Palo Alto Networks Certified Cybersecurity Associate PCCET Questions & Answers

• Question 41:

  The customer is responsible only for which type of security when using a SaaS application?

  A. physical

  B. platform

  C. data

  D. infrastructure

  Correct Answer: C

• Question 42:

  Which method is used to exploit vulnerabilities, services, and applications?

  A. encryption

  B. port scanning

  C. DNS tunneling

  D. port evasion

  Correct Answer: D

  Attack communication traffic is usually hidden with various techniques and tools, including: Encryption with SSL, SSH (Secure Shell), or some other custom or proprietary encryption Circumvention via proxies, remote access tools, or tunneling. In some instances, use of cellular networks enables complete circumvention of the target network for attack C2 traffic. Port evasion using network anonymizers or port hopping to traverse over any available open ports Fast Flux (or Dynamic DNS) to proxy through multiple infected endpoints or multiple, ever-changing C2 servers to reroute traffic and make determination of the true destination or attack source difficult DNS tunneling is used for C2 communications and data infiltration

• Question 43:

  Which activities do local organization security policies cover for a SaaS application?

  A. how the data is backed up in one or more locations

  B. how the application can be used

  C. how the application processes the data

  D. how the application can transit the Internet

  Correct Answer: B

• Question 44:

  Which network analysis tool can be used to record packet captures?

  A. Smart IP Scanner

  B. Wireshark

  C. Angry IP Scanner

  D. Netman

  Correct Answer: B

• Question 45:

  Why have software developers widely embraced the use of containers?

  A. Containers require separate development and production environments to promote authentic code.

  B. Containers share application dependencies with other containers and with their host computer.

  C. Containers simplify the building and deploying of cloud native applications.

  D. Containers are host specific and are not portable across different virtual machine hosts.

  Correct Answer: C

• Question 46:

  Which characteristic of serverless computing enables developers to quickly deploy application code?

  A. Uploading cloud service autoscaling services to deploy more virtual machines to run their application code based on user demand

  B. Uploading the application code itself, without having to provision a full container image or any OS virtual machine components

  C. Using cloud service spot pricing to reduce the cost of using virtual machines to run their application code

  D. Using Container as a Service (CaaS) to deploy application containers to run their code.

  Correct Answer: B

  "In serverless apps, the developer uploads only the app package itself, without a full container image or any OS components. The platform dynamically packages it into an image, runs the image in a container, and (if needed) instantiates the underlying host OS and VM and the hardware required to run them."

• Question 47:

  Which option would be an example of PII that you need to prevent from leaving your enterprise network?

  A. Credit card number

  B. Trade secret

  C. National security information

  D. A symmetric encryption key

  Correct Answer: A

• Question 48:

  Which type of IDS/IPS uses a baseline of normal network activity to identify unusual patterns or levels of network activity that may be indicative of an intrusion attempt?

  A. Knowledge-based

  B. Signature-based

  C. Behavior-based

  D. Database-based

  Correct Answer: C

  IDSs and IPSs also can be classified as knowledge-based (or signature-based) or behavior-based (or statistical anomaly-based) systems: A knowledge-based system uses a database of known vulnerabilities and attack profiles to identify intrusion attempts. These types of systems have lower false-alarm rates than behavior-based systems but must be continually updated with new attack signatures to be effective. A behavior-based system uses a baseline of normal network activity to identify unusual patterns or levels of network activity that may be indicative of an intrusion attempt. These types of systems are more adaptive than knowledge-based systems and therefore may be more effective in detecting previously unknown vulnerabilities and attacks, but they have a much higher false-positive rate than knowledge- based systems

• Question 49:

  In which phase of the cyberattack lifecycle do attackers establish encrypted communication channels back to servers across the internet so that they can modify their attack objectives and methods?

  A. exploitation

  B. actions on the objective

  C. command and control

  D. installation

  Correct Answer: C

  Command and Control: Attackers establish encrypted communication channels back to command-and- control (C2) servers across the internet so that they can modify their attack objectives and methods as additional targets of opportunity are identified within the victim network, or to evade any new security countermeasures that the organization may attempt to deploy if attack artifacts are discovered.

• Question 50:

  Data Loss Prevention (DLP) and Cloud Access Security Broker (CASB) fall under which Prisma access service layer?

  A. Network

  B. Management

  C. Cloud

  D. Security

  Correct Answer: D

  A SASE solution converges networking and security services into one unified, cloud-delivered solution (see Figure 3-12) that includes the following:

  Networking

  Software-defined wide-area networks (SD-WANs)

  Virtual private networks (VPNs)

  Zero Trust network access (ZTNA)

  Quality of Service (QoS)

  Security

  Firewall as a service (FWaaS)

  Domain Name System (DNS) security

  Threat prevention

  Secure web gateway (SWG)

  Data loss prevention (DLP)

  Cloud access security broker (CASB)