PCCET : Palo Alto Networks Certified Cybersecurity Entry-level Technician : Part 02

PCCET : Palo Alto Networks Certified Cybersecurity Entry-level Technician : Part 02

1. Which Palo Alto Networks subscription service complements App-ID by enabling you to configure the next-generation firewall to identify and control access to websites and to protect your organization from websites hosting malware and phishing pages?

   • Threat Prevention
   • DNS Security
   • WildFire
   • URL Filtering

2. Which option would be an example of PII that you need to prevent from leaving your enterprise network?

   • Credit card number
   • Trade secret
   • National security information
   • A symmetric encryption key

3. Which network analysis tool can be used to record packet captures?

   • Smart IP Scanner
   • Wireshark
   • Angry IP Scanner
   • Netman

4. Systems that allow for accelerated incident response through the execution of standardized and automated playbooks that work upon inputs from security technology and other data flows are known as what?

   • XDR
   • STEP
   • SOAR
   • SIEM

5. Which Palo Alto Networks tool is used to prevent endpoint systems from running malware executables such as viruses, trojans, and rootkits?

   • Expedition
   • Cortex XDR
   • AutoFocus
   • App-ID

6. What does SIEM stand for?

   • Security Infosec and Event Management
   • Security Information and Event Management
   • Standard Installation and Event Media
   • Secure Infrastructure and Event Monitoring

7. DRAG DROP

   Match the IoT connectivity description with the technology.

   

   

8. Which option is an example of a North-South traffic flow?

   • Lateral movement within a cloud or data center
   • An internal three-tier application
   • Client-server interactions that cross the edge perimeter
   • Traffic between an internal server and internal user

9. Which aspect of a SaaS application requires compliance with local organizational security policies?

   • Types of physical storage media used
   • Data-at-rest encryption standards
   • Acceptable use of the SaaS application
   • Vulnerability scanning and management

10. Which option describes the “selective network security virtualization” phase of incrementally transforming data centers?

    • during the selective network security virtualization phase, all intra-host communication paths are strictly controlled
    • during the selective network security virtualization phase, all intra-host traffic is forwarded to a Web proxy server
    • during the selective network security virtualization phase, all intra-host traffic is encapsulated and encrypted using the IPSEC protocol
    • during the selective network security virtualization phase, all intra-host traffic is load balanced

11. Which TCP/IP sub-protocol operates at the Layer7 of the OSI model?

    • UDP
    • MAC
    • SNMP
    • NFS

12. Anthem server breaches disclosed Personally Identifiable Information (PII) from a number of its servers. The infiltration by hackers was attributed to which type of vulnerability?

    • an intranet-accessed contractor’s system that was compromised
    • exploitation of an unpatched security vulnerability
    • access by using a third-party vendor’s password
    • a phishing scheme that captured a database administrator’s password

13. Routing Information Protocol (RIP), uses what metric to determine how network traffic should flow?

    • Shortest Path
    • Hop Count
    • Split Horizon
    • Path Vector

14. Why is it important to protect East-West traffic within a private cloud?

    • All traffic contains threats, so enterprises must protect against threats across the entire network
    • East-West traffic contains more session-oriented traffic than other traffic
    • East-West traffic contains more threats than other traffic
    • East-West traffic uses IPv6 which is less secure than IPv4

15. Which IPsec feature allows device traffic to go directly to the Internet?

    • Split tunneling
    • Diffie-Hellman groups
    • d.Authentication Header (AH)
    • IKE Security Association

16. Which attacker profile uses the internet to recruit members to an ideology, to train them, and to spread fear and include panic?

    • cybercriminals
    • state-affiliated groups
    • hacktivists
    • cyberterrorists

17. What are two key characteristics of a Type 1 hypervisor? (Choose two.)

    • is hardened against cyber attacks
    • runs without any vulnerability issues
    • runs within an operating system
    • allows multiple, virtual (or guest) operating systems to run concurrently on a single physical host computer

18. The customer is responsible only for which type of security when using a SaaS application?

    • physical
    • platform
    • data
    • infrastructure

19. Which Palo Alto subscription service identifies unknown malware, zero-day exploits, and advanced persistent threats (APTs) through static and dynamic analysis in a scalable, virtual environment?

    • DNS Security
    • URL Filtering
    • WildFire
    • Threat Prevention

20. In which step of the cyber-attack lifecycle do hackers embed intruder code within seemingly innocuous files?

    • weaponization
    • reconnaissance
    • exploitation
    • delivery