Palo Alto PCCET Questions

Ace your homework & exams now with Quizwiz!

Which type of traffic flows between the public internet and private DMZ? A. north-south B. east-west C. up-down D. egress traffic

What is the authentication method that uses usernames and passwords? A. PAP B. CHAP C. MS-CHAP D. SAP

Which SaaS application behavior is allowed and provided by information technology (IT)? A. tolerated B. prohibited C. sanctioned D. unsanctioned

Which pillar defines the purpose of the Security Operations team to the business and how it will be managed? A. Visibility B. Processes C. Business D. Technology E. Interfaces

Which VPN technology is considered the preferred method for securely connecting a remote endpoint device back to an enterprise network? A. Point-to-Point Tunneling Protocol (PPTP) B. Secure Socket Tunneling Protocol (SSTP) C. Secure Sockets Layer (SSL) D. Internet Protocol Security (IPsec)

Prisma SaaS is deployed as a standalone inline service between the organization's traditional perimeter-based firewalls and requires a software agent to be installed on mobile devices. (True or False)

Which principle is behind role-based access control (RBAC)? A. separation of duties B. auditability C. least privilege D. defense in depth

What is the subnet mask for the network 10.2.0.0/20? A. 255.0.0.0 B. 255.255.0.0 C. 255.255.240.0 D. 255.255.255.0

Which Wi-Fi attack intercepts the victim's web traffic, redirects the victim's browser to a web server that it controls, and serves up whatever content the attacker desires? A. Evil Twin B. SSLstrip C. Emotet D. Jasager

Which wireless security protocol includes improved security for IoT devices, smart bulbs, wireless appliances, and smart speakers? A. WPA2 B. WPA3 C. WPA1 D. WEP

Why are IoT devices so often insecure? A. rushed development B. long release and patch cycles C. insufficient time for quality assurance D. low development budget

Which device does not process addresses? A. hub B. switch C. WiFi access point D. router

Which business objective dictates how to measure "performance" against the defined and socialized mission statement? A. Budget B. Mission C. Governance D. Planning

On which device do you configure VLANs? A. wireless repeater B. hub C. switch D. router

In which cloud computing service model does a provider's applications run on a cloud infrastructure and the consumer does not manage or control the underlying infrastructure? A. platform as a service (PaaS) B. infrastructure as a service (IaaS) C. software as a service (SaaS) D. public cloud

Which stage of the cyberattack lifecycle can be identified by port scans from external sources? A. Reconnaissance B. Weaponization and Delivery C. Exploitation D. Installation

The Internet Protocol itself provides the functionality of which layer? A. Transport B. Network C. Data link D. Physical

Which NGFW core subscription allows your firewall to block users when they attempt to submit their credentials to a phishing site? A. DNS Security B. URL Filtering C. Threat Prevention D. WildFire

Which NIST cloud service model limits your choice of runtime environments in which an application can be written? A. IaaS B. PaaS C. FaaS D. SaaS

Which component of the zero trust conceptual architecture is called a "platform" to reflect that it is made up of multiple distinct (and potentially distributed) security technologies that operate as part of a holistic threat protection framework to reduce the attack surface and correlate information about discovered threats? A. Management infrastructure B. Pocket of trust C. Trust zone D. Single component

Which element can reduce the number of unauthorized, unpatched, or compromised devices from connecting to the network? A. DNS Sinkholing B. Virtual Private Network (VPN) C. Identity and Access Management D. Network Access Control

A dynamic packet filtering (also known as stateful packet inspection) firewall only inspects individual packet headers during session establishment to determine whether the traffic should be allowed, blocked, or dropped by the firewall. After a session is established, individual packets that are part of the session are not inspected. (True or False)

Which device type uses routing protocols to exchange information? A. switches B. hubs C. routers D. servers

Which team is responsible for identifying and escalating vulnerabilities in an organization's assets, including hardware and software? A. Operational Technology B. Threat Intelligence C. Vulnerability D. Network Security

Which technology or technique can be implemented to detect, deflect, and counteract malicious activities? A. Firewall B. Endpoint Security C. DNS Sinkholing D. Honeypot

Your CFO receives an email with her name that claims to be the company's bank and tells her to click the link https://chase.bankofamerica.mysite.ru.What type of attack is this? A. spamming B. phishing C. spear phishing D. whaling

Which type of system cannot identify zero-day vulnerabilities? A. intrusion detection B. intrusion prevention C. signature based D. behavior based

Which Zero Trust capability provides a combination of anti-malware and intrusion prevention technologies to protect against both known and unknown threats, including mobile device threats? A. least privilege B. secure access C. inspection of all traffic D. cyberthreat protection

Which type of attack would include an email with an attachment not-a-trojan.exe? A. spamming B. phishing C. spear phishing D. whaling

An international organization has over a hundred firewalls, spread over fifty locations. Which Panorama deployment mode would the organization install in multiple locations (beyond the need for disaster recovery)? A. Panorama B. management only C. log collector D. threat management

The OSI model consists of how many layers? A. four B. six C. seven D. nine

Which Wi-Fi attack leverages device information about which wireless networks it previously connected to? A. evil twin B. man-in-the-middle C. Jasager D. SSLstrip

Which one of the four Prisma Cloud pillars enforces machine learning-based runtime protection to protect applications and workloads in real time? A. network protection B. visibility, governance, and compliance C. compute security D. identity security

Which physical or virtual device sends data packets to destination networks along a network path using logical addresses? A. hub B. switch C. router D. access point

Which time interval describes a "window of vulnerability"? A. between when a vulnerability is discovered and when a patch is published B. between when a patch is published and when the patch is installed on your system C. between when a vulnerability is discovered and when the patch is installed on your system D. between when a vulnerability is discovered and when it is disclosed to the vendor

What tool or technology can a SOC team use to detect and prevent accidental or malicious release of proprietary or sensitive information? A. Vulnerability management B. URL Filtering C. SSL Decryption D. Data Loss Prevention (DLP)

What is the name of the device used to secure a network's perimeter? A. switch B. hub C. modem D. firewall

Which phased approach of hybrid cloud security requires networking and security solutions that not only can be virtualized but also are virtualization-aware and can dynamically adjust as necessary to address communication and protection requirements, respectively? A. consolidation servers within trust levels B. dynamic computing fabric C. consolidation servers across trust levels D. selective network security virtualization

Which type of system does not perform any preventive action to stop an attack? A. data loss prevention B. Intrusion Prevention C. Unified Threat Management D. intrusion detection

If a SOC team is unable to detect a security breach, what are the two potential damages that can happen to the business? (Choose two.) A. Infrastructure and server uptime B. Ransom payments to attackers C. Legal and media fees while dealing with breach D. Increase in customer switching to your company

Which two types of services does SASE provide? (Choose two.) A. storage B. security C. networking D. compute

In which model do applications rely on managed services that abstract away the need to manage, patch, and secure infrastructure and virtual machines? A. SaaS B. serverless C. PaaS D. containers

Introducing security checks early in the software development process is part of which development model? A. DevCyberOps B. DevSecOps C. DevOps D. DevSecTestOps

Organizations are using which resource to expand their on-premises private cloud compute capacity? A. software defined data centers B. public cloud C. virtual storage D. virtual networks

What tool or technology can a SOC team use to provide visibility into HTTPS traffic to find IOCs or high-fidelity indicators? A. Application Monitoring B. SSL Decryption C. URL Filtering D. Data Loss Prevention

Which action is part of the compute cloud governance and compliance pillar? A. user and entity behavior analytics (UEBA) B. Microservice-aware micro-segmentation C. integration with the CI/CD workflow D. automated asset inventory

Which type of malware disables protection software? A. anti-AV B. Trojan horse C. ransomware D. worm

Which cloud use model runs just one container per virtual machine? A. serverless B. containers as a service (CaaS) C. standard docker containers D. VM-integrated containers

Which option shows the ISO layers in the correct order (bottom layer to top)? A. Physical, Transport, Network, Session, Data link, Presentation, Application B. Physical, Data link, Network, Application, Presentation, Transport, Session C. Physical, Data link, Transport, Session, Presentation, Network, Application D. Physical, Data link, Network, Transport, Session, Presentation, Application

Which specific technology is associated with Web 3.0? A. social networks B. instant messaging C. remote meeting software D. blockchain

Which type of malware protection is vulnerable to a low and slow approach? A. signature-based B. container-based C. application allow lists D. anomaly detection

Which NIST cloud service model requires the customer to keep the operating system up to date? A. IaaS B. PaaS C. FaaS D. SaaS

Which type of attack would include an email advertisement for a dry cleaning service? A. spamming B. phishing C. spear phishing D. whaling

Which action is part of the network security pillar? A. user and entity behavior analytics (UEBA) B. Microservice-aware micro-segmentation C. integration with the CI/CD workflow D. automated asset inventory

Which cloud provider calls its IaaS service Elastic Computing Service (ECS)? A. Alibaba B. AWS C. Azure D. GCP

Which element is used to gather information required to determine the severity of an incident and builds the foundation for an investigation? A. Escalation Process B. Initial Research C. Alerting D. Severity Triage

Which option is an example of a static routing protocol? A. Open Shortest Path First (OSPF) B. Border Gateway Protocol (BGP) C. Routing Information Protocol (RIP) D. split horizon

Which behavior does an advanced persistent threat use to elude detection? A. do everything at night, when nobody is monitoring B. rely exclusively on insiders with privileged access C. do everything quickly with scripting so that the effect of the threat is achieved by the time it is detected D. use a low and slow approach to avoid triggering alarms

Which business objective includes details about how the Security Operations organization will achieve its goals? A. Budget B. Mission C. Governance D. Planning

Which item is not one of the four Cs of cloud native security? A. clusters B. code C. containers D. cache

How do attackers prevent port scans from being noticed by monitoring software? A. Scan ports so quickly it is finished before it can be detected and stopped B. Scan ports so slowly it looks like random attempts to connect, rather than a concerted attack C. scan ports from an internal device D. scan ports through WiFi instead of Ethernet

What are scaled-down, lightweight virtual machines that run on hypervisor software and contain only the Linux operating system kernel features necessary to run a container? A. serverless B. micro-VMs C. containers D. Kubernetes

Which type of access control can change a user's permissions based on their location? A. RBAC B. ABAC C. PAP D. CHAP

The cyberattack lifecycle is a seven-step process. (True or False)

Signature-based anti-malware software is considered a reactive countermeasure because a signature file for new malware can't be created and delivered until the malware is already "in the wild." (True or False)

Which kind of attack can an intrusion prevention system enable? A. trojan horse type malware B. data exfiltration C. command and control D. denial of service

Which kind of security is always the responsibility of the cloud customer? A. physical security B. network security C. application security D. data security

Which type of malware protection has a problem with legitimate software upgrades? A. signature-based B. container-based C. application allow lists D. anomaly detection

What is the name of the attack in which the attacker gets the victim to connect to an access point the attack controls? A. person in the middle B. man in the middle C. access point in the middle D. access point masquerading

What is the term for traffic between a web site and a local database that stores information for it? A. north-south B. east-west C. unknown D. cloud

Which PAN-OS Next-Generation Firewall configuration templates are based on security best practice recommendations instead of extensive how-to documentation? A. VM-Series B. IronSkillet C. PA-5200 Series D. K2-Series

Another term for a bot is a "zombie". (True or False)

Which potentially risky attribute is the most serious? A. Pervasive B. malware C. excessive bandwidth D. tunnels

Which team is responsible for developing, implementing, and maintaining the network security policies? A. Vulnerability B. Network Security C. IT Operations D. Operational Technology

What tool or technology can provide a SOC team with control of the provisioning, maintenance, and operation of user identities? A. Identity and access management B. Mobile device management C. Network access controls D. Virtual private networks

Which cloud use model restricts your choice of a runtime environment to the environments supported by the cloud provider? A. serverless B. on-demand containers C. containers as a service (CaaS) D. standard docker containers

Which feature can mitigate or block malicious behavior and is considered a proactive control? A. Intrusion Prevention System (IPS) B. Behavioral Analysis C. DNS Sinkholing D. Intrusion Detection System (IDS)

In which two scenarios does network address translation (NAT) reduce the number of needed IP addresses? (Choose two.) A. devices are clients, dynamic NAT that hides them behind a single IP B. devices are servers, dynamic NAT for load balancing that makes them appear a single device C. devices are clients, static NAT to let them share an IP address D. devices are servers, static NAT to let them share an IP address

Which software development concept that also has been applied more generally to IT says that additional future costs for rework are anticipated due to an earlier decision or course of action that was necessary for agility but was not necessarily the most optimal or appropriate decision or course of action? A. role-based access control B. technical debt C. software lifecycle D. runtime environment

Ten containers running on five virtual machines are spread between two type 2 hypervisors. How many OS instances are you running? A. 2 B. 5 C. 7 D. 17

Which MDM capability requires passcodes, enables encryption, locks down security settings, and prevents jailbreaking or rooting? A. software distribution B. remote erase/wipe C. policy enforcement D. data loss prevention

Which Prisma SaaS feature connects directly to the applications themselves and provides continuous silent monitoring of the risks within sanctioned SaaS applications, with detailed luminosity that is not possible with traditional security solutions? A. granular data visibility B. large scale data control C. data exposure visibility D. contextual data exposure

Providing education opportunities to SOC analysts can help them grow into different career paths. What advanced roles are available for SOC analysts? A. Tier 2 or Tier 3 Analyst B. Team Lead/Shift Lead C. SOC Manager D. Threat Hunter E. All of the above

Which sanctioned SaaS use control prevents known and unknown malware from residing in sanctioned SaaS applications, regardless of source? A. threat prevention B. data visibility control C. risk prevention D. data exposure control

Which security method requires passcodes, enables encryption, locks down security settings, and prevents jailbreaking or rooting? A. policy enforcement B. software distribution C. data loss prevention D. malware protection

Which two advantages make 2G a popular choice for cellular IoT devices? (Choose two.) A. low latency B. high latency C. low hardware cost D. high bandwidth E. low power consumption

Which VPN would you expect to see in use between two of an organization's data centers? A. SSL/TLS B. IPsec C. SSH D. PPP

Which three options describe the relationship and interaction between a customer and SaaS? (Choose three.) A. subscription service B. extensive manpower required C. internet- or application-based D. complex deployment E. convenient and economical

ACE

Which class of address begins with the decimal 130 in the first octet? A. Class A B. Class B C. Class C D. Class D

Which type of algorithm does Prisma SaaS use to sort sensitive documents into top-level categories for document classification and categorization? A. dynamic programming B. supervised machine learning C. artificial intelligence D. recursive

Which WildFire verdict is given for a submission that is malicious in nature and intent and can pose security threats (for example, viruses, worms, Trojan horses, rootkits, botnets, and remote-access toolkits)? A. phishing B. malware C. benign D. grayware

Which area network separates the control and management processes from the underlying networking hardware for simplified configuration and deployment? A. wireless local area network (WLAN) B. software-defined wide area network (SD-WAN) C. wide area network (WAN) D. local area network (LAN)

How is SOAR different from SIEM? A. It monitors alerts generated by applications and network hardware B. It monitors various sources for machine data C. It provides real-time detection D. It ingests alerts and drives them to response

Which type of phishing attack is specifically directed at senior executives or other high-profile targets within an organization? A. whaling B. watering hole C. pharming D. spear phishing

Which 32-bit logical address is the most widely deployed version of IP? A. IPv6 B. IPv5 C. IPv4 D. IPv3

Which element of the Processes pillar is rooted in revisiting prior incidents? A. Process Improvement B. Tuning C. Capability Improvement D. Quality Review

Which action is associated with Web 3.0? A. checking CNN's web site for news B. posting on Facebook C. adding information to Wikipedia D. asking Apple's Siri a question

Which malware type can change code and signature patterns with each iteration? A. polymorphic B. metamorphic C. ransomware D. rooting

Mobile devices are easy targets for attacks for which two reasons? (Choose two.) A. They have poor battery-charging capabilities. B. They use speaker phones. C. They stay in an always-on, always-present state. D. They roam in unsecured areas.

Subnetting should not be used to limit network traffic or limit the number of devices that are visible to, or can connect to, each other. (True or False)

What is the decimal representation of binary 1111 1101? A. 251 B. 252 C. 253 D. 254

Which step of implementing a Zero Trust model includes scanning and mapping the transaction flows inside your network to determine how various data, applications, assets, and service components interact with other resources on your network? A. Define your protect surface. B. Architect a Zero Trust network. C. Create the Zero Trust policy. D. Map the transaction flows.

Which element protects HTTP applications from well-known HTTP exploits? A. Intrusion Prevention and Detection B. Web Application Firewall C. Web Proxy D. Malware Sandboxing

Which endpoint protection technique is commonly used to prevent end users from running unauthorized applications, including malware, on their endpoints? A. anomaly detection B. application allow listing C. container-based endpoint protection D. signature-based

A server that has a bug that lets a single transaction take it off line is susceptible to which type of attack? A. Denial of Service (DoS) B. Distributed Denial of Service (DDoS) C. trojan horses D. worms

Which SecOps function requires processing large amounts of information, and typically is automated? A. Identify B. Investigate C. Mitigate D. Improve

Which action is associated with Web 1.0? A. checking CNN's website for news B. posting on Facebook C. adding information to Wikipedia D. asking Apple's Siri a question

Which device creates a collision domain that includes all the interfaces to which it is connected? A. hub B. switch C. router D. web server

Which element is an essential cybersecurity control to separate networks and enforce communication restrictions between networks? A. Firewall B. Web Application Firewall C. Web Proxy D. Intrusion Prevention and Detection

Which element is considered a safe place to simulate an end user's environment to test unknown applications? A. Malware Sandbox B. Virtual Private Network C. Dedicated Workstation D. Honeypot

A news company can serve all requests from their data center 95% of the time. However, some days there is a huge demand for news updates. Which NIST deployment model would you recommend to them? A. public B. private C. community D. hybrid

How many /28 subnets can you fit in a class C? A. 2 B. 4 C. 8 D. 16

How would a port filter firewall classify access to the URL https://example.com:22/this/page? A. HTTP B. HTTPS C. Telnet D. SSH

Prisma SaaS protects data in hosted files and application entries. (True or False)

The Prisma suite secures public cloud environments, SaaS applications, internet access, mobile users, and remote locations through a cloud-delivered architecture. (True or False)

Which pillar defines the functions that need to happen to achieve the stated goals? A. People B. Processes C. Visibility D. Business E. Interfaces F. Technology

External threat actors have accounted for the majority of data breaches over the past five years. (True or False)

Which two components are in an IPv4 address? (Choose two.) A. network B. MAC address C. host D. device type E. route number

Which two port numbers are associated with HTTP? (Choose two.) A. 80 B. 389 C. 8080 D. 25

Which two protocols function at the Transport layer of the OSI model? (Choose two.). A. Transmission Control Protocol (TCP) B. Internet Protocol (IP) C. User Datagram Protocol (UDP) D. Hypertext Transfer Protocol (HTTP)

Which two resources are shared between the different functions of a UTM device? (Choose two.) A. RAM B. alert information C. CPU D. attack signatures E. firewall state

Which two techniques do "social engineers" use to distract their targets so they'll do whatever the attacker wants? (Choose two.) A. autopilot, requesting an action that the user does automatically without thinking B. phishing, sending email that asks for specific actions C. masquerading as a trojan horse D. infecting programs with a virus E. emotional distraction, such as yelling that the target would get fired

Which Palo Alto Networks product suite is used to manage alerts, obtain additional information, and orchestrate responses? A. Strata B. Prisma C. Cortex D. WildFire

Which two attacks typically use a botnet? (Choose two.) A. social engineering B. DoS C. DDoS D. sending spam to a lengthy mailing list E. spear phishing

An organization can be compliant with all applicable security and privacy regulations for its industry yet still not be secure. (True or False)

Business intelligence (BI) software consists of tools and techniques used to surface large amounts of raw unstructured data to perform a variety of tasks, including data mining, event processing, and predictive analytics. (True or False)

Which protocol distinguishes between applications using port numbers? A. TCP B. ICMP C. ESP D. UDP

Which four layers comprise the TCP/IP model? (Choose four.) A. Application B. Transport C. Physical D. Internet E. Network Access

ABDE

Which two devices or systems require the configuration of non-standard ports to be able to use an application on a non-standard port? (Choose two.) A. firewall B. client C. server D. operating system E. certificate

A website is called www.amazing.co.uk. What does that mean? A. The website is hosted in the United Kingdom by a company called Amazing. B. The website can be hosted anywhere, but the company must be located in the United Kingdom. C. The website can be hosted anywhere, and the company decided to appear British. D. The company decided to appear British, and the website is hosted in the United Kingdom.

How does ARP translate logical addresses? A. IPv6 to IPv4 logical addresses B. IPv4 to IPv6 logical addresses C. IPv4 to MAC addresses D. IPv6 to MAC addresses

If you are responsible for the application's security, but not the operating system's security, which cloud computing service model are you using? A. your own data center B. IaaS C. PaaS D. SaaS

What does Cortex XSOAR use to automate security processes? A. bash scripts B. Windows PowerShell C. playbooks D. Python scripts

Which NGFW core subscription allows your firewall to block known malware? A. DNS Security B. URL Filtering C. Threat Prevention D. WildFire

Who is the most likely target of social engineering? A. executive management, because it has the most permissions B. senior IT engineers, because the attacker hopes to get them to disable the security infrastructure C. junior people, because they are easier to stress and probably not as well trained D. the accounting department, because it can wire money directly to the attacker's account

Which device processes logical addresses? A. hub B. switch C. WiFi access point D. router

Ethernet and WiFi include elements of which two layers? (Choose two.) A. Session B. Transport C. Network D. Data link E. Physical

Which three security functions are integrated with a UTM device? (Choose three.) A. cloud access security broker (CASB) B. Remote Browser Isolation (RBI) C. DevOps automation D. firewall E. Intrusion Detection System (IDS) F. anti-spam

DEF

Gmail is associated with which cloud computing model? A. SaaS B. PaaS C. IaaS D. DaaS

Only one manager can get company checks. Only a different manager can sign checks. This example describes which principle? A. separation of duties B. auditability C. least privilege D. defense in depth

Which Palo Alto Networks product suite is used to secure the data center? A. Strata B. Prisma C. Cortex D. WildFire

Which Panorama object is used to manage network settings? A. template B. device group C. virtual system D. Decryption Profile

Which action is part of the identity security pillar? A. user and entity behavior analytics (UEBA) B. Microservice-aware micro-segmentation C. integration with the CI/CD workflow D. automated asset inventory

Which feature of the NGFW can distinguish between reading Facebook and commenting? A. App-ID B. Content-ID C. User-ID D. Global Protect

Which option is a type 2 hypervisor? A. hosted B. native C. bare-metal D. imported

Which port is used for encrypted communication? A. 22 B. 80 C. 389 D. 25

Which step of the CI/CD pipeline cannot be automated? A. Coding B. Integration C. Testing D. Monitoring

Which two malware types are likely to be left behind by a disgruntled employee? (Choose two.) A. logic bomb B. backdoor C. virus D. trojan horse E. worm

An alert has been identified and an incident has been opened in the ticketing system. What Security Operations function would be performed next? A. Perform a detailed analysis of the alert B. Investigate the root cause and impact of the incident C. Stop the attack and close the ticket D. Adjust and improve operations to stay current with changing and emerging threats

An analysis tool's machine learning identified, correctly, that the network is infected by a worm. Which type of finding is this? A. false positive B. true positive C. false negative D. true negative

Which statement is correct? A. A security researcher might write a vulnerability to demonstrate an exploit. B. A security researcher might write an exploit to demonstrate a vulnerability. C. Exploits often are the result of poorly trained programmers. D. Exploits always are the vendor's responsibility.

What is the order in which the endpoint checks if a new program is safe? A. behavioral threat protection, then local analysis, then WildFire query B. local analysis, then behavioral threat protection, then WildFire query C. WildFire query, then local analysis, then behavioral threat protection D. local analysis, then WildFire query, then behavioral threat protection

Which port number is associated with HTTPS? A. 21 B. 23 C. 443 D. 53

Which risk is eliminated in an organization that is 100% compliant? A. having confidential information become public B. having an advanced persistent threat change your information C. having the regulator punish you for being non-compliant D. having malicious insiders steal information

How often should tabletop exercises be performed? A. Once a month B. Once every 6 months C. Once a year D. Once a quarter

What does CVE mean? A. Computer Vulnerabilities and their Exploits B. Computer Vulnerabilities and Exposures C. Common Vulnerabilities and their Exploits D. Common Vulnerabilities and Exposures

What does SASE stand for? A. Service Access SEcurity B. Semi-Accessible Sensitive Environment C. Secrets Accessible in a Secure Environment D. Secure Access Service Edge

Which team is responsible for understanding, developing, and maintaining both the physical and virtual network design? A. SOC Engineering B. Network Security C. IT Operations D. Enterprise Architecture

Which type of system automatically blocks or drops suspicious, pattern-matching activity on the network in real time? A. Intrusion Detection B. Unified Threat Management C. Data Loss Prevention D. Intrusion Prevention

Which type of system can be blinded by a low-and-slow approach? A. intrusion detection B. intrusion prevention C. signature based D. behavior based

Which zero trust deployment method obtains a detailed picture of traffic flows throughout the network, including where, when, and to what extent specific users are using specific applications and data resources? A. Define trust zones B. Establish trust zones C. Implement at major access points D. Listen-only mode

You are responsible for the security of the application, the runtime, and the VM operating system. Which cloud deployment model are you using? A. SaaS B. FaaS C. PaaS D. IaaS

You go on a business visit to another country and you can't access a work application on your cell phone. Which MDM feature could be the reason? A. Data loss prevention B. malware protection C. remote erase/wipe D. geofencing and location services

A robust data loss prevention (DLP) solution can detect data patterns even if the data is encrypted. (True or False)

A user can get on the payroll app to see a paycheck, but can't modify it. This example describes which principle? A. separation of duties B. auditability C. least privilege D. defense in depth

What is the meaning of a SaaS application that is advertised as being HIPPA compliant? A. Regardless of how you configure the application for your enterprise, you will be HIPPA compliant. B. If your administrator configures the security settings on the application correctly, you will be HIPPA compliant. C. If your administrator and your users use the application correctly, you will be HIPPA compliant. D. If your administrator and your users use the application correctly, the application won't cause you to not be HIPPA compliant.

What parameter can a SOC team use that allows for the immediate containment or prevention of a security incident without further approvals? A. Automatic mitigation scenarios B. Automatic resolution scenarios C. Pre-approved breach scenarios D. Pre-approved mitigation scenarios

What tool or technology can a SOC team use to ingest aggregated alerts and execute an automated process-driven playbook? A. SIEM B. CERT C. CSIRT D. SOAR

Where is your data typically stored in a SaaS application? A. in your data center, in a database under your control B. in your data center, in a database controlled by the SaaS provider C. in the cloud, in a database you control D. in the cloud, in a database controlled by the SaaS provider

Which SecOp function is proactive? A. Identify B. Investigate C. Mitigate D. Improve

Which three processes are part of the AAA model? (Choose three.) A. authentication B. authorization C. acknowledgement D. accounting E. approval

ABD

What types of training content can a SOC manager teach to create consistency within an organization? (Choose three.) A. Company security and privacy training B. Continuous education training C. Incident response training D. Event triage training E. Tool-feature use training

ABE

What kind of configuration and operational questions would the SOC need to answer? (Choose three.) A. Are the technologies in place configured to best practice? B. How many analysts are resolving incidents per day? C. How often are there deviations to SOC procedures? D. How many events are analysts handling per hour? E. How many firewall and endpoint technologies are in place?

ACD

Which three options partially comprise the six elements of SecOps? (Choose three.) A. Visibility B. Disaster recovery C. Business D. Interfaces E. Regular audits F. Logging

ACD

Which two types of behavior could enable someone to eavesdrop on a WiFi network? (Choose two.) A. passive B. inactive C. yielding D. active E. agile

What is the term for an unauthorized remote access program? A. logic bomb B. backdoor C. virus D. trojan horse

Which form does data need to be in for DLP to work? A. ASCII B. cleartext C. uncompressed D. encrypted

Which group is primarily motivated by money? A. hacktivists B. cybercriminals C. cyberterrorists D. state-affiliated groups

Which is a routed protocol? A. Open Shortest Path First (OSPF) B. Internet Protocol (IP) C. Border Gateway Protocol (BGP) D. Routing Information Protocol (RIP)

Which pillar requires maintaining an SME specialist? A. Interfaces B. Technology C. Business D. Processes E. People F. Visibility

Which requirement must be fulfilled for a client device to use a DHCP server, assuming there are no DHCP relay agents? A. be on the same collision domain B. be on the same broadcast domain C. have latency below 20msec D. have the same subnet mask

Which stage of the cyberattack lifecycle involves querying public databases and testing exploits in the attacker's internal network? A. Reconnaissance B. Weaponization and Delivery C. Exploitation D. Installation

DLP works in which layer of the ISO model? A. 7, application layer B. 5, session layer C. 4, transport layer D. 3, network layer

What is the difference between CVE and CVSS? A. CVE tells you what the vulnerabilities are. CVSS gives vulnerabilities a score (0-10) to evaluate how serious they are. B. CVE is on a scale of low, medium, high, critical. CVSS is on a scale of 0-100. C. CVSS tells you what the vulnerabilities are. CVE gives vulnerabilities a score (0-10) to evaluate how serious they are. D. CVE is on a scale of 0-100. CVSS is on a scale of 0-10.

When is it impossible to secure SaaS data? A. when a user uses an unmanaged device to access an unsanctioned SaaS instance B. when a user uses a managed device to access an unsanctioned SaaS instance C. when a user uses an unmanaged device to access a sanctioned SaaS instance D. when a user uses a managed device to access a sanctioned SaaS instance

Which element is responsible for building alert profiles that identify the alerts to be forwarded for investigation? A. Content Engineering B. Forensics and Telemetry C. Business Liaison D. Threat Intelligence

Which metric has skewed results that may cause analysts to "cherry-pick" incidents? A. Number of incidents handled B. Mean Time to Resolution (MTTR) C. Number of feeds into SIEM D. Number of firewalls/rules deployed

Which option is an example of a logical address? A. IP B. hardware C. MAC D. burned-in

What is the theoretical maximum number of devices in a class B? A. 2^24-2 = 16777214 B. 2^20-2 = 1048574 C. 2^16-2 = 65534 D. 2^8-2 = 254

When HTTP is used to send REST requests, it is a protocol of which layer? A. Application B. Presentation C. Session D. Transport

Which type of network firewall provides client address translation by default? A. packet filtering B. stateful packet inspection C. application D. next-generation

What is a network demilitarized zone (DMZ)? A. the safest part of the network, used for the security infrastructure B. the part of the network you don't secure, for example a network segment used for visitors to access the internet C. the database management zone D. the network zone where you put servers that serve the outside, to limit the exposure

Which cloud service model lets you install a firewall to protect your information? A. SaaS B. PaaS C. FaaS D. IaaS

Which cloud security compliance requirement uses granular policy definitions to govern access to SaaS applications and resources in the public cloud and to apply network segmentation? A. access governance B. compliance auditing C. configuration governance D. real-time discovery

Which network technology is used for WANs? A. Ethernet B. token-ring C. digital subscriber line (DSL) D. FDDI

Activity gathered by a SOC team electronically and in real-time from a given source is called? A. Telemetry B. Log C. Forensic (raw) D. Alert

An analysis tool raised an alert, but the security analyst who researched it discovered it wasn't a problem. Which type of finding is this? A. false positive B. true positive C. false negative D. true negative

Content-ID operates on which layer of the ISO model? A. 7, application layer B. 6, presentation layer C. 5, session layer D. 4, transport layer

In which of the four main core functions of security operations should a detailed analysis take place? A. Investigation B. Identification C. Mitigation D. Continuous Improvement

What are the two meanings of the CI/CD pipeline? (Choose two.) A. continuous integration/continuous delivery B. continuous implementation/continuous delivery C. continuous integration/continuous deployment D. continuous implementation/continuous deployment E. continuous innovation/continuous development

Which two advantages does endpoint protection technology have over network traffic analysis? (Choose two.) A. ability to identify most common attacks by their symptoms B. Deployed and managed centrally C. easier to deploy endpoint protection when people work from home D. detects command and control channels E. can easily identify worms

Which two operating systems can have mobile device management (MDM)? (Choose two) A. iOS B. MacOS C. Android D. Windows E. Linux

Which three attributes are advantages of serverless computing, when compared with CaaS? (Choose three.) A. reduced costs B. increased control over the workload C. increased ability to monitor and identify problems D. increased agility E. reduced operational overhead

ADE

Which three options partially comprise the six elements of SecOps? (Choose three.) A. People B. Networking C. Data storage D. Technology E. Processes F. Classification

ADE

A Zero Trust network security model is based on which security principle? A. due diligence B. least privilege C. non-repudiation D. negative control

A zero-day exploit uses which type of vulnerability? A. one that hasn't been discovered yet, by anybody B. one that hasn't been disclosed to the vendor (or published) C. one that the vendor knows about, but hasn't released a patch for D. one that has a patch, but the patch hasn't been installed everywhere yet

Which type of malware protection requires in-depth knowledge of applications and how they communicate? A. signature-based B. container-based C. application allow lists D. anomaly detection

Which type of security measure does an intrusion detection system provide? A. preventive B. detective C. corrective D. auditive

Which type of traffic flows inside a data center? A. north-south B. east-west C. up-down D. egress traffic

Who is responsible for the security settings of a sanctioned SaaS application? A. provider B. IT department C. line of business that uses it D. users

Which element of the Processes pillar is part of the Identification function? A. Interface Agreements B. Process Improvement C. Initial Research D. Detailed Analysis

Two companies use Gmail for their email (SaaS). Which two components may be transparently shared between them? (Choose two.) A. address book B. application code C. messages D. message database E. user identities

Of the endpoint checks, which one is bypassed for known programs? A. WildFire query B. behavioral threat protection C. local analysis D. firewall analysis

Which option is least likely to be the purpose of an advanced persistent threat? A. wire money to an offshore bank account B. steal classified information C. expand a botnet to send more spam D. be able to destroy an enemy's infrastructure in case of a war

Which option is not part of an endpoint protection solution? A. firewall B. antivirus C. man-in-the-middle decryption D. intrusion detection

Which step of the CI/CD pipeline is the ideal place for automated penetration testing? A. Coding B. Integration C. Testing D. Deployment

Which systems do you have to secure to ensure compliance with security standards? A. The servers in the data center B. The devices owned by the enterprise, whether they are servers in the data center, cloud VMs you manage, or user endpoint devices C. Any system where the data for which you are responsible goes D. Every device that is either owned by the enterprise, or used by enterprise employees

What methods can the SOC team employ to mitigate employee burnout? (Choose three.) A. Create a plan to move all employees into management roles B. Create on-the-job training only, because it's more helpful than reading documentation C. Shift turnover stand-up meeting (beginning or end of shift) D. Schedule shifts to avoid high-traffic commute times E. Train at least two employees on the same tasks so there is no single point of failure

CDE

Which two malware types are self-replicating? (Choose two.) A. logic bomb B. backdoor C. virus D. trojan horse E. worm

GDPR compliance is required to do business in which area? A. United States of America B. Canada C. China D. European Union

In a full Zero Trust architecture, can two devices communicate except through a security checkpoint? A. Yes, but only if they are in the same trust zone. B. Yes, but only if the client's trust zone level is higher than the server's. C. No, unless they belong to the same application. D. No, all traffic needs to be secured.

The Logging Service stores data on the cloud in an instance that your organization does not control and thus provides protection from what? A. trojan horses B. viruses C. worms D. insider threat

Which security issue can cause a long patched vulnerability to resurface? A. VM sprawl B. intra-VM communications C. hypervisor vulnerabilities D. dormant virtual machines

Who is responsible for the security settings in an enterprise SaaS application? (choose the best answer) A. SaaS provider B. IT administrator of the customer organization C. user, typically an employee of the customer organization D. Both IT administrators and users

Which pillar enables you to anticipate, prepare, and react to changes in security operations? A. Interfaces B. Technology C. Processes D. Business E. Visibility F. People

An attacker needs to succeed in executing only one step of the cyberattack lifecycle to infiltrate a network, whereas a defender must "be right every time" and break every step of the chain to prevent an attack. (True or False)

The key to breaking the cyberattack lifecycle during the Installation phase is to implement network segmentation, a Zero Trust model, and granular control of applications to limit or restrict an attacker's lateral movement within the network. (True or False)

The process in which end users find personal technology and apps that are more powerful or capable, more convenient, less expensive, quicker to install, and easier to use than enterprise IT solutions is known as consumerization. (True or False)

Which layer of the OSI model defines routing protocols and specifies how routers communicate with each other on a network? A. Network B. Application C. Data Link D. Transport

Which statement about private clouds is incorrect? A.You need to secure east-west traffic only in a private cloud. B. Compute clusters allow virtual machines to move freely while preserving compute, storage, networking, and security configurations. C. North-south traffic refers to data packets moving in and out of a virtualized environment. D. You can combine multiple physical hosts into one computer cluster.

Palo Alto Networks firewalls are built on which type of architecture? A. multi-pass B. ultimate-pass C. single-pass D. strict-pass

Which cloud solution is hosted in-house and usually is supported by a third party? A. distributed workforce B. cloud infrastructure C. on-premises D. infrastructure as a service

In which cloud service model are customers responsible for securing their virtual machines and the virtual machine operating systems, and for operating system runtime environments, application software, and application data? A. platform as a service (PaaS) B. identity as a service (IaaS) C. software as a service (SaaS) D. infrastructure as a service (IaaS)

Prisma Access consistently protects all traffic, on all ports and from all applications. (True or False)

Which cloud infrastructure comprises two or more cloud deployment models, bound by standardized or proprietary technology that enables data and application portability? A. private B. public C. community D. hybrid

Which option shows the three deployment mode options available for Panorama, which (if necessary) allows for the separation of management and log collection? A. Prisma, Panorama, IronSkillet B. Log Collector, Prisma, Panorama C. Management, Panorama, Prisma D. Panorama, Management only, Log Collector

The spread of unsolicited content to targeted endpoints is known as what? A. spamming B. pharming C. phishing D. exploiting

What is the SOC team's main goal? A. Detect, analyze, and respond to cybersecurity incidents using a combination of technology solutions and a set of processes to help mitigate the incidents B. Improve the security posture of the business, its products, and services by introducing security as a shared responsibility C. Reduce the time required to contain a breach D. Connect disparate security technologies through standardized and automatable workflows

What is the advantage of automated responses over manual responses? A. speed B. accuracy C. flexibility D. user friendliness

What is the collective term for software versions, OS settings, and configuration file settings? A. configuration items B. configurable values C. computer settings D. configuration

What is the most common business to consumer (B2C) VPN? A. SSL/TLS B. IPsec C. SSH D. PPP

What is the name of the "authentication" method that lets anybody with the password access a WiFi network? A. Pre-Shared Key (PSK) B. Password Authentication (PA) C. Extensible Authentication Protocol (EAP) D. service set identifier (SSID)

What is the term for traffic between a website and a remote user's browser? A. north-south B. east-west C. unknown D. cloud

What are the three components of SOAR that a SOC team can use to help secure the business? (Choose three.) A. Orchestration B. Innovation C. Automation D. Collaboration E. Response

ACE

Which three data fields are considered personally identifiable information (PII)? (select three) A. unique identification number (such as driver's license number) B. honorific (Mr., Mrs., Dr., etc.) C. telephone number D. blood pressure (when not connected to other fields) E. fingerprints

ACE

Which two options are endpoints? (Choose two.) A. laptop computer B. router/modem/access point combo for a home network C. physical database server D. smartphone used to check work email

Ten containers running on five virtual machines are spread between two type 1 hypervisors. How many OS instances are you running? A. 2 B. 5 C. 7 D. 17

What does Zero Trust mean? A. Systems never trust the information they get from other systems B. Systems don't trust each other implicitly. C. Systems don't trust each other explicitly. D. Systems only trust each other within the same data center.

Which DNS record type do you use to find the IPv6 address of a host? A. A B. AAAA C. PTR D. MX

Which Palo Alto Networks product suite is used to secure remote access and cloud native technologies? A. Strata B. Prisma C. Cortex D. WildFire

Which Panorama object is used to manage the security policy? A. template B. device group C. virtual system D. Decryption Profile

Which business objective is considered the roadmap that guides the organization? A. Governance B. Mission C. Planning D. Budget

Which cloud use model allows you to use containers without having to manage the underlying hardware and virtualization layers, but still lets you access the underlying virtualization if needed? A. serverless B. containers as a service (CaaS) C. standard docker containers D. VM-integrated containers

Which three operating systems are supported by Cortex XDR? (Choose three.) A. z/OS B. Linux C. macOS D. Minix E. Android

BCE

A SOC manager is concerned that some alerts may be critical and the team will need help mitigating all of them. What should be done? A. Deploy more SIEMs to collect and process the data before having a SOC analyst interpret the data and take appropriate action B. Deploy additional endpoint security to protect servers, PCs, laptops, and tablets so that alerts that are missed can be caught before exfiltrating data from the end user C. Deploy SOAR technologies so he can accelerate incident response and automatically execute process-driven playbooks to mitigate critical alerts D. Deploy more firewalls to protect the network while SOC analysts are interpreting data and taking appropriate action

In a TCP packet sent over Ethernet, what is the order of data? A. Ethernet header, TCP header, and then TCP data B. IP header, TCP header, and then TCP data C. Ethernet header, IP header, TCP header, and then TCP data D. Ethernet header, IP header, IP data, TCP header, and then TCP data

In the cyberattack lifecycle, what does C2 mean? A. Configuration and Communication B. Configuration Control C. Command and Control D. Communication Control

Which component of a security operating platform can identify a trojan horse that does not use the network? A. network security B. cloud security C. Advanced Endpoint Protection D. SaaS logging service

Which element refers to technologies that enable organizations to collect inputs monitored by the Security Operations team? A. Case Management B. SIEM C. SOAR D. Knowledge Management

Which feature of the NGFW is required to implement RBAC? A. App-ID B. Content-ID C. User-ID D. Global Protect

Which group is likely to attack indiscriminately, whether you are a valuable target or not? A. hacktivists B. cybercriminals C. cyberterrorists D. state-affiliated groups

Which security consideration is associated with inadvertently missed anti-malware and security patch updates to virtual machines? A. hypervisor vulnerabilities B. VM sprawl C. dormant VMs D. intra-VM communications

Which stage of an attack is typically east-west traffic? A. reconnaissance B. weaponization C. lateral spread D. actions on the objective

Which type of attack would include an e-mail with your name that claims to be from your bank and tells you to click the link https://chase.bankofamerica.mysite.ru.? A. spamming B. phishing C. spear phishing D. whaling

What does SOAR stand for? A. security operations automation for reaction B. secure operations and research C. security operations, analysis, and research D. security orchestration, automation, and response

What is the purpose of NDP? A. IPv6 to IPv4 logical addresses B. IPv4 to IPv6 logical addresses C. IPv4 to MAC addresses D. IPv6 to MAC addresses

Which NGFW core subscription allows your firewall to identify zero-day malware? A. DNS Security B. URL Filtering C. Threat Prevention D. WildFire

Which NIST cloud service model does not require the customer organization to do any programming? A. IaaS B. PaaS C. FaaS D. SaaS

Which VPN technology has become the standard method of connecting remote endpoint devices back to the enterprise network? A. L2TP B. PPTP C. IPsec D. SSL

Prisma SaaS is used to protect sanctioned SaaS use, as part of an integrated security solution that includes next-generation firewalls to prevent unsanctioned SaaS use. Prisma SaaS communicates directly with the SaaS applications themselves and therefore does not need to be deployed inline and does not require any software agents, proxies, additional hardware, or network configuration changes. (True or False)

The internet is an example of a wide-area network (WAN). (True or False)

The key to Cortex XDR is blocking core exploit and malware techniques, not individual attacks. (True or False)

Which kind of server is a master server that is designed to listen to individual compromised endpoints and respond with appropriate attack commands? A. command and control B. bot C. web D. directory services

Which element of the People pillar focuses on retaining staff members? A. Training B. Career Path Progression C. Employee Utilization D. Tabletop Exercises

Which core component of Cortex combines security orchestration, incident management, and interactive investigation to serve security teams across the incident lifecycle? A. AutoFocus B. Cortex XDR C. Cortex XSOAR D. Cortex Data Lake

Which next-generation product replaces UTM appliances to reduce traffic inspection latency? A. hub B. switch C. firewall D. router

Which statement about hybrid clouds is incorrect? A. Hybrid clouds increase operational efficiencies. B. Hybrid clouds optimize existing hardware resources. C. Hybrid clouds increase data center costs. D. Hybrid clouds can handle "bursty" applications through autoscaling.

Which tactic, technique, or procedure (TTP) masks application traffic over port 443 (HTTPS)? A. using non-standard ports B. hopping ports C. hiding within SSL encryption D. tunneling

Which type of attack utilizes many endpoints as bots or attackers in a coordinated effort, and can be extremely effective in taking down a website or some other publicly accessible service? A. Bluetooth B. adware C. distributed denial-of-service D. man-in-the-middle

Which type of firewall operates up to Layer 4 (transport layer) of the OSI model and inspects individual packet headers to determine source and destination IP address, protocol (TCP, UDP, ICMP), and port number? A. proxy B. application C. packet filtering D. stateful inspection

What allows multiple, virtual operating systems to run concurrently on a single physical host computer? A. serverless computing B. micro-VMs C. virtual machines D. hypervisor

Which part of APTs indicate that attackers use advanced malware and exploits and typically also have the skills and resources necessary to develop additional cyberattack tools and techniques? A. Secure B. Persistent C. Threat D. Advanced

Which path or tool is used by attackers? A. storage-area networks (SAN) B. anti-malware update C. SaaS D. threat vector

Which record specifies authoritative information about a DNS zone such as primary name server, email address of the domain administrator, and domain serial number? A. Canonical Name (CNAME) B. Mail Exchanger (MX) C. Pointer (PTR) D. Start of Authority (SOA)

Which layer of the OSI model ensures that messages are delivered to the proper device across a physical network? A. Application B. Data Link C. Network D. Presentation

Which network device transmits an electronic signal so that wireless devices can connect to a network? A. router B. access point C. hub D. switch

Which next-generation firewall deployment option prevents successful cyberattacks from targeting mobile network services? A. PA-Series B. K2-Series C. CN-Series D. VM-Series

Which type of advanced malware has entire sections of code that serve no purpose other than to change the signature of the malware, thus producing an infinite number of signature hashes for even the smallest of malware programs? A. distributed B. polymorphic C. multi-functional D. obfuscated

Which type of endpoint protection wraps a protective virtual barrier around vulnerable processes while they are running? A. application-based B. container-based C. signature-based D. anomaly-based

Which type of hypervisor is hosted and runs within an operating system environment? A. Type 1 B. Type 2 C. Type 3 D. Type 4

Which cloud security best practice is deployed to ensure that every person who views or works with your data has access only to what is absolutely necessary? A. set appropriate privileges B. keep cloud software updated C. build security policies and best practices into cloud images D. review default settings

What is the primary purpose of the information exchanged by routing protocols? A. dynamic routing B. static routing C. billing for network access D. advertising MAC addresses

What management method can a SOC team utilize to collect information on security incidents and their statuses? A. Case management B. Knowledge management C. Asset management D. Threat management

Which type of firewall requires the least amount of RAM per connection? A. packet filtering B. stateful packet inspection C. application D. next-generation

Which type of malware protection can be bypassed by mutating malware? A. signature-based B. container-based C. application allow lists D. anomaly detection

What does the first phase of implementing security in virtualized data centers consist of? A. consolidating servers across trust levels B. consolidating servers within trust levels C. selectively virtualizing network security functions D. implementing a dynamic computing fabric

What kind of network is most likely to use point to point links? A. LAN B. WAN C. SD WAN (only) D. WAN (only if it is not SD WAN)

In which area of focus can a SOC team use the Cortex XSOAR War Room to conduct a joint investigation? A. Ticketing B. Workflow automation C. Collaborate D. Manage incidents

Intra-VM traffic is also known as which type of traffic? A. north-south B. unknown C. east-west D. untrusted

Which component may be shared with other cloud tenants even when using IaaS? A. application B. runtime C. virtual machine (guest) D. physical machine (host)

Which continuous process replaces manual checks with automated code testing and deployment? A. integration B. development C. delivery D. deployment

Which header does not appear in all packets of an HTTP file transfer over Ethernet? A. Ethernet B. IP C. TCP D. HTTP

Which team would have work tickets to reimage machines, request system patching, or reject assets joining the network? A. DevOps B. Operational Technology C. Help Desk D. IT Operations

A SOC team is divided into groups with different functions. Which three teams are responsible for the development, implementation, and maintenance of security policies? A. Endpoint Security, Network Security, and Cloud Security B. Enterprise Security, Endpoint Security, and Cloud Security C. HelpDesk Security, Operational Security, and Information Technology Security D. Telemetry Security, Forensics Security, and Threat Intelligence Security

When HTTP is used directly to server webpages, it is a protocol of which layer? A. Application B. Presentation C. Session D. Transport

Which DNS record type do you use to find the IPv4 address of a host? A. A B. AAAA C. PTR D. MX

Which NGFW core subscription would tell your firewall that an attempt to resolve adfewqrtgfhghyj.uykfhzvsdfgpoiyte.evil.com is probably an attack? A. DNS Security B. URL Filtering C. Threat Prevention D. WildFire

In which stage of the cyberattack lifecycle would you identify unusual communication between an internal database that should not access the internet and an external server? A. Exploitation B. Installation C. Command and Control D. Actions on the Objective

Sensors for a cultivated field must report the results once a day. These sensors are powered by batteries that need to last for years. Which form of connectivity do you use? A. Bluetooth B. Wi-Fi C. LoRaWAN D. Satellite C-Band

What could a SOC do if they wanted to reclassify the severity level of an attack? A. The team can reclassify the severity to 3 - Medium because the team is already working on mitigating the issue. B. Nothing. Severity 1 - Critical indicates a breach and is the highest severity level. C. The team can reclassify the attack as a Severity 0 to indicate an ongoing breach where the attacker is attempting to exfiltrate, encrypt, or corrupt data. D. The team can reclassify the severity to 5 - Informational, because the attack has already been identified.

What is the common protocol for accessing a directory? A. DAP B. LDAP C. SLAP D. SLDAP

What is the first step a SOC should consider when setting the budget? A. Establish a budget to meet the minimum requirements of the team B. Obtain an agreement regarding the mission of the Security Operations and the SOC C. Identify the technology, staff, facility, training, and additional needs D. Define the processes needed to change the allocated budget and for emergency budget relief

What security technology can a SOC team use to identify anomalous behavior indicative of attacks? A. endpoint security analytics B. behavioral analytics C. malware analytics D. honeypot analytics

Which element is a tool to assist organizations in aggregating, correlating, and analyzing threat data from multiple sources? A. Vulnerability Management Tools B. Threat Intelligence Platform C. Knowledge Management D. Case Management

Which device is M2M (machine to machine)? A. internet-connected TV B. home alarm that dials the police for response C. car GPS D. temperature sensor connected to a fire suppression system

Which element defines how the Security Operations team and surrounding teams will interact? A. Change Control B. Escalation Process C. Quality Review D. Interface Agreements

Which element is a collaborative toolset used to document, track, and notify the entire organization of security incidents? A. Asset Management B. Knowledge Management C. Vulnerability Management Tools D. Case Management

Which element provides investigative support if legal action is required? A. Governance, Risk and Compliance B. Enterprise Architecture C. Business Liaison D. Forensics and Telemetry

Which one of these applications can be used as a tunnel for other applications? A. Telnet B. SMTP C. HTTPS D. SSH

Which pillar defines the step-by-step instructions and functions that will be carried out? A. Technology B. People C. Interfaces D. Processes E. Business F. Visibility

Which pillar identifies the scope of responsibilities and separation of duties? A. Processes B. Technology C. Visibility D. Interfaces E. Business F. People

Signature-based anti-malware software is considered a proactive security countermeasure. (True or False)

Which IDS/IPS system uses a database of known vulnerabilities and attack profiles to identify intrusion attempts? A. knowledge-based B. behavior-based C. intuitive-based D. standards-based

Which element is a security technology that detects malicious activity by identifying anomalous behavior indicative of attacks? A. Behavioral Analysis B. Malware Sandboxing C. Endpoint Security D. Intrusion Prevention and Detection Systems

Which phrase best describes a DevOps software development model? A. develops all the code in one big software package for delivery to the Ops team, which then tests the code for deployment B. unites the development and operations teams throughout the entire software delivery process to speed up code deployment C. employs DevOps engineers to deliver new features and do bug fixes D. uses automation tools and is almost identical to the traditional software development model

Which value can be achieved by the ability to pool resources in cloud computing? A. resource aggregation B. economies of scale and agility C. application consolidation D. elasticity

What is the purpose of the shared responsibility model? A. helps your organization scale B. brings cost and operational benefits but also technology benefits C. defines who (customer and/or provider) is responsible for what, related to security, in the public cloud D. pools resources to achieve economies of scale

What type of malware can have multiple control servers distributed all over the world with multiple fallback options? A. logic bombs B. rootkits C. advanced or modern D. exploits

Which category of IoT enables real-time use cases, such as autonomous vehicles, with 4G LTE Advanced Pro delivering speeds in excess of 3Gbps and less than 2 milliseconds of latency? A. low-power WAN B. satellite C. cellular D. short-range wireless

Which DevOps CI/CD pipeline feature requires developers to integrate code into a repository several times per day for automated testing? A. continuous delivery B. continuous deployment C. continuous identity D. continuous integration

Which SASE security-as-a-service layer capability provides visibility into SaaS application use, understands where sensitive data resides, enforces company policies for user access, and protects data from hackers? A. secure web gateway (SWG) B. data loss prevention (DLP) C. firewall as a service (FWaaS) D. cloud access security broker (CASB)

Which cloud feature continuously monitors an app's behavior and the context of behavior to immediately identify and prevent malicious activity? A. software configuration management (SCM) B. cloud access security broker (CASB) C. integrated development environment (IDE) D. runtime application self protection (RASP)

Which predefined malware signature action notifies the user that malware has been detected? A. isolate B. quarantine C. delete D. alert

Which team identifies potential risks to the organization that have not yet been observed in the network? A. Forensics and Telemetry B. Threat Hunting C. Red and Purple D. Threat Intelligence

WPA2 includes a function that generates a 256-bit key based on a much shorter passphrase created by the administrator of the Wi-Fi network and the service set identifier (SSID) of the AP is used as a salt (random data) for the one-way hash function. (True or False)

Which two malware types require external communication channels? (Choose two.) A. ransomware B. spyware C. adware D. logic bomb

What are the two advantages of SASE? (Choose two.) A. a single physical point of ingress into the organization B. a single logical point of ingress into the organization C. a single physical point of egress out of the organization D. a single logical point of egress from the organization

Which two networks are subnets of 10.2.0.0/20? (Select two) A. 10.2.0.0/19 B. 10.2.5.0/24 C. 10.2.20.0/24 D. 10.2.14.0/28 E. 10.2.0.0/16

What is relevant information that a SOC team's detailed analysis investigation can gather? (Choose three.) A. How the alert should be triaged B. The potential impact of the security incident C. Where the attacker will exfiltrate data from next D. The adversary's objective E. Whether the incident is a true incident or a false positive

BDE

Which NIST cloud deployment model would you recommend for a startup that does not have much money to pay for hosting or a data center and needs a 24x7 server? A. public B. private C. community D. hybrid

Which type of traffic can be secured by a physical appliance? A. north-south B. east-west C. unknown D. cloud

Who is responsible for the software of a sanctioned SaaS application? A. provider B. IT department C. line of business that uses it D. users

Which three areas of focus can Cortex XSOAR help the SOC team with combatting security challenges? (Choose three.) A. Workflow automation B. Isolation C. Ticketing D. Training E. Collaboration

ACE

Which environment allows you to install an appliance that sees all traffic? A. LAN when people work from home B. non-virtualized data center C. virtualized data center D. VPC network

Which feature of the NGFW distinguishes between downloading a legitimate program and downloading malware? A. App-ID B. Content-ID C. User-ID D. Global Protect

Which step is involved in getting malware to run on the inside of the targeted organization? A. Weaponization and Delivery B. Exploitation and Installation C. Command and Control D. Actions on the Objective

Which team is responsible for managing, monitoring, and responding to alerts that may impact the availability and performance of the IT infrastructure? A. Operational Technology B. IT Operations C. Network Security D. Vulnerability

Which tunneling protocol can you use to connect two Ethernet segments into one? A. PPP B. L2TP C. IPsec (without L2TP) D. SLIP

Which type of traffic can stay contained in a single physical server? A. north-south B. east-west C. unknown D. trusted traffic

You downloaded a confidential file to your phone to use in a business meeting. Now you see it is no longer there. Which MDM feature could be the reason? A. data loss prevention B. malware protection C. remote erase/wipe D. geofencing and location services

How many bytes are in an IPv6 address? A. 4 B. 8 C. 16 D. 32

What details should be included in a SOC manager's weekly report? A. Open incidents and other daily activity that have been accomplished B. Overall effectiveness of the SecOps functions, how long events are sitting in queue before being triaged, and if staffing in the SOC is appropriate C. Security trends to initiate threat-hunting activities, open and closed cases, and conclusions of tickets (malicious, benign, false-positive) D. All of the above

What does PKI mean? A. Password/Key Identification B. Passive Key Identification C. Public Key Infrastructure D. Private Key Infrastructure

What is the relationship between SIEM and SOAR? A. SIEM products implement the SOAR business process. B. SIEM and SOAR are different names for the same product category. C. SIEM systems collect information to identify issues that SOAR products help mitigate. D. SOAR systems collect information to identify issues that SIEM products help mitigate.

Which SOAR goal enables a SOC team to use playbook orchestration to extract more value through task automation and coordination? A. Accelerated response B. Standardize process C. Reduce risk D. Collaboration and learning

Which action is part of the compute security pillar? A. user and entity behavior analytics (UEBA) B. Microservice-aware micro-segmentation C. integration with the CI/CD workflow D. automated asset inventory

Which component or technology is used to view aggregated data about a network? A. Network Security B. Threat Intelligence C. Security Information & Event Management D. Endpoint Security

Which element provides control for detecting and protecting servers, PCs, laptops, phones, and tablets from attacks such as exploits and malware? A. Mobile Device Management B. Malware Sandboxing C. Endpoint Security D. Firewall

Which is not a top-three wish for Security Operations Engineers? A. Reduce the number of alerts flowing into the SOC B. Lessen the time required to take to contain a breach C. Use previous incidents to prevent future attacks D. Access tools to quickly investigate threats

Which method to identify ransomware that uses a zero-day exploit is available in endpoint protection, but not on the firewall? A. attack signatures B. behavior analysis C. observation of attack effects D. data decryption

Which process is part of configuration management? A. identity and access management B. auditing C. patch management D. scanning for vulnerabilities

Which team can a SOC turn to for assistance with operational changes to cloud technology? A. Help Desk Team B. DevOps Team C. Operational Technology Team D. Information Technology Operations Team

Which cloud native security platform function remediates vulnerabilities and misconfigurations consistently across the entire build-deploy-run lifecycle? A. automation B. integration C. visibility D. continuity

Which malware type is installed in the BIOS of a machine, which means operating system level tools cannot detect it? A. rootkit B. logic bomb C. ransomware D. spyware

Which type of cyberattack sends extremely high volumes of network traffic such as packets, data, or transactions that render the victim's network unavailable or unusable? A. distributed denial-of-service (DDoS) B. spamming botnet C. phishing botnet D. denial-of-service (DoS)

Which security technology is designed to help organizations embrace the concepts of cloud and mobility by providing network and network security services from a common cloud-delivered architecture? A. cloud native B. secure access service edge (SASE) C. platform as a service D. distributed cloud

What does the acronym CIDR represent? A. Classful Inter Dependant Routing B. Classless Inter-Domain Routing C. Classless Inter Dependant Routing D. Classful Inter Domain Routing

In which cloud computing service model does a provider secure the physical computers running the virtual environment? A. platform as a service (PaaS) B. software as a service (SaaS) C. infrastructure as a service (IaaS) D. public cloud

Palo Alto PCCET Questions

Related study sets

Driving Signs

Chapter 3 Intro To Networking

Exam 3 Professor Fine POSC1000

Unit 5 Review: Chapters 17-22

MOS 5101

chapter 4

Hawaiian Pacific studies

Chapter 13

Biology Mitosis

Immunology Exam 2

Chapter 1-5

Economics Chapter 4 Practice Exam

Computer Security Final (shorter)

Standard Error

Hauling Hazardous Material

Metabolism Practice Test

retail mgt chapter 9

BCIS 2610 Chapter Two Quiz

Great Depression & New Deal

Corporate communication