Palo Alto PCCET Questions

Ace your homework & exams now with Quizwiz!

Which type of traffic flows between the public internet and private DMZ? A. north-south B. east-west C. up-down D. egress traffic

A

What is the authentication method that uses usernames and passwords? A. PAP B. CHAP C. MS-CHAP D. SAP

A

Which SaaS application behavior is allowed and provided by information technology (IT)? A. tolerated B. prohibited C. sanctioned D. unsanctioned

C

Which pillar defines the purpose of the Security Operations team to the business and how it will be managed? A. Visibility B. Processes C. Business D. Technology E. Interfaces

C

Which VPN technology is considered the preferred method for securely connecting a remote endpoint device back to an enterprise network? A. Point-to-Point Tunneling Protocol (PPTP) B. Secure Socket Tunneling Protocol (SSTP) C. Secure Sockets Layer (SSL) D. Internet Protocol Security (IPsec)

C

Prisma SaaS is deployed as a standalone inline service between the organization's traditional perimeter-based firewalls and requires a software agent to be installed on mobile devices. (True or False)

F

Which principle is behind role-based access control (RBAC)? A. separation of duties B. auditability C. least privilege D. defense in depth

C

What is the subnet mask for the network 10.2.0.0/20? A. 255.0.0.0 B. 255.255.0.0 C. 255.255.240.0 D. 255.255.255.0

C

Which Wi-Fi attack intercepts the victim's web traffic, redirects the victim's browser to a web server that it controls, and serves up whatever content the attacker desires? A. Evil Twin B. SSLstrip C. Emotet D. Jasager

B

Which wireless security protocol includes improved security for IoT devices, smart bulbs, wireless appliances, and smart speakers? A. WPA2 B. WPA3 C. WPA1 D. WEP

B

Why are IoT devices so often insecure? A. rushed development B. long release and patch cycles C. insufficient time for quality assurance D. low development budget

B

Which device does not process addresses? A. hub B. switch C. WiFi access point D. router

A

Which business objective dictates how to measure "performance" against the defined and socialized mission statement? A. Budget B. Mission C. Governance D. Planning

C

On which device do you configure VLANs? A. wireless repeater B. hub C. switch D. router

C

In which cloud computing service model does a provider's applications run on a cloud infrastructure and the consumer does not manage or control the underlying infrastructure? A. platform as a service (PaaS) B. infrastructure as a service (IaaS) C. software as a service (SaaS) D. public cloud

A

Which stage of the cyberattack lifecycle can be identified by port scans from external sources? A. Reconnaissance B. Weaponization and Delivery C. Exploitation D. Installation

A

The Internet Protocol itself provides the functionality of which layer? A. Transport B. Network C. Data link D. Physical

B

Which NGFW core subscription allows your firewall to block users when they attempt to submit their credentials to a phishing site? A. DNS Security B. URL Filtering C. Threat Prevention D. WildFire

B

Which NIST cloud service model limits your choice of runtime environments in which an application can be written? A. IaaS B. PaaS C. FaaS D. SaaS

B

Which component of the zero trust conceptual architecture is called a "platform" to reflect that it is made up of multiple distinct (and potentially distributed) security technologies that operate as part of a holistic threat protection framework to reduce the attack surface and correlate information about discovered threats? A. Management infrastructure B. Pocket of trust C. Trust zone D. Single component

D

Which element can reduce the number of unauthorized, unpatched, or compromised devices from connecting to the network? A. DNS Sinkholing B. Virtual Private Network (VPN) C. Identity and Access Management D. Network Access Control

D

A dynamic packet filtering (also known as stateful packet inspection) firewall only inspects individual packet headers during session establishment to determine whether the traffic should be allowed, blocked, or dropped by the firewall. After a session is established, individual packets that are part of the session are not inspected. (True or False)

F

Which device type uses routing protocols to exchange information? A. switches B. hubs C. routers D. servers

C

Which team is responsible for identifying and escalating vulnerabilities in an organization's assets, including hardware and software? A. Operational Technology B. Threat Intelligence C. Vulnerability D. Network Security

C

Which technology or technique can be implemented to detect, deflect, and counteract malicious activities? A. Firewall B. Endpoint Security C. DNS Sinkholing D. Honeypot

D

Your CFO receives an email with her name that claims to be the company's bank and tells her to click the link https://chase.bankofamerica.mysite.ru.What type of attack is this? A. spamming B. phishing C. spear phishing D. whaling

D

Which type of system cannot identify zero-day vulnerabilities? A. intrusion detection B. intrusion prevention C. signature based D. behavior based

C

Which Zero Trust capability provides a combination of anti-malware and intrusion prevention technologies to protect against both known and unknown threats, including mobile device threats? A. least privilege B. secure access C. inspection of all traffic D. cyberthreat protection

D

Which type of attack would include an email with an attachment not-a-trojan.exe? A. spamming B. phishing C. spear phishing D. whaling

B

The OSI model consists of how many layers? A. four B. six C. seven D. nine

C

Which Wi-Fi attack leverages device information about which wireless networks it previously connected to? A. evil twin B. man-in-the-middle C. Jasager D. SSLstrip

C

Which time interval describes a "window of vulnerability"? A. between when a vulnerability is discovered and when a patch is published B. between when a patch is published and when the patch is installed on your system C. between when a vulnerability is discovered and when the patch is installed on your system D. between when a vulnerability is discovered and when it is disclosed to the vendor

C

What tool or technology can a SOC team use to detect and prevent accidental or malicious release of proprietary or sensitive information? A. Vulnerability management B. URL Filtering C. SSL Decryption D. Data Loss Prevention (DLP)

D

What is the name of the device used to secure a network's perimeter? A. switch B. hub C. modem D. firewall

D

Which phased approach of hybrid cloud security requires networking and security solutions that not only can be virtualized but also are virtualization-aware and can dynamically adjust as necessary to address communication and protection requirements, respectively? A. consolidation servers within trust levels B. dynamic computing fabric C. consolidation servers across trust levels D. selective network security virtualization

B

Which type of system does not perform any preventive action to stop an attack? A. data loss prevention B. Intrusion Prevention C. Unified Threat Management D. intrusion detection

D

If a SOC team is unable to detect a security breach, what are the two potential damages that can happen to the business? (Choose two.) A. Infrastructure and server uptime B. Ransom payments to attackers C. Legal and media fees while dealing with breach D. Increase in customer switching to your company

BC

Which two types of services does SASE provide? (Choose two.) A. storage B. security C. networking D. compute

BC

In which model do applications rely on managed services that abstract away the need to manage, patch, and secure infrastructure and virtual machines? A. SaaS B. serverless C. PaaS D. containers

B

Introducing security checks early in the software development process is part of which development model? A. DevCyberOps B. DevSecOps C. DevOps D. DevSecTestOps

B

Organizations are using which resource to expand their on-premises private cloud compute capacity? A. software defined data centers B. public cloud C. virtual storage D. virtual networks

B

What tool or technology can a SOC team use to provide visibility into HTTPS traffic to find IOCs or high-fidelity indicators? A. Application Monitoring B. SSL Decryption C. URL Filtering D. Data Loss Prevention

B

Which action is part of the compute cloud governance and compliance pillar? A. user and entity behavior analytics (UEBA) B. Microservice-aware micro-segmentation C. integration with the CI/CD workflow D. automated asset inventory

D

Which type of malware disables protection software? A. anti-AV B. Trojan horse C. ransomware D. worm

A

Which cloud use model runs just one container per virtual machine? A. serverless B. containers as a service (CaaS) C. standard docker containers D. VM-integrated containers

D

Which option shows the ISO layers in the correct order (bottom layer to top)? A. Physical, Transport, Network, Session, Data link, Presentation, Application B. Physical, Data link, Network, Application, Presentation, Transport, Session C. Physical, Data link, Transport, Session, Presentation, Network, Application D. Physical, Data link, Network, Transport, Session, Presentation, Application

D

Which specific technology is associated with Web 3.0? A. social networks B. instant messaging C. remote meeting software D. blockchain

D

Which type of malware protection is vulnerable to a low and slow approach? A. signature-based B. container-based C. application allow lists D. anomaly detection

D

Which NIST cloud service model requires the customer to keep the operating system up to date? A. IaaS B. PaaS C. FaaS D. SaaS

A

Which type of attack would include an email advertisement for a dry cleaning service? A. spamming B. phishing C. spear phishing D. whaling

A

Which action is part of the network security pillar? A. user and entity behavior analytics (UEBA) B. Microservice-aware micro-segmentation C. integration with the CI/CD workflow D. automated asset inventory

B

Which cloud provider calls its IaaS service Elastic Computing Service (ECS)? A. Alibaba B. AWS C. Azure D. GCP

B

Which element is used to gather information required to determine the severity of an incident and builds the foundation for an investigation? A. Escalation Process B. Initial Research C. Alerting D. Severity Triage

B

Which option is an example of a static routing protocol? A. Open Shortest Path First (OSPF) B. Border Gateway Protocol (BGP) C. Routing Information Protocol (RIP) D. split horizon

B

Which behavior does an advanced persistent threat use to elude detection? A. do everything at night, when nobody is monitoring B. rely exclusively on insiders with privileged access C. do everything quickly with scripting so that the effect of the threat is achieved by the time it is detected D. use a low and slow approach to avoid triggering alarms

D

Which business objective includes details about how the Security Operations organization will achieve its goals? A. Budget B. Mission C. Governance D. Planning

D

Which item is not one of the four Cs of cloud native security? A. clusters B. code C. containers D. cache

D

How do attackers prevent port scans from being noticed by monitoring software? A. Scan ports so quickly it is finished before it can be detected and stopped B. Scan ports so slowly it looks like random attempts to connect, rather than a concerted attack C. scan ports from an internal device D. scan ports through WiFi instead of Ethernet

B

What are scaled-down, lightweight virtual machines that run on hypervisor software and contain only the Linux operating system kernel features necessary to run a container? A. serverless B. micro-VMs C. containers D. Kubernetes

B

Which type of access control can change a user's permissions based on their location? A. RBAC B. ABAC C. PAP D. CHAP

B

The cyberattack lifecycle is a seven-step process. (True or False)

F

Signature-based anti-malware software is considered a reactive countermeasure because a signature file for new malware can't be created and delivered until the malware is already "in the wild." (True or False)

T

Which kind of attack can an intrusion prevention system enable? A. trojan horse type malware B. data exfiltration C. command and control D. denial of service

D

Which kind of security is always the responsibility of the cloud customer? A. physical security B. network security C. application security D. data security

D

Which type of malware protection has a problem with legitimate software upgrades? A. signature-based B. container-based C. application allow lists D. anomaly detection

C

What is the name of the attack in which the attacker gets the victim to connect to an access point the attack controls? A. person in the middle B. man in the middle C. access point in the middle D. access point masquerading

B

What is the term for traffic between a web site and a local database that stores information for it? A. north-south B. east-west C. unknown D. cloud

B

Which PAN-OS Next-Generation Firewall configuration templates are based on security best practice recommendations instead of extensive how-to documentation? A. VM-Series B. IronSkillet C. PA-5200 Series D. K2-Series

B

Another term for a bot is a "zombie". (True or False)

T

Which potentially risky attribute is the most serious? A. Pervasive B. malware C. excessive bandwidth D. tunnels

B

Which team is responsible for developing, implementing, and maintaining the network security policies? A. Vulnerability B. Network Security C. IT Operations D. Operational Technology

B

What tool or technology can provide a SOC team with control of the provisioning, maintenance, and operation of user identities? A. Identity and access management B. Mobile device management C. Network access controls D. Virtual private networks

A

Which cloud use model restricts your choice of a runtime environment to the environments supported by the cloud provider? A. serverless B. on-demand containers C. containers as a service (CaaS) D. standard docker containers

A

Which feature can mitigate or block malicious behavior and is considered a proactive control? A. Intrusion Prevention System (IPS) B. Behavioral Analysis C. DNS Sinkholing D. Intrusion Detection System (IDS)

A

In which two scenarios does network address translation (NAT) reduce the number of needed IP addresses? (Choose two.) A. devices are clients, dynamic NAT that hides them behind a single IP B. devices are servers, dynamic NAT for load balancing that makes them appear a single device C. devices are clients, static NAT to let them share an IP address D. devices are servers, static NAT to let them share an IP address

AB

Which software development concept that also has been applied more generally to IT says that additional future costs for rework are anticipated due to an earlier decision or course of action that was necessary for agility but was not necessarily the most optimal or appropriate decision or course of action? A. role-based access control B. technical debt C. software lifecycle D. runtime environment

B

Ten containers running on five virtual machines are spread between two type 2 hypervisors. How many OS instances are you running? A. 2 B. 5 C. 7 D. 17

C

Which MDM capability requires passcodes, enables encryption, locks down security settings, and prevents jailbreaking or rooting? A. software distribution B. remote erase/wipe C. policy enforcement D. data loss prevention

C

Which Prisma SaaS feature connects directly to the applications themselves and provides continuous silent monitoring of the risks within sanctioned SaaS applications, with detailed luminosity that is not possible with traditional security solutions? A. granular data visibility B. large scale data control C. data exposure visibility D. contextual data exposure

C

Providing education opportunities to SOC analysts can help them grow into different career paths. What advanced roles are available for SOC analysts? A. Tier 2 or Tier 3 Analyst B. Team Lead/Shift Lead C. SOC Manager D. Threat Hunter E. All of the above

E

Which sanctioned SaaS use control prevents known and unknown malware from residing in sanctioned SaaS applications, regardless of source? A. threat prevention B. data visibility control C. risk prevention D. data exposure control

A

Which two advantages make 2G a popular choice for cellular IoT devices? (Choose two.) A. low latency B. high latency C. low hardware cost D. high bandwidth E. low power consumption

CE

Which VPN would you expect to see in use between two of an organization's data centers? A. SSL/TLS B. IPsec C. SSH D. PPP

B

Which three options describe the relationship and interaction between a customer and SaaS? (Choose three.) A. subscription service B. extensive manpower required C. internet- or application-based D. complex deployment E. convenient and economical

ACE

Which class of address begins with the decimal 130 in the first octet? A. Class A B. Class B C. Class C D. Class D

B

Which type of algorithm does Prisma SaaS use to sort sensitive documents into top-level categories for document classification and categorization? A. dynamic programming B. supervised machine learning C. artificial intelligence D. recursive

B

Which WildFire verdict is given for a submission that is malicious in nature and intent and can pose security threats (for example, viruses, worms, Trojan horses, rootkits, botnets, and remote-access toolkits)? A. phishing B. malware C. benign D. grayware

B

Which area network separates the control and management processes from the underlying networking hardware for simplified configuration and deployment? A. wireless local area network (WLAN) B. software-defined wide area network (SD-WAN) C. wide area network (WAN) D. local area network (LAN)

B

How is SOAR different from SIEM? A. It monitors alerts generated by applications and network hardware B. It monitors various sources for machine data C. It provides real-time detection D. It ingests alerts and drives them to response

D

Which type of phishing attack is specifically directed at senior executives or other high-profile targets within an organization? A. whaling B. watering hole C. pharming D. spear phishing

A

Which 32-bit logical address is the most widely deployed version of IP? A. IPv6 B. IPv5 C. IPv4 D. IPv3

C

Which element of the Processes pillar is rooted in revisiting prior incidents? A. Process Improvement B. Tuning C. Capability Improvement D. Quality Review

C

Which action is associated with Web 3.0? A. checking CNN's web site for news B. posting on Facebook C. adding information to Wikipedia D. asking Apple's Siri a question

D

Which security method requires passcodes, enables encryption, locks down security settings, and prevents jailbreaking or rooting? A. policy enforcement B. software distribution C. data loss prevention D. malware protection

A

Which one of the four Prisma Cloud pillars enforces machine learning-based runtime protection to protect applications and workloads in real time? A. network protection B. visibility, governance, and compliance C. compute security D. identity security

C

Which physical or virtual device sends data packets to destination networks along a network path using logical addresses? A. hub B. switch C. router D. access point

C

Which malware type can change code and signature patterns with each iteration? A. polymorphic B. metamorphic C. ransomware D. rooting

B

Mobile devices are easy targets for attacks for which two reasons? (Choose two.) A. They have poor battery-charging capabilities. B. They use speaker phones. C. They stay in an always-on, always-present state. D. They roam in unsecured areas.

CD

Subnetting should not be used to limit network traffic or limit the number of devices that are visible to, or can connect to, each other. (True or False)

F

What is the decimal representation of binary 1111 1101? A. 251 B. 252 C. 253 D. 254

C

Which step of implementing a Zero Trust model includes scanning and mapping the transaction flows inside your network to determine how various data, applications, assets, and service components interact with other resources on your network? A. Define your protect surface. B. Architect a Zero Trust network. C. Create the Zero Trust policy. D. Map the transaction flows.

D

Which element protects HTTP applications from well-known HTTP exploits? A. Intrusion Prevention and Detection B. Web Application Firewall C. Web Proxy D. Malware Sandboxing

B

Which endpoint protection technique is commonly used to prevent end users from running unauthorized applications, including malware, on their endpoints? A. anomaly detection B. application allow listing C. container-based endpoint protection D. signature-based

B

A server that has a bug that lets a single transaction take it off line is susceptible to which type of attack? A. Denial of Service (DoS) B. Distributed Denial of Service (DDoS) C. trojan horses D. worms

A

Which SecOps function requires processing large amounts of information, and typically is automated? A. Identify B. Investigate C. Mitigate D. Improve

A

Which action is associated with Web 1.0? A. checking CNN's website for news B. posting on Facebook C. adding information to Wikipedia D. asking Apple's Siri a question

A

Which device creates a collision domain that includes all the interfaces to which it is connected? A. hub B. switch C. router D. web server

A

Which element is an essential cybersecurity control to separate networks and enforce communication restrictions between networks? A. Firewall B. Web Application Firewall C. Web Proxy D. Intrusion Prevention and Detection

A

Which element is considered a safe place to simulate an end user's environment to test unknown applications? A. Malware Sandbox B. Virtual Private Network C. Dedicated Workstation D. Honeypot

A

A news company can serve all requests from their data center 95% of the time. However, some days there is a huge demand for news updates. Which NIST deployment model would you recommend to them? A. public B. private C. community D. hybrid

D

How many /28 subnets can you fit in a class C? A. 2 B. 4 C. 8 D. 16

D

How would a port filter firewall classify access to the URL https://example.com:22/this/page? A. HTTP B. HTTPS C. Telnet D. SSH

D

Prisma SaaS protects data in hosted files and application entries. (True or False)

T

The Prisma suite secures public cloud environments, SaaS applications, internet access, mobile users, and remote locations through a cloud-delivered architecture. (True or False)

T

Which pillar defines the functions that need to happen to achieve the stated goals? A. People B. Processes C. Visibility D. Business E. Interfaces F. Technology

E

External threat actors have accounted for the majority of data breaches over the past five years. (True or False)

F

Which two components are in an IPv4 address? (Choose two.) A. network B. MAC address C. host D. device type E. route number

AC

Which two port numbers are associated with HTTP? (Choose two.) A. 80 B. 389 C. 8080 D. 25

AC

Which two protocols function at the Transport layer of the OSI model? (Choose two.). A. Transmission Control Protocol (TCP) B. Internet Protocol (IP) C. User Datagram Protocol (UDP) D. Hypertext Transfer Protocol (HTTP)

AC

Which two resources are shared between the different functions of a UTM device? (Choose two.) A. RAM B. alert information C. CPU D. attack signatures E. firewall state

AC

Which two techniques do "social engineers" use to distract their targets so they'll do whatever the attacker wants? (Choose two.) A. autopilot, requesting an action that the user does automatically without thinking B. phishing, sending email that asks for specific actions C. masquerading as a trojan horse D. infecting programs with a virus E. emotional distraction, such as yelling that the target would get fired

AE

Which two attacks typically use a botnet? (Choose two.) A. social engineering B. DoS C. DDoS D. sending spam to a lengthy mailing list E. spear phishing

CD

An organization can be compliant with all applicable security and privacy regulations for its industry yet still not be secure. (True or False)

T

Business intelligence (BI) software consists of tools and techniques used to surface large amounts of raw unstructured data to perform a variety of tasks, including data mining, event processing, and predictive analytics. (True or False)

T

Which protocol distinguishes between applications using port numbers? A. TCP B. ICMP C. ESP D. UDP

A

Which four layers comprise the TCP/IP model? (Choose four.) A. Application B. Transport C. Physical D. Internet E. Network Access

ABDE

Which two devices or systems require the configuration of non-standard ports to be able to use an application on a non-standard port? (Choose two.) A. firewall B. client C. server D. operating system E. certificate

BC

A website is called www.amazing.co.uk. What does that mean? A. The website is hosted in the United Kingdom by a company called Amazing. B. The website can be hosted anywhere, but the company must be located in the United Kingdom. C. The website can be hosted anywhere, and the company decided to appear British. D. The company decided to appear British, and the website is hosted in the United Kingdom.

C

How does ARP translate logical addresses? A. IPv6 to IPv4 logical addresses B. IPv4 to IPv6 logical addresses C. IPv4 to MAC addresses D. IPv6 to MAC addresses

C

If you are responsible for the application's security, but not the operating system's security, which cloud computing service model are you using? A. your own data center B. IaaS C. PaaS D. SaaS

C

What does Cortex XSOAR use to automate security processes? A. bash scripts B. Windows PowerShell C. playbooks D. Python scripts

C

Which NGFW core subscription allows your firewall to block known malware? A. DNS Security B. URL Filtering C. Threat Prevention D. WildFire

C

Who is the most likely target of social engineering? A. executive management, because it has the most permissions B. senior IT engineers, because the attacker hopes to get them to disable the security infrastructure C. junior people, because they are easier to stress and probably not as well trained D. the accounting department, because it can wire money directly to the attacker's account

C

Which device processes logical addresses? A. hub B. switch C. WiFi access point D. router

D

Ethernet and WiFi include elements of which two layers? (Choose two.) A. Session B. Transport C. Network D. Data link E. Physical

DE

Which three security functions are integrated with a UTM device? (Choose three.) A. cloud access security broker (CASB) B. Remote Browser Isolation (RBI) C. DevOps automation D. firewall E. Intrusion Detection System (IDS) F. anti-spam

DEF

Gmail is associated with which cloud computing model? A. SaaS B. PaaS C. IaaS D. DaaS

A

Only one manager can get company checks. Only a different manager can sign checks. This example describes which principle? A. separation of duties B. auditability C. least privilege D. defense in depth

A

Which Palo Alto Networks product suite is used to secure the data center? A. Strata B. Prisma C. Cortex D. WildFire

A

Which Panorama object is used to manage network settings? A. template B. device group C. virtual system D. Decryption Profile

A

Which action is part of the identity security pillar? A. user and entity behavior analytics (UEBA) B. Microservice-aware micro-segmentation C. integration with the CI/CD workflow D. automated asset inventory

A

Which feature of the NGFW can distinguish between reading Facebook and commenting? A. App-ID B. Content-ID C. User-ID D. Global Protect

A

Which option is a type 2 hypervisor? A. hosted B. native C. bare-metal D. imported

A

Which port is used for encrypted communication? A. 22 B. 80 C. 389 D. 25

A

Which step of the CI/CD pipeline cannot be automated? A. Coding B. Integration C. Testing D. Monitoring

A

Which two malware types are likely to be left behind by a disgruntled employee? (Choose two.) A. logic bomb B. backdoor C. virus D. trojan horse E. worm

AB

An alert has been identified and an incident has been opened in the ticketing system. What Security Operations function would be performed next? A. Perform a detailed analysis of the alert B. Investigate the root cause and impact of the incident C. Stop the attack and close the ticket D. Adjust and improve operations to stay current with changing and emerging threats

B

An analysis tool's machine learning identified, correctly, that the network is infected by a worm. Which type of finding is this? A. false positive B. true positive C. false negative D. true negative

B

Which statement is correct? A. A security researcher might write a vulnerability to demonstrate an exploit. B. A security researcher might write an exploit to demonstrate a vulnerability. C. Exploits often are the result of poorly trained programmers. D. Exploits always are the vendor's responsibility.

B

What is the order in which the endpoint checks if a new program is safe? A. behavioral threat protection, then local analysis, then WildFire query B. local analysis, then behavioral threat protection, then WildFire query C. WildFire query, then local analysis, then behavioral threat protection D. local analysis, then WildFire query, then behavioral threat protection

C

Which port number is associated with HTTPS? A. 21 B. 23 C. 443 D. 53

C

Which risk is eliminated in an organization that is 100% compliant? A. having confidential information become public B. having an advanced persistent threat change your information C. having the regulator punish you for being non-compliant D. having malicious insiders steal information

C

How often should tabletop exercises be performed? A. Once a month B. Once every 6 months C. Once a year D. Once a quarter

D

What does CVE mean? A. Computer Vulnerabilities and their Exploits B. Computer Vulnerabilities and Exposures C. Common Vulnerabilities and their Exploits D. Common Vulnerabilities and Exposures

D

What does SASE stand for? A. Service Access SEcurity B. Semi-Accessible Sensitive Environment C. Secrets Accessible in a Secure Environment D. Secure Access Service Edge

D

Which team is responsible for understanding, developing, and maintaining both the physical and virtual network design? A. SOC Engineering B. Network Security C. IT Operations D. Enterprise Architecture

D

Which type of system automatically blocks or drops suspicious, pattern-matching activity on the network in real time? A. Intrusion Detection B. Unified Threat Management C. Data Loss Prevention D. Intrusion Prevention

D

Which type of system can be blinded by a low-and-slow approach? A. intrusion detection B. intrusion prevention C. signature based D. behavior based

D

Which zero trust deployment method obtains a detailed picture of traffic flows throughout the network, including where, when, and to what extent specific users are using specific applications and data resources? A. Define trust zones B. Establish trust zones C. Implement at major access points D. Listen-only mode

D

You are responsible for the security of the application, the runtime, and the VM operating system. Which cloud deployment model are you using? A. SaaS B. FaaS C. PaaS D. IaaS

D

You go on a business visit to another country and you can't access a work application on your cell phone. Which MDM feature could be the reason? A. Data loss prevention B. malware protection C. remote erase/wipe D. geofencing and location services

D

A robust data loss prevention (DLP) solution can detect data patterns even if the data is encrypted. (True or False)

T

A user can get on the payroll app to see a paycheck, but can't modify it. This example describes which principle? A. separation of duties B. auditability C. least privilege D. defense in depth

C

What is the meaning of a SaaS application that is advertised as being HIPPA compliant? A. Regardless of how you configure the application for your enterprise, you will be HIPPA compliant. B. If your administrator configures the security settings on the application correctly, you will be HIPPA compliant. C. If your administrator and your users use the application correctly, you will be HIPPA compliant. D. If your administrator and your users use the application correctly, the application won't cause you to not be HIPPA compliant.

D

What parameter can a SOC team use that allows for the immediate containment or prevention of a security incident without further approvals? A. Automatic mitigation scenarios B. Automatic resolution scenarios C. Pre-approved breach scenarios D. Pre-approved mitigation scenarios

D

What tool or technology can a SOC team use to ingest aggregated alerts and execute an automated process-driven playbook? A. SIEM B. CERT C. CSIRT D. SOAR

D

Where is your data typically stored in a SaaS application? A. in your data center, in a database under your control B. in your data center, in a database controlled by the SaaS provider C. in the cloud, in a database you control D. in the cloud, in a database controlled by the SaaS provider

D

Which SecOp function is proactive? A. Identify B. Investigate C. Mitigate D. Improve

D

Which three processes are part of the AAA model? (Choose three.) A. authentication B. authorization C. acknowledgement D. accounting E. approval

ABD

What types of training content can a SOC manager teach to create consistency within an organization? (Choose three.) A. Company security and privacy training B. Continuous education training C. Incident response training D. Event triage training E. Tool-feature use training

ABE

What kind of configuration and operational questions would the SOC need to answer? (Choose three.) A. Are the technologies in place configured to best practice? B. How many analysts are resolving incidents per day? C. How often are there deviations to SOC procedures? D. How many events are analysts handling per hour? E. How many firewall and endpoint technologies are in place?

ACD

Which three options partially comprise the six elements of SecOps? (Choose three.) A. Visibility B. Disaster recovery C. Business D. Interfaces E. Regular audits F. Logging

ACD

Which two types of behavior could enable someone to eavesdrop on a WiFi network? (Choose two.) A. passive B. inactive C. yielding D. active E. agile

AD

What is the term for an unauthorized remote access program? A. logic bomb B. backdoor C. virus D. trojan horse

B

Which form does data need to be in for DLP to work? A. ASCII B. cleartext C. uncompressed D. encrypted

B

Which group is primarily motivated by money? A. hacktivists B. cybercriminals C. cyberterrorists D. state-affiliated groups

B

Which is a routed protocol? A. Open Shortest Path First (OSPF) B. Internet Protocol (IP) C. Border Gateway Protocol (BGP) D. Routing Information Protocol (RIP)

B

Which pillar requires maintaining an SME specialist? A. Interfaces B. Technology C. Business D. Processes E. People F. Visibility

B

Which requirement must be fulfilled for a client device to use a DHCP server, assuming there are no DHCP relay agents? A. be on the same collision domain B. be on the same broadcast domain C. have latency below 20msec D. have the same subnet mask

B

Which stage of the cyberattack lifecycle involves querying public databases and testing exploits in the attacker's internal network? A. Reconnaissance B. Weaponization and Delivery C. Exploitation D. Installation

B

DLP works in which layer of the ISO model? A. 7, application layer B. 5, session layer C. 4, transport layer D. 3, network layer

A

What is the difference between CVE and CVSS? A. CVE tells you what the vulnerabilities are. CVSS gives vulnerabilities a score (0-10) to evaluate how serious they are. B. CVE is on a scale of low, medium, high, critical. CVSS is on a scale of 0-100. C. CVSS tells you what the vulnerabilities are. CVE gives vulnerabilities a score (0-10) to evaluate how serious they are. D. CVE is on a scale of 0-100. CVSS is on a scale of 0-10.

A

When is it impossible to secure SaaS data? A. when a user uses an unmanaged device to access an unsanctioned SaaS instance B. when a user uses a managed device to access an unsanctioned SaaS instance C. when a user uses an unmanaged device to access a sanctioned SaaS instance D. when a user uses a managed device to access a sanctioned SaaS instance

A

Which element is responsible for building alert profiles that identify the alerts to be forwarded for investigation? A. Content Engineering B. Forensics and Telemetry C. Business Liaison D. Threat Intelligence

A

Which metric has skewed results that may cause analysts to "cherry-pick" incidents? A. Number of incidents handled B. Mean Time to Resolution (MTTR) C. Number of feeds into SIEM D. Number of firewalls/rules deployed

A

Which option is an example of a logical address? A. IP B. hardware C. MAC D. burned-in

A

What is the theoretical maximum number of devices in a class B? A. 2^24-2 = 16777214 B. 2^20-2 = 1048574 C. 2^16-2 = 65534 D. 2^8-2 = 254

C

When HTTP is used to send REST requests, it is a protocol of which layer? A. Application B. Presentation C. Session D. Transport

C

Which type of network firewall provides client address translation by default? A. packet filtering B. stateful packet inspection C. application D. next-generation

C

What is a network demilitarized zone (DMZ)? A. the safest part of the network, used for the security infrastructure B. the part of the network you don't secure, for example a network segment used for visitors to access the internet C. the database management zone D. the network zone where you put servers that serve the outside, to limit the exposure

D

Which cloud service model lets you install a firewall to protect your information? A. SaaS B. PaaS C. FaaS D. IaaS

D

Which cloud security compliance requirement uses granular policy definitions to govern access to SaaS applications and resources in the public cloud and to apply network segmentation? A. access governance B. compliance auditing C. configuration governance D. real-time discovery

A

Which network technology is used for WANs? A. Ethernet B. token-ring C. digital subscriber line (DSL) D. FDDI

C

Activity gathered by a SOC team electronically and in real-time from a given source is called? A. Telemetry B. Log C. Forensic (raw) D. Alert

A

An analysis tool raised an alert, but the security analyst who researched it discovered it wasn't a problem. Which type of finding is this? A. false positive B. true positive C. false negative D. true negative

A

Content-ID operates on which layer of the ISO model? A. 7, application layer B. 6, presentation layer C. 5, session layer D. 4, transport layer

A

In which of the four main core functions of security operations should a detailed analysis take place? A. Investigation B. Identification C. Mitigation D. Continuous Improvement

A

What are the two meanings of the CI/CD pipeline? (Choose two.) A. continuous integration/continuous delivery B. continuous implementation/continuous delivery C. continuous integration/continuous deployment D. continuous implementation/continuous deployment E. continuous innovation/continuous development

AC

Which two advantages does endpoint protection technology have over network traffic analysis? (Choose two.) A. ability to identify most common attacks by their symptoms B. Deployed and managed centrally C. easier to deploy endpoint protection when people work from home D. detects command and control channels E. can easily identify worms

AC

Which two operating systems can have mobile device management (MDM)? (Choose two) A. iOS B. MacOS C. Android D. Windows E. Linux

AC

Which three attributes are advantages of serverless computing, when compared with CaaS? (Choose three.) A. reduced costs B. increased control over the workload C. increased ability to monitor and identify problems D. increased agility E. reduced operational overhead

ADE

Which three options partially comprise the six elements of SecOps? (Choose three.) A. People B. Networking C. Data storage D. Technology E. Processes F. Classification

ADE

A Zero Trust network security model is based on which security principle? A. due diligence B. least privilege C. non-repudiation D. negative control

B

A zero-day exploit uses which type of vulnerability? A. one that hasn't been discovered yet, by anybody B. one that hasn't been disclosed to the vendor (or published) C. one that the vendor knows about, but hasn't released a patch for D. one that has a patch, but the patch hasn't been installed everywhere yet

B

Which element of the Processes pillar is part of the Identification function? A. Interface Agreements B. Process Improvement C. Initial Research D. Detailed Analysis

C

Two companies use Gmail for their email (SaaS). Which two components may be transparently shared between them? (Choose two.) A. address book B. application code C. messages D. message database E. user identities

BD

Of the endpoint checks, which one is bypassed for known programs? A. WildFire query B. behavioral threat protection C. local analysis D. firewall analysis

C

Which option is least likely to be the purpose of an advanced persistent threat? A. wire money to an offshore bank account B. steal classified information C. expand a botnet to send more spam D. be able to destroy an enemy's infrastructure in case of a war

C

Which option is not part of an endpoint protection solution? A. firewall B. antivirus C. man-in-the-middle decryption D. intrusion detection

C

Which step of the CI/CD pipeline is the ideal place for automated penetration testing? A. Coding B. Integration C. Testing D. Deployment

C

Which systems do you have to secure to ensure compliance with security standards? A. The servers in the data center B. The devices owned by the enterprise, whether they are servers in the data center, cloud VMs you manage, or user endpoint devices C. Any system where the data for which you are responsible goes D. Every device that is either owned by the enterprise, or used by enterprise employees

C

Which two malware types are self-replicating? (Choose two.) A. logic bomb B. backdoor C. virus D. trojan horse E. worm

CE

Which security issue can cause a long patched vulnerability to resurface? A. VM sprawl B. intra-VM communications C. hypervisor vulnerabilities D. dormant virtual machines

D

Who is responsible for the security settings in an enterprise SaaS application? (choose the best answer) A. SaaS provider B. IT administrator of the customer organization C. user, typically an employee of the customer organization D. Both IT administrators and users

D

Which pillar enables you to anticipate, prepare, and react to changes in security operations? A. Interfaces B. Technology C. Processes D. Business E. Visibility F. People

E

An attacker needs to succeed in executing only one step of the cyberattack lifecycle to infiltrate a network, whereas a defender must "be right every time" and break every step of the chain to prevent an attack. (True or False)

F

The key to breaking the cyberattack lifecycle during the Installation phase is to implement network segmentation, a Zero Trust model, and granular control of applications to limit or restrict an attacker's lateral movement within the network. (True or False)

T

The process in which end users find personal technology and apps that are more powerful or capable, more convenient, less expensive, quicker to install, and easier to use than enterprise IT solutions is known as consumerization. (True or False)

T

Which layer of the OSI model defines routing protocols and specifies how routers communicate with each other on a network? A. Network B. Application C. Data Link D. Transport

A

Which statement about private clouds is incorrect? A.You need to secure east-west traffic only in a private cloud. B. Compute clusters allow virtual machines to move freely while preserving compute, storage, networking, and security configurations. C. North-south traffic refers to data packets moving in and out of a virtualized environment. D. You can combine multiple physical hosts into one computer cluster.

A

Palo Alto Networks firewalls are built on which type of architecture? A. multi-pass B. ultimate-pass C. single-pass D. strict-pass

C

Which cloud solution is hosted in-house and usually is supported by a third party? A. distributed workforce B. cloud infrastructure C. on-premises D. infrastructure as a service

C

In which cloud service model are customers responsible for securing their virtual machines and the virtual machine operating systems, and for operating system runtime environments, application software, and application data? A. platform as a service (PaaS) B. identity as a service (IaaS) C. software as a service (SaaS) D. infrastructure as a service (IaaS)

D

Prisma Access consistently protects all traffic, on all ports and from all applications. (True or False)

T

Which cloud infrastructure comprises two or more cloud deployment models, bound by standardized or proprietary technology that enables data and application portability? A. private B. public C. community D. hybrid

D

Which option shows the three deployment mode options available for Panorama, which (if necessary) allows for the separation of management and log collection? A. Prisma, Panorama, IronSkillet B. Log Collector, Prisma, Panorama C. Management, Panorama, Prisma D. Panorama, Management only, Log Collector

D

The spread of unsolicited content to targeted endpoints is known as what? A. spamming B. pharming C. phishing D. exploiting

A

What is the SOC team's main goal? A. Detect, analyze, and respond to cybersecurity incidents using a combination of technology solutions and a set of processes to help mitigate the incidents B. Improve the security posture of the business, its products, and services by introducing security as a shared responsibility C. Reduce the time required to contain a breach D. Connect disparate security technologies through standardized and automatable workflows

A

What is the advantage of automated responses over manual responses? A. speed B. accuracy C. flexibility D. user friendliness

A

What is the collective term for software versions, OS settings, and configuration file settings? A. configuration items B. configurable values C. computer settings D. configuration

A

What is the most common business to consumer (B2C) VPN? A. SSL/TLS B. IPsec C. SSH D. PPP

A

What is the name of the "authentication" method that lets anybody with the password access a WiFi network? A. Pre-Shared Key (PSK) B. Password Authentication (PA) C. Extensible Authentication Protocol (EAP) D. service set identifier (SSID)

A

What is the term for traffic between a website and a remote user's browser? A. north-south B. east-west C. unknown D. cloud

A

What are the three components of SOAR that a SOC team can use to help secure the business? (Choose three.) A. Orchestration B. Innovation C. Automation D. Collaboration E. Response

ACE

Which three data fields are considered personally identifiable information (PII)? (select three) A. unique identification number (such as driver's license number) B. honorific (Mr., Mrs., Dr., etc.) C. telephone number D. blood pressure (when not connected to other fields) E. fingerprints

ACE

Which two options are endpoints? (Choose two.) A. laptop computer B. router/modem/access point combo for a home network C. physical database server D. smartphone used to check work email

AD

Ten containers running on five virtual machines are spread between two type 1 hypervisors. How many OS instances are you running? A. 2 B. 5 C. 7 D. 17

B

What does Zero Trust mean? A. Systems never trust the information they get from other systems B. Systems don't trust each other implicitly. C. Systems don't trust each other explicitly. D. Systems only trust each other within the same data center.

B

Which DNS record type do you use to find the IPv6 address of a host? A. A B. AAAA C. PTR D. MX

B

Which Palo Alto Networks product suite is used to secure remote access and cloud native technologies? A. Strata B. Prisma C. Cortex D. WildFire

B

Which Panorama object is used to manage the security policy? A. template B. device group C. virtual system D. Decryption Profile

B

Which business objective is considered the roadmap that guides the organization? A. Governance B. Mission C. Planning D. Budget

B

Which cloud use model allows you to use containers without having to manage the underlying hardware and virtualization layers, but still lets you access the underlying virtualization if needed? A. serverless B. containers as a service (CaaS) C. standard docker containers D. VM-integrated containers

B

Which three operating systems are supported by Cortex XDR? (Choose three.) A. z/OS B. Linux C. macOS D. Minix E. Android

BCE

A SOC manager is concerned that some alerts may be critical and the team will need help mitigating all of them. What should be done? A. Deploy more SIEMs to collect and process the data before having a SOC analyst interpret the data and take appropriate action B. Deploy additional endpoint security to protect servers, PCs, laptops, and tablets so that alerts that are missed can be caught before exfiltrating data from the end user C. Deploy SOAR technologies so he can accelerate incident response and automatically execute process-driven playbooks to mitigate critical alerts D. Deploy more firewalls to protect the network while SOC analysts are interpreting data and taking appropriate action

C

In a TCP packet sent over Ethernet, what is the order of data? A. Ethernet header, TCP header, and then TCP data B. IP header, TCP header, and then TCP data C. Ethernet header, IP header, TCP header, and then TCP data D. Ethernet header, IP header, IP data, TCP header, and then TCP data

C

In the cyberattack lifecycle, what does C2 mean? A. Configuration and Communication B. Configuration Control C. Command and Control D. Communication Control

C

Which component of a security operating platform can identify a trojan horse that does not use the network? A. network security B. cloud security C. Advanced Endpoint Protection D. SaaS logging service

C

Which element refers to technologies that enable organizations to collect inputs monitored by the Security Operations team? A. Case Management B. SIEM C. SOAR D. Knowledge Management

C

Which feature of the NGFW is required to implement RBAC? A. App-ID B. Content-ID C. User-ID D. Global Protect

C

Which group is likely to attack indiscriminately, whether you are a valuable target or not? A. hacktivists B. cybercriminals C. cyberterrorists D. state-affiliated groups

C

Which security consideration is associated with inadvertently missed anti-malware and security patch updates to virtual machines? A. hypervisor vulnerabilities B. VM sprawl C. dormant VMs D. intra-VM communications

C

Which stage of an attack is typically east-west traffic? A. reconnaissance B. weaponization C. lateral spread D. actions on the objective

C

Which type of attack would include an e-mail with your name that claims to be from your bank and tells you to click the link https://chase.bankofamerica.mysite.ru.? A. spamming B. phishing C. spear phishing D. whaling

C

What does SOAR stand for? A. security operations automation for reaction B. secure operations and research C. security operations, analysis, and research D. security orchestration, automation, and response

D

What is the purpose of NDP? A. IPv6 to IPv4 logical addresses B. IPv4 to IPv6 logical addresses C. IPv4 to MAC addresses D. IPv6 to MAC addresses

D

Which NGFW core subscription allows your firewall to identify zero-day malware? A. DNS Security B. URL Filtering C. Threat Prevention D. WildFire

D

Which NIST cloud service model does not require the customer organization to do any programming? A. IaaS B. PaaS C. FaaS D. SaaS

D

Which VPN technology has become the standard method of connecting remote endpoint devices back to the enterprise network? A. L2TP B. PPTP C. IPsec D. SSL

D

Prisma SaaS is used to protect sanctioned SaaS use, as part of an integrated security solution that includes next-generation firewalls to prevent unsanctioned SaaS use. Prisma SaaS communicates directly with the SaaS applications themselves and therefore does not need to be deployed inline and does not require any software agents, proxies, additional hardware, or network configuration changes. (True or False)

T

The internet is an example of a wide-area network (WAN). (True or False)

T

The key to Cortex XDR is blocking core exploit and malware techniques, not individual attacks. (True or False)

T

Which kind of server is a master server that is designed to listen to individual compromised endpoints and respond with appropriate attack commands? A. command and control B. bot C. web D. directory services

A

Which element of the People pillar focuses on retaining staff members? A. Training B. Career Path Progression C. Employee Utilization D. Tabletop Exercises

B

Which core component of Cortex combines security orchestration, incident management, and interactive investigation to serve security teams across the incident lifecycle? A. AutoFocus B. Cortex XDR C. Cortex XSOAR D. Cortex Data Lake

C

Which next-generation product replaces UTM appliances to reduce traffic inspection latency? A. hub B. switch C. firewall D. router

C

Which statement about hybrid clouds is incorrect? A. Hybrid clouds increase operational efficiencies. B. Hybrid clouds optimize existing hardware resources. C. Hybrid clouds increase data center costs. D. Hybrid clouds can handle "bursty" applications through autoscaling.

C

Which tactic, technique, or procedure (TTP) masks application traffic over port 443 (HTTPS)? A. using non-standard ports B. hopping ports C. hiding within SSL encryption D. tunneling

C

Which type of attack utilizes many endpoints as bots or attackers in a coordinated effort, and can be extremely effective in taking down a website or some other publicly accessible service? A. Bluetooth B. adware C. distributed denial-of-service D. man-in-the-middle

C

Which type of firewall operates up to Layer 4 (transport layer) of the OSI model and inspects individual packet headers to determine source and destination IP address, protocol (TCP, UDP, ICMP), and port number? A. proxy B. application C. packet filtering D. stateful inspection

C

What allows multiple, virtual operating systems to run concurrently on a single physical host computer? A. serverless computing B. micro-VMs C. virtual machines D. hypervisor

D

Which part of APTs indicate that attackers use advanced malware and exploits and typically also have the skills and resources necessary to develop additional cyberattack tools and techniques? A. Secure B. Persistent C. Threat D. Advanced

D

Which path or tool is used by attackers? A. storage-area networks (SAN) B. anti-malware update C. SaaS D. threat vector

D

Which record specifies authoritative information about a DNS zone such as primary name server, email address of the domain administrator, and domain serial number? A. Canonical Name (CNAME) B. Mail Exchanger (MX) C. Pointer (PTR) D. Start of Authority (SOA)

D

Which layer of the OSI model ensures that messages are delivered to the proper device across a physical network? A. Application B. Data Link C. Network D. Presentation

B

Which network device transmits an electronic signal so that wireless devices can connect to a network? A. router B. access point C. hub D. switch

B

Which next-generation firewall deployment option prevents successful cyberattacks from targeting mobile network services? A. PA-Series B. K2-Series C. CN-Series D. VM-Series

B

Which type of advanced malware has entire sections of code that serve no purpose other than to change the signature of the malware, thus producing an infinite number of signature hashes for even the smallest of malware programs? A. distributed B. polymorphic C. multi-functional D. obfuscated

B

Which type of endpoint protection wraps a protective virtual barrier around vulnerable processes while they are running? A. application-based B. container-based C. signature-based D. anomaly-based

B

Which type of hypervisor is hosted and runs within an operating system environment? A. Type 1 B. Type 2 C. Type 3 D. Type 4

B

Which cloud security best practice is deployed to ensure that every person who views or works with your data has access only to what is absolutely necessary? A. set appropriate privileges B. keep cloud software updated C. build security policies and best practices into cloud images D. review default settings

A

What is the primary purpose of the information exchanged by routing protocols? A. dynamic routing B. static routing C. billing for network access D. advertising MAC addresses

A

What management method can a SOC team utilize to collect information on security incidents and their statuses? A. Case management B. Knowledge management C. Asset management D. Threat management

A

Which type of firewall requires the least amount of RAM per connection? A. packet filtering B. stateful packet inspection C. application D. next-generation

A

Which type of malware protection can be bypassed by mutating malware? A. signature-based B. container-based C. application allow lists D. anomaly detection

A

What does the first phase of implementing security in virtualized data centers consist of? A. consolidating servers across trust levels B. consolidating servers within trust levels C. selectively virtualizing network security functions D. implementing a dynamic computing fabric

B

What kind of network is most likely to use point to point links? A. LAN B. WAN C. SD WAN (only) D. WAN (only if it is not SD WAN)

B

In which area of focus can a SOC team use the Cortex XSOAR War Room to conduct a joint investigation? A. Ticketing B. Workflow automation C. Collaborate D. Manage incidents

C

Intra-VM traffic is also known as which type of traffic? A. north-south B. unknown C. east-west D. untrusted

C

Which component may be shared with other cloud tenants even when using IaaS? A. application B. runtime C. virtual machine (guest) D. physical machine (host)

D

Which continuous process replaces manual checks with automated code testing and deployment? A. integration B. development C. delivery D. deployment

D

Which header does not appear in all packets of an HTTP file transfer over Ethernet? A. Ethernet B. IP C. TCP D. HTTP

D

Which team would have work tickets to reimage machines, request system patching, or reject assets joining the network? A. DevOps B. Operational Technology C. Help Desk D. IT Operations

C

A SOC team is divided into groups with different functions. Which three teams are responsible for the development, implementation, and maintenance of security policies? A. Endpoint Security, Network Security, and Cloud Security B. Enterprise Security, Endpoint Security, and Cloud Security C. HelpDesk Security, Operational Security, and Information Technology Security D. Telemetry Security, Forensics Security, and Threat Intelligence Security

A

When HTTP is used directly to server webpages, it is a protocol of which layer? A. Application B. Presentation C. Session D. Transport

A

Which DNS record type do you use to find the IPv4 address of a host? A. A B. AAAA C. PTR D. MX

A

Which NGFW core subscription would tell your firewall that an attempt to resolve adfewqrtgfhghyj.uykfhzvsdfgpoiyte.evil.com is probably an attack? A. DNS Security B. URL Filtering C. Threat Prevention D. WildFire

A

In which stage of the cyberattack lifecycle would you identify unusual communication between an internal database that should not access the internet and an external server? A. Exploitation B. Installation C. Command and Control D. Actions on the Objective

C

Sensors for a cultivated field must report the results once a day. These sensors are powered by batteries that need to last for years. Which form of connectivity do you use? A. Bluetooth B. Wi-Fi C. LoRaWAN D. Satellite C-Band

C

What could a SOC do if they wanted to reclassify the severity level of an attack? A. The team can reclassify the severity to 3 - Medium because the team is already working on mitigating the issue. B. Nothing. Severity 1 - Critical indicates a breach and is the highest severity level. C. The team can reclassify the attack as a Severity 0 to indicate an ongoing breach where the attacker is attempting to exfiltrate, encrypt, or corrupt data. D. The team can reclassify the severity to 5 - Informational, because the attack has already been identified.

C

What is the common protocol for accessing a directory? A. DAP B. LDAP C. SLAP D. SLDAP

B

What is the first step a SOC should consider when setting the budget? A. Establish a budget to meet the minimum requirements of the team B. Obtain an agreement regarding the mission of the Security Operations and the SOC C. Identify the technology, staff, facility, training, and additional needs D. Define the processes needed to change the allocated budget and for emergency budget relief

B

What security technology can a SOC team use to identify anomalous behavior indicative of attacks? A. endpoint security analytics B. behavioral analytics C. malware analytics D. honeypot analytics

B

Which element is a tool to assist organizations in aggregating, correlating, and analyzing threat data from multiple sources? A. Vulnerability Management Tools B. Threat Intelligence Platform C. Knowledge Management D. Case Management

B

Which device is M2M (machine to machine)? A. internet-connected TV B. home alarm that dials the police for response C. car GPS D. temperature sensor connected to a fire suppression system

D

Which element defines how the Security Operations team and surrounding teams will interact? A. Change Control B. Escalation Process C. Quality Review D. Interface Agreements

D

Which element is a collaborative toolset used to document, track, and notify the entire organization of security incidents? A. Asset Management B. Knowledge Management C. Vulnerability Management Tools D. Case Management

D

Which element provides investigative support if legal action is required? A. Governance, Risk and Compliance B. Enterprise Architecture C. Business Liaison D. Forensics and Telemetry

D

Which one of these applications can be used as a tunnel for other applications? A. Telnet B. SMTP C. HTTPS D. SSH

D

Which pillar defines the step-by-step instructions and functions that will be carried out? A. Technology B. People C. Interfaces D. Processes E. Business F. Visibility

D

Which pillar identifies the scope of responsibilities and separation of duties? A. Processes B. Technology C. Visibility D. Interfaces E. Business F. People

D

Signature-based anti-malware software is considered a proactive security countermeasure. (True or False)

F

Which IDS/IPS system uses a database of known vulnerabilities and attack profiles to identify intrusion attempts? A. knowledge-based B. behavior-based C. intuitive-based D. standards-based

A

Which element is a security technology that detects malicious activity by identifying anomalous behavior indicative of attacks? A. Behavioral Analysis B. Malware Sandboxing C. Endpoint Security D. Intrusion Prevention and Detection Systems

A

Which phrase best describes a DevOps software development model? A. develops all the code in one big software package for delivery to the Ops team, which then tests the code for deployment B. unites the development and operations teams throughout the entire software delivery process to speed up code deployment C. employs DevOps engineers to deliver new features and do bug fixes D. uses automation tools and is almost identical to the traditional software development model

B

Which value can be achieved by the ability to pool resources in cloud computing? A. resource aggregation B. economies of scale and agility C. application consolidation D. elasticity

B

What is the purpose of the shared responsibility model? A. helps your organization scale B. brings cost and operational benefits but also technology benefits C. defines who (customer and/or provider) is responsible for what, related to security, in the public cloud D. pools resources to achieve economies of scale

C

What type of malware can have multiple control servers distributed all over the world with multiple fallback options? A. logic bombs B. rootkits C. advanced or modern D. exploits

C

Which category of IoT enables real-time use cases, such as autonomous vehicles, with 4G LTE Advanced Pro delivering speeds in excess of 3Gbps and less than 2 milliseconds of latency? A. low-power WAN B. satellite C. cellular D. short-range wireless

C

Which DevOps CI/CD pipeline feature requires developers to integrate code into a repository several times per day for automated testing? A. continuous delivery B. continuous deployment C. continuous identity D. continuous integration

D

Which SASE security-as-a-service layer capability provides visibility into SaaS application use, understands where sensitive data resides, enforces company policies for user access, and protects data from hackers? A. secure web gateway (SWG) B. data loss prevention (DLP) C. firewall as a service (FWaaS) D. cloud access security broker (CASB)

D

Which cloud feature continuously monitors an app's behavior and the context of behavior to immediately identify and prevent malicious activity? A. software configuration management (SCM) B. cloud access security broker (CASB) C. integrated development environment (IDE) D. runtime application self protection (RASP)

D

Which predefined malware signature action notifies the user that malware has been detected? A. isolate B. quarantine C. delete D. alert

D

Which team identifies potential risks to the organization that have not yet been observed in the network? A. Forensics and Telemetry B. Threat Hunting C. Red and Purple D. Threat Intelligence

D

WPA2 includes a function that generates a 256-bit key based on a much shorter passphrase created by the administrator of the Wi-Fi network and the service set identifier (SSID) of the AP is used as a salt (random data) for the one-way hash function. (True or False)

T

Which two malware types require external communication channels? (Choose two.) A. ransomware B. spyware C. adware D. logic bomb

BC

What are the two advantages of SASE? (Choose two.) A. a single physical point of ingress into the organization B. a single logical point of ingress into the organization C. a single physical point of egress out of the organization D. a single logical point of egress from the organization

BD

Which two networks are subnets of 10.2.0.0/20? (Select two) A. 10.2.0.0/19 B. 10.2.5.0/24 C. 10.2.20.0/24 D. 10.2.14.0/28 E. 10.2.0.0/16

BD

Which NIST cloud deployment model would you recommend for a startup that does not have much money to pay for hosting or a data center and needs a 24x7 server? A. public B. private C. community D. hybrid

A

Which type of traffic can be secured by a physical appliance? A. north-south B. east-west C. unknown D. cloud

A

Who is responsible for the software of a sanctioned SaaS application? A. provider B. IT department C. line of business that uses it D. users

A

Which three areas of focus can Cortex XSOAR help the SOC team with combatting security challenges? (Choose three.) A. Workflow automation B. Isolation C. Ticketing D. Training E. Collaboration

ACE

Which environment allows you to install an appliance that sees all traffic? A. LAN when people work from home B. non-virtualized data center C. virtualized data center D. VPC network

B

Which feature of the NGFW distinguishes between downloading a legitimate program and downloading malware? A. App-ID B. Content-ID C. User-ID D. Global Protect

B

Which step is involved in getting malware to run on the inside of the targeted organization? A. Weaponization and Delivery B. Exploitation and Installation C. Command and Control D. Actions on the Objective

B

Which team is responsible for managing, monitoring, and responding to alerts that may impact the availability and performance of the IT infrastructure? A. Operational Technology B. IT Operations C. Network Security D. Vulnerability

B

Which tunneling protocol can you use to connect two Ethernet segments into one? A. PPP B. L2TP C. IPsec (without L2TP) D. SLIP

B

Which type of traffic can stay contained in a single physical server? A. north-south B. east-west C. unknown D. trusted traffic

B

You downloaded a confidential file to your phone to use in a business meeting. Now you see it is no longer there. Which MDM feature could be the reason? A. data loss prevention B. malware protection C. remote erase/wipe D. geofencing and location services

B

How many bytes are in an IPv6 address? A. 4 B. 8 C. 16 D. 32

C

What details should be included in a SOC manager's weekly report? A. Open incidents and other daily activity that have been accomplished B. Overall effectiveness of the SecOps functions, how long events are sitting in queue before being triaged, and if staffing in the SOC is appropriate C. Security trends to initiate threat-hunting activities, open and closed cases, and conclusions of tickets (malicious, benign, false-positive) D. All of the above

C

What does PKI mean? A. Password/Key Identification B. Passive Key Identification C. Public Key Infrastructure D. Private Key Infrastructure

C

Which team can a SOC turn to for assistance with operational changes to cloud technology? A. Help Desk Team B. DevOps Team C. Operational Technology Team D. Information Technology Operations Team

D

Which cloud native security platform function remediates vulnerabilities and misconfigurations consistently across the entire build-deploy-run lifecycle? A. automation B. integration C. visibility D. continuity

A

Which malware type is installed in the BIOS of a machine, which means operating system level tools cannot detect it? A. rootkit B. logic bomb C. ransomware D. spyware

A

Which type of cyberattack sends extremely high volumes of network traffic such as packets, data, or transactions that render the victim's network unavailable or unusable? A. distributed denial-of-service (DDoS) B. spamming botnet C. phishing botnet D. denial-of-service (DoS)

A

Which security technology is designed to help organizations embrace the concepts of cloud and mobility by providing network and network security services from a common cloud-delivered architecture? A. cloud native B. secure access service edge (SASE) C. platform as a service D. distributed cloud

B

What does the acronym CIDR represent? A. Classful Inter Dependant Routing B. Classless Inter-Domain Routing C. Classless Inter Dependant Routing D. Classful Inter Domain Routing

B

Who is responsible for the security settings of a sanctioned SaaS application? A. provider B. IT department C. line of business that uses it D. users

B

What is relevant information that a SOC team's detailed analysis investigation can gather? (Choose three.) A. How the alert should be triaged B. The potential impact of the security incident C. Where the attacker will exfiltrate data from next D. The adversary's objective E. Whether the incident is a true incident or a false positive

BDE

An international organization has over a hundred firewalls, spread over fifty locations. Which Panorama deployment mode would the organization install in multiple locations (beyond the need for disaster recovery)? A. Panorama B. management only C. log collector D. threat management

C

In which cloud computing service model does a provider secure the physical computers running the virtual environment? A. platform as a service (PaaS) B. software as a service (SaaS) C. infrastructure as a service (IaaS) D. public cloud

C

What is the relationship between SIEM and SOAR? A. SIEM products implement the SOAR business process. B. SIEM and SOAR are different names for the same product category. C. SIEM systems collect information to identify issues that SOAR products help mitigate. D. SOAR systems collect information to identify issues that SIEM products help mitigate.

C

Which Palo Alto Networks product suite is used to manage alerts, obtain additional information, and orchestrate responses? A. Strata B. Prisma C. Cortex D. WildFire

C

Which SOAR goal enables a SOC team to use playbook orchestration to extract more value through task automation and coordination? A. Accelerated response B. Standardize process C. Reduce risk D. Collaboration and learning

C

Which action is part of the compute security pillar? A. user and entity behavior analytics (UEBA) B. Microservice-aware micro-segmentation C. integration with the CI/CD workflow D. automated asset inventory

C

Which component or technology is used to view aggregated data about a network? A. Network Security B. Threat Intelligence C. Security Information & Event Management D. Endpoint Security

C

Which element provides control for detecting and protecting servers, PCs, laptops, phones, and tablets from attacks such as exploits and malware? A. Mobile Device Management B. Malware Sandboxing C. Endpoint Security D. Firewall

C

Which is not a top-three wish for Security Operations Engineers? A. Reduce the number of alerts flowing into the SOC B. Lessen the time required to take to contain a breach C. Use previous incidents to prevent future attacks D. Access tools to quickly investigate threats

C

Which method to identify ransomware that uses a zero-day exploit is available in endpoint protection, but not on the firewall? A. attack signatures B. behavior analysis C. observation of attack effects D. data decryption

C

Which process is part of configuration management? A. identity and access management B. auditing C. patch management D. scanning for vulnerabilities

C

GDPR compliance is required to do business in which area? A. United States of America B. Canada C. China D. European Union

D

In a full Zero Trust architecture, can two devices communicate except through a security checkpoint? A. Yes, but only if they are in the same trust zone. B. Yes, but only if the client's trust zone level is higher than the server's. C. No, unless they belong to the same application. D. No, all traffic needs to be secured.

D

The Logging Service stores data on the cloud in an instance that your organization does not control and thus provides protection from what? A. trojan horses B. viruses C. worms D. insider threat

D

Which type of malware protection requires in-depth knowledge of applications and how they communicate? A. signature-based B. container-based C. application allow lists D. anomaly detection

B

Which type of security measure does an intrusion detection system provide? A. preventive B. detective C. corrective D. auditive

B

Which type of traffic flows inside a data center? A. north-south B. east-west C. up-down D. egress traffic

B

What methods can the SOC team employ to mitigate employee burnout? (Choose three.) A. Create a plan to move all employees into management roles B. Create on-the-job training only, because it's more helpful than reading documentation C. Shift turnover stand-up meeting (beginning or end of shift) D. Schedule shifts to avoid high-traffic commute times E. Train at least two employees on the same tasks so there is no single point of failure

CDE


Related study sets

Economics Chapter 4 Practice Exam

View Set

Computer Security Final (shorter)

View Set