlate information about discovered threats? Management infrastructure Single component Pocket of trust Trust zone

Single component

Which area network separates the control and management processes from the underlying networking hardware for simplified configuration and deployment? Wireless local area network (WLAN) Software-defined wide area network (SD-WAN) Wide area network (WAN) Local area network (LAN)

Software-defined wide area network (SD-WAN)

Which type of attack includes an email advertisement for a dry cleaning service? spamming phishing spear phishing whaling

Spamming

On which device do you configure VLANs? wireless repeater hub switch router

Switch

Which Palo Alto Networks subscription service complements App-ID by enabling you to configure the next-generation firewall to identify and control access to websites and to protect your organization from websites hosting malware and phishing pages? DNS Security WildFire URL Filtering Threat Prevention

URL Filtering

Which three options partially comprise the six elements of SecOps? (Choose three.) Visibility Disaster recovery Business Interfaces Regular audits

Visibility Business Interfaces

Which kind of server is a master server that is designed to listen to individual compromised endpoints and respond with appropriate attack commands? web bot directory services command and control

command and control

Which three security functions are integrated with a UTM device? (Choose three.) cloud access security broker (CASB) firewall Remote Browser Isolation (RBI) Intrusion Detection System (IDS) anti-spam DevOps automation

firewall Intrusion Detection System (IDS) anti-spam

Which three options describe the relationship and interaction between a customer and SaaS? (Choose three.) internet- or application-based convenient and economical subscription service extensive manpower required complex deployment

internet- or application-based convenient and economical subscription service

Which physical or virtual device sends data packets to destination networks along a network path using logical addresses? access point router switch hub

router


Ensembles d'études connexes

Chapter 19 - Share-Based Compensation and Earnings Per Share

View Set

Ch. 33 Specific (Adaptive) Immunity

View Set

digital marketing - email marketing

View Set

Voices and Visions: Chapter 5 War and Peace

View Set