What are three benefits of SD-WAN infrastructure? (Choose three.)
- A . Improving performance of SaaS applications by requiring all traffic to be back-hauled through the corporate headquarters network
- B . Promoting simplicity through the utilization of a centralized management structure
- C . Utilizing zero-touch provisioning for automated deployments
- D . Leveraging remote site routing technical support by relying on MPLS
- E . Improving performance by allowing efficient access to cloud-based resources without requiring back-haul traffic to a centralized location
B,C,E
Explanation:
Simplicity: Because each device is centrally managed, with routing based on application policies, WAN managers can create and update security rules in real time as network requirements change. Also, when SD-WAN is combined with zero-touch provisioning, a feature that helps automate the deployment and configuration processes, organizations can further reduce the complexity, resources, and operating expenses required to spin up new sites. Improved performance: By allowing efficient access to cloud-based resources without the need to backhaul traffic to centralized locations, organizations can provide a better user experience.
In SecOps, what are two of the components included in the identify stage? (Choose two.)
- A . Initial Research
- B . Change Control
- C . Content Engineering
- D . Breach Response
Data Loss Prevention (DLP) and Cloud Access Security Broker (CASB) fall under which
Prisma access service layer?
- A . Network
- B . Management
- C . Cloud
- D . Security
D
Explanation:
A SASE solution converges networking and security services into one unified, cloud-delivered solution (see Figure 3-12) that includes the following:
Networking
Software-defined wide-area networks (SD-WANs)
Virtual private networks (VPNs)
Zero Trust network access (ZTNA)
Quality of Service (QoS)
Security
Firewall as a service (FWaaS)
Domain Name System (DNS) security
Threat prevention
Secure web gateway (SWG)
Data loss prevention (DLP)
Cloud access security broker (CASB)
On an endpoint, which method is used to protect proprietary data stored on a laptop that has been stolen?
- A . operating system patches
- B . full-disk encryption
- C . periodic data backups
- D . endpoint-based firewall
Which technique uses file sharing or an instant messenger client such as Meebo running over Hypertext Transfer Protocol (HTTP)?
- A . Use of non-standard ports
- B . Hiding within SSL encryption
- C . Port hopping
- D . Tunneling within commonly used services
What is the purpose of SIEM?
- A . Securing cloud-based applications
- B . Automating the security team’s incident response
- C . Real-time monitoring and analysis of security events
- D . Filtering webpages employees are allowed to access
You have been invited to a public cloud design and architecture session to help deliver secure east west flows and secure Kubernetes workloads.
What deployment options do you have available? (Choose two.)
- A . PA-Series
- B . VM-Series
- C . Panorama
- D . CN-Series
What does SIEM stand for?
- A . Security Infosec and Event Management
- B . Security Information and Event Management
- C . Standard Installation and Event Media
- D . Secure Infrastructure and Event Monitoring
B
Explanation:
Originally designed as a tool to assist organizations with compliance and industry-specific regulations, security information and event management (SIEM) is a technology that has been around for almost two decades
On which security principle does virtualization have positive effects?
- A . integrity
- B . confidentiality
- C . availability
- D . non-repudiation
Which term describes data packets that move in and out of the virtualized environment from the host network or a corresponding traditional data center?
- A . North-South traffic
- B . Intrazone traffic
- C . East-West traffic
- D . Interzone traffic
SecOps consists of interfaces, visibility, technology, and which other three elements? (Choose three.)
- A . People
- B . Accessibility
- C . Processes
- D . Understanding
- E . Business
A,C,E
Explanation:
The six pillars include:
SecOps consists of interfaces, visibility, technology, and which other three elements? (Choose three.)
- A . People
- B . Accessibility
- C . Processes
- D . Understanding
- E . Business
A,C,E
Explanation:
The six pillars include:
SecOps consists of interfaces, visibility, technology, and which other three elements? (Choose three.)
- A . People
- B . Accessibility
- C . Processes
- D . Understanding
- E . Business
A,C,E
Explanation:
The six pillars include:
SecOps consists of interfaces, visibility, technology, and which other three elements? (Choose three.)
- A . People
- B . Accessibility
- C . Processes
- D . Understanding
- E . Business
A,C,E
Explanation:
The six pillars include:
SecOps consists of interfaces, visibility, technology, and which other three elements? (Choose three.)
- A . People
- B . Accessibility
- C . Processes
- D . Understanding
- E . Business
A,C,E
Explanation:
The six pillars include:
SecOps consists of interfaces, visibility, technology, and which other three elements? (Choose three.)
- A . People
- B . Accessibility
- C . Processes
- D . Understanding
- E . Business
A,C,E
Explanation:
The six pillars include:
SecOps consists of interfaces, visibility, technology, and which other three elements? (Choose three.)
- A . People
- B . Accessibility
- C . Processes
- D . Understanding
- E . Business
A,C,E
Explanation:
The six pillars include:
Which network firewall operates up to Layer 4 (Transport layer) of the OSI model and maintains information about the communication sessions which have been established between hosts on trusted and untrusted networks?
- A . Group policy
- B . Stateless
- C . Stateful
- D . Static packet-filter
C
Explanation:
Stateful packet inspection firewalls Second-generation stateful packet inspection (also known as dynamic packet filtering) firewalls have the following characteristics:
They operate up to Layer 4 (Transport layer) of the OSI model and maintain state information about the communication sessions that have been established between hosts on the trusted and untrusted networks.
They inspect individual packet headers to determine source and destination IP address, protocol (TCP, UDP, and ICMP), and port number (during session establishment only) to determine whether the session should be allowed, blocked, or dropped based on configured firewall rules.
After a permitted connection is established between two hosts, the firewall creates and deletes firewall rules for individual connections as needed, thus effectively creating a tunnel that allows traffic to flow between the two hosts without further inspection of individual packets during the session.
This type of firewall is very fast, but it is port-based and it is highly dependent on the trustworthiness of the two hosts because individual packets aren’t inspected after the connection is established.
Web 2.0 applications provide which type of service?
- A . SaaS
- B . FWaaS
- C . IaaS
- D . PaaS
Which type of malware takes advantage of a vulnerability on an endpoint or server?
- A . technique
- B . patch
- C . vulnerability
- D . exploit
Which aspect of a SaaS application requires compliance with local organizational security policies?
- A . Types of physical storage media used
- B . Data-at-rest encryption standards
- C . Acceptable use of the SaaS application
- D . Vulnerability scanning and management
In which phase of the cyberattack lifecycle do attackers establish encrypted communication channels back to servers across the internet so that they can modify their attack objectives and methods?
- A . exploitation
- B . actions on the objective
- C . command and control
- D . installation
C
Explanation:
Command and Control: Attackers establish encrypted communication channels back to command-and-control (C2) servers across the internet so that they can modify their attack objectives and methods as additional targets of opportunity are identified within the victim network, or to evade any new security countermeasures that the organization may attempt to deploy if attack artifacts are discovered.
Which Palo Alto subscription service identifies unknown malware, zero-day exploits, and advanced persistent threats (APTs) through static and dynamic analysis in a scalable, virtual environment?
- A . DNS Security
- B . URL Filtering
- C . WildFire
- D . Threat Prevention
C
Explanation:
"The WildFire cloud-based malware analysis environment is a cyber threat prevention service that identifies unknown malware, zero-day exploits, and advanced persistent threats (APTs) through static and dynamic analysis in a scalable, virtual environment. WildFire automatically disseminates updated protections in near-real time to immediately prevent threats from spreading; this occurs without manual intervention"
Which network analysis tool can be used to record packet captures?
- A . Smart IP Scanner
- B . Wireshark
- C . Angry IP Scanner
- D . Netman
Which network firewall primarily filters traffic based on source and destination IP address?
- A . Proxy
- B . Stateful
- C . Stateless
- D . Application
What should a security operations engineer do if they are presented with an encoded string during an incident investigation?
- A . Save it to a new file and run it in a sandbox.
- B . Run it against VirusTotal.
- C . Append it to the investigation notes but do not alter it.
- D . Decode the string and continue the investigation.
Systems that allow for accelerated incident response through the execution of standardized and automated playbooks that work upon inputs from security technology and other data flows are known as what?
- A . XDR
- B . STEP
- C . SOAR
- D . SIEM
DRAG DROP
Order the OSI model with Layer7 at the top and Layer1 at the bottom.
Which of the following is a Routed Protocol?
- A . Routing Information Protocol (RIP)
- B . Transmission Control Protocol (TCP)
- C . Internet Protocol (IP)
- D . Domain Name Service (DNS)
Which classification of IDS/IPS uses a database of known vulnerabilities and attack profiles to identify intrusion attempts?
- A . Statistical-based
- B . Knowledge-based
- C . Behavior-based
- D . Anomaly-based
B
Explanation:
A knowledge-based system uses a database of known vulnerabilities and attack profiles to identify intrusion attempts. These types of systems have lower false-alarm rates than behavior-based systems but must be continually updated with new attack signatures to be effective.
A behavior-based system uses a baseline of normal network activity to identify unusual patterns or levels of network activity that may be indicative of an intrusion attempt. These types of systems are more adaptive than knowledge-based systems and therefore may be more effective in detecting previously unknown vulnerabilities and attacks, but they have a much higher false-positive rate than knowledge-based systems.
Which NGFW feature is used to provide continuous identification, categorization, and control of known and previously unknown SaaS applications?
- A . User-ID
- B . Device-ID
- C . App-ID
- D . Content-ID
C
Explanation:
App-ID™ technology leverages the power of the broad global community to provide continuous identification, categorization, and granular risk-based control of known and previously unknown SaaS applications, ensuring new applications are discovered automatically as they become popular.
Which type of IDS/IPS uses a baseline of normal network activity to identify unusual patterns or levels of network activity that may be indicative of an intrusion attempt?
- A . Knowledge-based
- B . Signature-based
- C . Behavior-based
- D . Database-based
C
Explanation:
IDSs and IPSs also can be classified as knowledge-based (or signature-based) or behavior-based (or statistical anomaly-based) systems:
A knowledge-based system uses a database of known vulnerabilities and attack profiles to identify intrusion attempts. These types of systems have lower false-alarm rates than behavior-based systems but must be continually updated with new attack signatures to be effective.
A behavior-based system uses a baseline of normal network activity to identify unusual patterns or levels of network activity that may be indicative of an intrusion attempt. These types of systems are more adaptive than knowledge-based systems and therefore may be more effective in detecting previously unknown vulnerabilities and attacks, but they have a much higher false-positive rate than knowledge-based systems
Which of the following is an AWS serverless service?
- A . Beta
- B . Kappa
- C . Delta
- D . Lambda
D
Explanation:
Examples of serverless environments include Amazon Lambda and Azure Functions. Many PaaS offerings, such as Pivotal Cloud Foundry, also are effectively serverless even if they have not historically been marketed as such. Although serverless may appear to lack the container-specific, cloud native attribute, containers are extensively used in the underlying implementations, even if those implementations are not exposed to end users directly.
Which native Windows application can be used to inspect actions taken at a specific time?
- A . Event Viewer
- B . Timeline inspector
- C . Task Manager
- D . Task Scheduler
Which type of LAN technology is being displayed in the diagram?
- A . Star Topology
- B . Spine Leaf Topology
- C . Mesh Topology
- D . Bus Topology
Which activities do local organization security policies cover for a SaaS application?
- A . how the data is backed up in one or more locations
- B . how the application can be used
- C . how the application processes the data
- D . how the application can transit the Internet
Which two pieces of information are considered personally identifiable information (PII)? (Choose two.)
- A . Birthplace
- B . Login 10
- C . Profession
- D . Name
Which product from Palo Alto Networks extends the Security Operating Platform with the global threat intelligence and attack context needed to accelerate analysis, forensics, and hunting workflows?
- A . Global Protect
- B . WildFire
- C . AutoFocus
- D . STIX
C
Explanation:
page 173 "AutoFocus makes over a billion samples and sessions, including billions of artifacts, immediately actionable for security analysis and response efforts. AutoFocus extends the product portfolio with the global threat intelligence and attack context needed to accelerate analysis, forensics, and hunting workflows. Together, the platform and AutoFocus move security teams away from legacy manual approaches that rely on aggregating a growing number of detectionbased alerts and post-event mitigation, to preventing sophisticated attacks and enabling proactive hunting activities."
How does DevSecOps improve the Continuous Integration/Continuous Deployment (CI/CD) pipeline?
- A . DevSecOps improves pipeline security by assigning the security team as the lead team for continuous deployment
- B . DevSecOps ensures the pipeline has horizontal intersections for application code deployment
- C . DevSecOps unites the Security team with the Development and Operations teams to integrate security into the CI/CD pipeline
- D . DevSecOps does security checking after the application code has been processed through the CI/CD pipeline
C
Explanation:
DevSecOps takes the concept behind DevOps that developers and IT teams should work together closely, instead of separately, throughout software delivery and extends it to include security and integrate automated checks into the full CI/CD pipeline. The integration of the CI/CD pipeline takes care of the problem of security seeming like an outside force and instead allows developers to maintain their usual speed without compromising data security
In which situation would a dynamic routing protocol be the quickest way to configure routes on a router?
- A . the network is large
- B . the network is small
- C . the network has low bandwidth requirements
- D . the network needs backup routes
A
Explanation:
A static routing protocol requires that routes be created and updated manually on a router or other network device. If a static route is down, traffic can’t be automatically rerouted unless an alternate route has been configured. Also, if the route is congested, traffic can’t be automatically rerouted over the less congested alternate route. Static routing is practical only in very small networks or for very limited, special-case routing scenarios (for example, a destination that’s used as a backup route or is reachable only via a single router). However, static routing has low bandwidth requirements (routing information isn’t broadcast across the network) and some built-in security (users can route only to destinations that are specified in statically defined routes).
Which attacker profile uses the internet to recruit members to an ideology, to train them, and to spread fear and include panic?
- A . cybercriminals
- B . state-affiliated groups
- C . hacktivists
- D . cyberterrorists
On an endpoint, which method should you use to secure applications against exploits?
- A . endpoint-based firewall
- B . strong user passwords
- C . full-disk encryption
- D . software patches
D
Explanation:
New software vulnerabilities and exploits are discovered all the time and thus diligent software patch management is required by system and security administrators in every organization.
Which method is used to exploit vulnerabilities, services, and applications?
- A . encryption
- B . port scanning
- C . DNS tunneling
- D . port evasion
D
Explanation:
Attack communication traffic is usually hidden with various techniques and tools, including:
Encryption with SSL, SSH (Secure Shell), or some other custom or proprietary encryption
Circumvention via proxies, remote access tools, or tunneling. In some instances, use of cellular networks enables complete circumvention of the target network for attack C2 traffic.
Port evasion using network anonymizers or port hopping to traverse over any available open ports
Fast Flux (or Dynamic DNS) to proxy through multiple infected endpoints or multiple, ever-changing C2 servers to reroute traffic and make determination of the true destination or attack source difficult DNS tunneling is used for C2 communications and data infiltration
Which option is an example of a North-South traffic flow?
- A . Lateral movement within a cloud or data center
- B . An internal three-tier application
- C . Client-server interactions that cross the edge perimeter
- D . Traffic between an internal server and internal user
C
Explanation:
North-south refers to data packets that move in and out of the virtualized environment from the host network or a corresponding traditional data center. North-south traffic is secured by one or more physical form factor perimeter edge firewalls.
Routing Information Protocol (RIP), uses what metric to determine how network traffic
should flow?
- A . Shortest Path
- B . Hop Count
- C . Split Horizon
- D . Path Vector
B
Explanation:
Routing Information Protocol (RIP) is an example of a distance-vector routing protocol that uses hop count as its routing metric. To prevent routing loops, in which packets effectively get stuck bouncing between various router nodes, RIP implements a hop limit of 15, which limits the size of networks that RIP can support. After a data packet crosses 15 router nodes (hops) between a source and a destination, the destination is considered unreachable.
A user is provided access over the internet to an application running on a cloud infrastructure. The servers, databases, and code of that application are hosted and maintained by the vendor.
Which NIST cloud service model is this?
- A . IaaS
- B . SaaS
- C . PaaS
- D . CaaS
B
Explanation:
SaaS – User responsible for only the data, vendor responsible for rest
Which IoT connectivity technology is provided by satellites?
- A . 4G/LTE
- B . VLF
- C . L-band
- D . 2G/2.5G
C
Explanation:
2G/2.5G: 2G connectivity remains a prevalent and viable IoT connectivity option due to the low cost of 2G modules, relatively long battery life, and large installed base of 2G sensors and M2M applications.
3G: IoT devices with 3G modules use either Wideband Code Division Multiple Access (W-CDMA) or Evolved High Speed Packet Access (HSPA+ and Advanced HSPA+) to achieve data transfer rates of 384Kbps to 168Mbps.
4G/Long-Term Evolution (LTE): 4G/LTE networks enable real-time IoT use cases, such as autonomous vehicles, with 4G LTE Advanced Pro delivering speeds in excess of 3Gbps and less than 2 milliseconds of latency.
5G: 5G cellular technology provides significant enhancements compared to 4G/LTE networks and is backed by ultra-low latency, massive connectivity and scalability for IoT devices, more efficient use of the licensed spectrum, and network slicing for application traffic prioritization.
Which type of Software as a Service (SaaS) application provides business benefits, is fast to deploy, requires minimal cost and is infinitely scalable?
- A . Benign
- B . Tolerated
- C . Sanctioned
- D . Secure
Which characteristic of serverless computing enables developers to quickly deploy application code?
- A . Uploading cloud service autoscaling services to deploy more virtual machines to run their application code based on user demand
- B . Uploading the application code itself, without having to provision a full container image or any OS virtual machine components
- C . Using cloud service spot pricing to reduce the cost of using virtual machines to run their application code
- D . Using Container as a Service (CaaS) to deploy application containers to run their code.
B
Explanation:
"In serverless apps, the developer uploads only the app package itself, without a full container image or any OS components. The platform dynamically packages it into an image, runs the image in a container, and (if needed) instantiates the underlying host OS and VM and the hardware required to run them."
Which feature of the VM-Series firewalls allows them to fully integrate into the DevOps workflows and CI/CD pipelines without slowing the pace of business?
- A . Elastic scalability
- B . 5G
- C . External dynamic lists
- D . Log export
What is used to orchestrate, coordinate, and control clusters of containers?
- A . Kubernetes
- B . Prisma Saas
- C . Docker
- D . CN-Series
A
Explanation:
As containers grew in popularity and used diversified orchestrators such as Kubernetes (and its derivatives, such as OpenShift), Mesos, and Docker Swarm, it became increasingly important to deploy and operate containers at scale. https://www.dynatrace.com/news/blog/kubernetes-vs-docker/
Which model would a customer choose if they want full control over the operating system(s) running on their cloud computing platform?
- A . SaaS
- B . DaaS
- C . PaaS
- D . IaaS
Which of the following is a CI/CD platform?
- A . Github
- B . Jira
- C . Atom.io
- D . Jenkins
Which network device breaks networks into separate broadcast domains?
- A . Hub
- B . Layer 2 switch
- C . Router
- D . Wireless access point
C
Explanation:
A layer 2 switch will break up collision domains but not broadcast domains.
To break up broadcast domains you need a Layer 3 switch with vlan capabilities.
Which item accurately describes a security weakness that is caused by implementing a “ports first” data security solution in a traditional data center?
- A . You may have to use port numbers greater than 1024 for your business-critical applications.
- B . You may have to open up multiple ports and these ports could also be used to gain unauthorized entry into your datacenter.
- C . You may not be able to assign the correct port to your business-critical applications.
- D . You may not be able to open up enough ports for your business-critical applications which will increase the attack surface area.
What is the recommended method for collecting security logs from multiple endpoints?
- A . Leverage an EDR solution to request the logs from endpoints.
- B . Connect to the endpoints remotely and download the logs.
- C . Configure endpoints to forward logs to a SIEM.
- D . Build a script that pulls down the logs from all endpoints.