Download Cybersecurity Concepts and Techniques and more Exams Computer Science in PDF only on Docsity! Palo Alto PCCET questions with correct answers When is it impossible to secure SaaS data? When a user uses an unmanaged device to access an unsanctioned SaaS instance. When a user uses a managed device to access an unsanctioned SaaS instance. When a user uses an unmanaged device to access a sanctioned SaaS instance. When a user uses a managed device to access a sanctioned SaaS instance. Correct Answer-When a user uses an unmanaged device to access an unsanctioned SaaS instance. Which group is primarily motivated by money? hacktivists cybercriminals cyberterrorists state-affiliated groups Correct Answer-Cybercriminals Which two malware types are self-replicating? (Choose two.) logic bomb back door virus trojan horse worm Correct Answer-Virus Worm Which type of attack includes an email advertisement for a dry cleaning service? spamming phishing spear phishing whaling Correct Answer-Spamming Who is the most likely target of social engineering? Executive management, because it has the most permissions. Senior IT engineers, because the attacker hopes to get them to disable the security infrastructure. Junior people, because they are easier to stress and probably not as well trained. The accounting department, because it can wire money directly to the attacker's account. Correct Answer-Junior people, because they are easier to stress and probably not as well trained. Which two attacks typically use a botnet? (Choose two.) Ssocial engineering DoS DDoS Sending spam to a lengthy mailing list firewall Remote Browser Isolation (RBI) Intrusion Detection System (IDS) anti-spam DevOps automation Correct Answer-firewall Intrusion Detection System (IDS) anti-spam Which type of malware protection requires in-depth knowledge of applications and how they communicate? signature-based container-based application allow lists anomaly detection Correct Answer-Container-based Which Panorama object is used to manage the security policy? template device group virtual system Decryption Profile Correct Answer-Device group Which feature of the NGFW can distinguish between reading Facebook and commenting? App-ID Content-ID User-ID Global Protect Correct Answer-App-ID Question 17 of 70 What is the collective term for software versions, OS settings, and configuration file settings? configuration items configurable values computer settings the configuration Correct Answer-Configuration items Question 18 of 70 A provider's applications run on a cloud infrastructure. The consumer does not manage or control the underlying infrastructure. Which cloud computing service model is this? platform as a service (PaaS) infrastructure as a service (IaaS) software as a service (SaaS) public cloud Correct Answer-Platform as a service (PaaS) Which NIST cloud deployment model would you recommend for a startup that does not have much money to pay for hosting or a data center and needs a 24x7 server? public private community hybrid Correct Answer-Public Which component may be shared with other cloud tenants even when using IaaS? application runtime virtual machine (guest) physical machine (host) Correct Answer-Physical machine (host) Question 21 of 70 Which of the following security issues can cause a long patched vulnerability to resurface? VM sprawl intra-vm communications hypervisor vulnerabilities dormant virtual machines Correct Answer-Dormant virtual machines What are the two meanings of the CI/CD pipeline? (Choose two.) continuous integration/continuous delivery continuous implementation/continuous delivery Microservice-aware micro-segmentation integration with the CI/CD workflow automated asset inventory Correct Answer-Microservice-aware micro- segmentation Which SecOp function is proactive? Identify Investigate Mitigate Improve The correct answer was "Improve". Correct Answer-Improve Which environment allows you to install an appliance that sees all traffic? LAN when people work from home Non-virtualized data center virtualized data center VPC network Correct Answer-Non-virtualized data center Which two advantages does endpoint protection technology have over network traffic analysis? (Choose two.) Ability to identify most common attacks by their symptoms. Deployed and managed centrally. Easier to deploy endpoint protection when people work from home. Detects command and control channels. Can easily identify worms. Correct Answer-Ability to identify most common attacks by their symptoms. Easier to deploy endpoint protection when people work from home. What does Cortex XSOAR use to automate security processes? bash scripts Windows PowerShell playbooks Python scripts Correct Answer-Playbooks Which three options partially comprise the six elements of SecOps? (Choose three.) People Networking Data storage Technology Processes Correct Answer-People Technology Processes What is the relationship between SIEM and SOAR? SIEM products implement the SOAR business process. SIEM and SOAR are different names for the same product category. SIEM systems collect information to identify issues that SOAR products help mitigate. SOAR systems collect information to identify issues that SIEM products help mitigate. Correct Answer-SIEM systems collect information to identify issues that SOAR products help mitigate. Which three operating systems are supported by Cortex XDR? (Choose three.) z/OS Linux macOS Minix Android Correct Answer-Linux MacOS Android Of the endpoint checks, what is bypassed for known programs? WildFire query behavioral threat protection local analysis Firewall analysis Correct Answer-Local analysis Which three options partially comprise the six elements of SecOps? (Choose three.) Hacktivists Cyberterrorists Correct Answer-Cyberterrorists In which step of the cyber-attack lifecycle do hackers embed intruder code within seemingly innocuous files? delivery weaponization reconnaissance exploitation Correct Answer-Weaponization What is the key to "taking down" a botnet? install openvas software on endpoints use LDAP as a directory service prevent bots from communicating with the C2 block Docker engine software on endpoints Correct Answer-Prevent bots from communicating with the C2. Which type of Wi-Fi attack depends on the victim initiating the connection? Jasager Mirai Evil twin Parager Correct Answer-Evil twin Which option is an example of a North-South traffic flow? Traffic between an internal server and internal user Client-server interactions that cross the edge perimeter An internal three-tier application Lateral movement within a cloud or data center Correct Answer-Client-server interactions that cross the edge perimeter. In the attached network diagram, which device is the switch? A B C D Correct Answer-D Which key component is used to configure a static route? routing protocol next hop IP address enable setting router ID Correct Answer-Next hop IP address Routing Information Protocol (RIP), uses what metric to determine how network traffic should flow? Shortest Path Split Horizon Path Vector Hop Count Correct Answer-Hop Count Which networking device increases the number of collision domains? Router Switch Hub Wireless repeater Correct Answer-Switch Which type of LAN technology is being displayed in the diagram? Star Topology Bus Topology Spine Leaf Topology Mesh Topology Correct Answer-Mesh Topology Which TCP/IP sub-protocol operates at Layer4 of the OSI model? UDP SSH FTP HTTPS Correct Answer-UDP Users Terminal shell types on endpoints /etc/shadow files Services Correct Answer-Users Services Which Palo Alto Networks subscription service complements App-ID by enabling you to configure the next-generation firewall to identify and control access to websites and to protect your organization from websites hosting malware and phishing pages? DNS Security WildFire URL Filtering Threat Prevention Correct Answer-URL Filtering What does a directory service associate with users in order to control access to resources? Position descriptions Permissions Supervisor status Tenure within an organization Correct Answer-Permissions What User identification for network and services access is implemented by applying policies? Key Security Management Identity Tag Management Network Management Protocols Identity and Access Management Correct Answer-Identity and Access Management A native hypervisor runs: Within an operating system's environment Directly on the host computer's hardware Only on certain platforms With extreme demands on network throughput Correct Answer-Directly on the host computer's hardware What are two key characteristics of a Type 2 hypervisor? (Choose two.) Runs without any vulnerability issues Runs within an operating system Is hardened against cyber attacks Allows multiple, virtual (or guest) operating systems to run concurrently on a single physical host computer Correct Answer-Runs within an operating system Allows multiple, virtual (or guest) operating systems to run concurrently on a single physical host computer Why have software developers widely embraced the use of containers? Containers require separate development and production environments to promote authentic code. Containers simplify the building and deploying of cloud native applications. Containers share application dependencies with other containers and with their host computer. Containers are host specific and are not portable across different virtual machine hosts. Correct Answer-Containers simplify the building and deploying of cloud native applications. How does adopting a serverless model impact application development? Prevents developers from focusing on just the application code because you need to provision the underlying infrastructure to run the code. Slows down the deployment of application code, but it improves the quality of code development. Reduces the operational overhead necessary to deploy application code. Costs more to develop application code because it uses more compute resources. Correct Answer-Reduces the operational overhead necessary to deploy application code. Which characteristic of serverless computing enables developers to quickly deploy application code? Using Container as a Service (CaaS) to deploy application containers to run their code. Uploading cloud service autoscaling services to deploy more virtual machines to run their application code based on user demand. Using cloud service spot pricing to reduce the cost of using virtual machines to run their application code. Jasager Emotet SSLstrip Evil Twin Correct Answer-SSLstrip Which part of APTs indicate that attackers use advanced malware and exploits and typically also have the skills and resources necessary to develop additional cyberattack tools and techniques? Threat Persistent Secure Advanced Correct Answer-Advanced WPA2 includes a function that generates a 256-bit key based on a much shorter passphrase created by the administrator of the Wi-Fi network and the service set identifier (SSID) of the AP is used as a salt (random data) for the one-way hash function. True False Correct Answer-True True or false? Another term for a bot is a "zombie". True False Correct Answer-True The spread of unsolicited content to targeted endpoints is known as what? Pharming Phishing Exploiting Spamming Correct Answer-Phishing Which type of attack utilizes many endpoints as bots or attackers in a coordinated effort, and can be extremely effective in taking down a website or some other publicly accessible service? Adware Bluetooth Man-in-the-middle Distributed denial-of-service Correct Answer-Distributed denial-of-service What type of malware can have multiple control servers distributed all over the world with multiple fallback options? Logic bombs Rootkits Advanced or modern Exploits Correct Answer-Advanced or modern Which type of malware disables protection software? ransomware Trojan horse worm Anti-AV Correct Answer-Anti-AV Which three options describe the relationship and interaction between a customer and SaaS? (Choose three.) internet- or application-based convenient and economical subscription service extensive manpower required complex deployment Correct Answer-internet- or application-based convenient and economical subscription service Mobile devices are easy targets for attacks for which two reasons? (Choose two.) They have poor battery-charging capabilities. They roam in unsecured areas. They stay in an always-on, always-present state. They use speaker phones. Correct Answer-They roam in unsecured areas. They stay in an always-on, always-present state. Which path or tool is used by attackers? 251 252 253 254 Correct Answer-253 Which class of address begins with the decimal 130 in the first octet? Class A Class B Class C Class D Correct Answer-Class B Which layer of the OSI model ensures that messages are delivered to the proper device across a physical network? Presentation Network Application Data Link Correct Answer-Data Link Which type of firewall operates up to Layer 4 (transport layer) of the OSI model and inspects individual packet headers to determine source and destination IP address, protocol (TCP, UDP, ICMP), and port number? proxy application packet filtering stateful inspection Correct Answer-packet filtering Which type of system automatically blocks or drops suspicious, pattern-matching activity on the network in real time? Intrusion Prevention Data Loss Prevention Intrusion Detection Unified Threat Management Correct Answer-Intrusion Prevention Which VPN technology has become the standard method of connecting remote endpoint devices back to the enterprise network? SSL L2TP PPTP IPsec Correct Answer-SSL Which predefined malware signature action notifies the user that malware has been detected? Delete Quarantine Alert Isolate Correct Answer-Alert Which type of endpoint protection wraps a protective virtual barrier around vulnerable processes while they are running? Container-based Anomaly-based Application-based Signature-based Correct Answer-Container-based Which MDM capability requires passcodes, enables encryption, locks down security settings, and prevents jailbreaking or rooting? data loss prevention remote erase/wipe software distribution policy enforcement Correct Answer-policy enforcement Which next-generation firewall deployment option prevents successful cyberattacks from targeting mobile network services? VM-Series K2-Series CN-Series PA-Series Correct Answer-K2-Series n which model do applications rely on managed services that abstract away the need to manage, patch, and secure infrastructure and virtual machines? PaaS Serverless Containers SaaS Correct Answer-Serverless What are scaled-down, lightweight virtual machines that run on hypervisor software and contain only the Linux operating system kernel features necessary to run a container? Kubernetes Containers Micro-VMs Serverless Correct Answer-Micro-VMs Which item is not one of the four Cs of cloud native security? Code Containers Cache Clusters Correct Answer-Cache Which phrase best describes a DevOps software development model? Employs DevOps engineers to deliver new features and do bug fixes Unites the development and operations teams throughout the entire software delivery process to speed up code deployment. Develops all the code in one big software package for delivery to the Ops team, which then tests the code for deployment. Uses automation tools and is almost identical to the traditional software development model. Correct Answer-Unites the development and operations teams throughout the entire software delivery process to speed up code deployment. Introducing security checks early in the software development process is part of which development model? DevSecOps DevCyberOps DevOps DevSecTestOps Correct Answer-DevSecOps Organizations are using which resource to expand their on-premises private cloud compute capacity? Software defined data centers Virtual storage Public cloud Virtual networks Correct Answer-Public cloud Which statement about hybrid clouds is incorrect? Hybrid clouds optimize existing hardware resources. Hybrid clouds increase data center costs. Hybrid clouds can handle "bursty" applications through autoscaling. Hybrid clouds increase operational efficiencies. Correct Answer-Hybrid clouds increase data center costs. Which statement about private clouds is incorrect? North-south traffic refers to data packets moving in and out of a virtualized environment. You can combine multiple physical hosts into one computer cluster. You need to secure east-west traffic only in a private cloud. Compute clusters allow virtual machines to move freely while preserving compute, storage, networking, and security configurations. Correct Answer-You need to secure east-west traffic only in a private cloud. Which cloud feature continuously monitors an app's behavior and the context of behavior to immediately identify and prevent malicious activity? Integrated development environment (IDE) Cloud access security broker (CASB) Software configuration management (SCM) Runtime application self protection (RASP) Correct Answer-Runtime application self protection (RASP) Which one of the four Prisma Cloud pillars enforces machine learning-based runtime protection to protect applications and workloads in real time? Data visibility and classification Alert and remediation Malware detection Correct Answer-Malware detection Can you remind Erik what is the SOC team's main goal? Detect, analyze, and respond to cybersecurity incidents using a combination of technology solutions and a set of processes to help mitigate the incidents. Improve the security posture of the business, its products, and services by introducing security as a shared responsibility. Reduce the time required to contain a breach. Connect disparate security technologies through standardized and automatable workflows. Correct Answer-Detect, analyze, and respond to cybersecurity incidents using a combination of technology solutions and a set of processes to help mitigate the incidents. Erik has identified the alert and opened an incident in the ticketing system. What Security Operations function would Erik perform next? Perform a detail analysis of the alert. Investigate the root cause and impact of the incident. Stop the attack and close the ticket. Adjust and improve operations to stay current with changing and emerging threats. Correct Answer-Investigate the root cause and impact of the incident. Can you recommend what kind of configuration and operational questions they would need to answer? (Choose three.) Are the technologies in place configured to best practice? How many analysts are resolving incidents per day? How often are there deviations to SOC procedures? How many events are analysts handling per hour? How many firewall and endpoint technologies are in place? Correct Answer-Are the technologies in place configured to best practice? How often are there deviations to SOC procedures? How many events are analysts handling per hour? What details should Erik's weekly reports include? Open incidents and other daily activity that have been accomplished. Overall effectiveness of the SecOps functions, how long events are sitting in queue before being triaged, and if staffing in the SOC is appropriate. Security trends to initiate threat-hunting activities, open and closed cases, and conclusions of tickets (malicious, benign, false-positive.) All of the above Correct Answer-Security trends to initiate threat-hunting activities, open and closed cases, and conclusions of tickets (malicious, benign, false-positive.) What is the first step Erik should consider when setting the budget? Establish a budget to meet the minimum requirements of the team. Obtain an agreement regarding the mission of the Security Operations and the SOC. Identify the technology, staff, facility, training, and additional needs. Define the processes needed to change the allocated budget and for emergency budget relief. Correct Answer-Obtain an agreement regarding the mission of the Security Operations and the SOC. What methods can the SOC team employ to mitigate employee burnout? (Choose three.) Create a plan to move all employees into management roles. Create on-the-job training only, because it's more helpful than reading documentation. Shift turnover stand-up meeting (beginning or end of shift.) Schedule shifts to avoid high-traffic commute times. Train at least two employees on the same tasks so there is no single point of failure. Correct Answer-Shift turnover stand-up meeting (beginning or end of shift.) Schedule shifts to avoid high-traffic commute times. Train at least two employees on the same tasks so there is no single point of failure. What types of training content can Erik teach to create consistency within an organization? (Choose three.) Company security and privacy training. Continuous education training. Incident response training. Event triage training. Tool-feature use training. Correct Answer-Company security and privacy training. Continuous education training. Activity gathered by Erik and the SOC team electronically and in real-time from a given source is called? Telemetry Log Forensic (raw) Alert Correct Answer-Telemetry Erik's SOC team is divided into groups with different functions. Which three teams are responsible for the development, implementation, and maintenance of security policies? Endpoint Security, Network Security, and Cloud Security. Enterprise Security, Endpoint Security, and Cloud Security. HelpDesk Security, Operational Security, and Information Technology Security. Telemetry Security, Forensics Security, and Threat Intelligence Security Correct Answer-Endpoint Security, Network Security, and Cloud Security. What management method did the SOC team utilize to collect information on security incidents and their statuses? Case management Knowledge management Asset management Threat management Correct Answer- What tool or technology can Erik and the SOC team use to detect and prevent accidental or malicious release of proprietary or sensitive information? Vulnerability management URL Filtering SSL Decryption Data Loss Prevention (DLP) Correct Answer-Data Loss Prevention (DLP) What tool or technology can Erik and the SOC team use to provide visibility into HTTPS traffic to find IOCs or high-fidelity indicators? Application Monitoring SSL Decryption URL Filtering Data Loss Prevention Correct Answer-SSL Decryption Erik is concerned that some of these alerts may be critical and the team will need help mitigating all of them. What should Erik do? Deploy more SIEMs to collect and process the data before having a SOC analyst interpret the data and take appropriate action. Deploy additional endpoint security to protect servers, PCs, laptops, and tablets so that alerts that are missed can be caught before exfiltrating data from the end user. Deploy SOAR technologies so he can accelerate incident response and automatically execute process-driven playbooks to mitigate critical alerts. Deploy more firewalls to protect the network while SOC analysts are interpreting data and taking appropriate action. Correct Answer-Deploy SOAR technologies so he can accelerate incident response and automatically execute process-driven playbooks to mitigate critical alerts. What security technology can Erik and the SOC team use to identify anomalous behavior indicative of attacks? endpoint security analytics behavioral analytics malware analytics honey pot analytics Correct Answer-behavioral analytics What tool or technology can provide Erik and his SOC team control for the provisioning, maintenance, and operation of user identities? Identity and access management Mobile device management Network access controls Virtual private networks Correct Answer-Identity and access management What tool or technology can Erik and the SOC team use to ingest aggregated alerts and execute an automated process-driven playbook? SIEM CERT CSIRT SOAR Correct Answer-SOAR