Threat Detection &
Endpoint Security
Endpoint Security
What type of attacks are blocked when Cortex XDR employs decoy files that look like sensitive files and monitors those files for any modifications.
ransomware and file-less threats
What type of attacks are blocked when Cortex XDR targets the limited set of techniques, or tools, any exploit-based attack must use to manipulate a software vulnerability.
exploits
At what stage of the cyber attack lifecycle would an attacker establish encrypted communication channels back to their own servers so they can modify objectives on the target system?
Command and Control
What is concidered an entry-level role in the cybersecurity field?
Incident & Intrusion Analyst
What element of the SOC infrastructure is responsible for the implementation and ongoing maintenance of the SecOps team’s tools, including the SIEM and analysis tools?
SOC Engineering Team
What operation must be run to have a candidate configuration take effect on a Palo Alto firewall?
Committing the configuration
What are the functions of zones on a Palo Alto firewall?
Allows you to group user traffic flows together
When implementing zero trust what protect surfaces must be identified before you can begin to map the transcation flows?
protect surfaces — APPC, which stands for:
Applications
Processes
People
Critical data
Which Cortex XDR component is a scalable, cloud-based log repository that stores context-rich logs generated by Palo Alto Networks security products, including next-generation firewalls, Prisma Access, and Cortex XDR agents?
Cortex Data Lake
Which type of SecOps gathers data that includes a broad range of activity in real-time from a given source, providing session and packet headers?
Telemetry
Which Cortex XDR component consists of various drivers and services, but it requires only minimal memory and CPU usage?
Cortex XDR endpoint agent
What is the maximum level of decoding the firewall can perform while using the file blocking functionality
4
This means the firewall can analyze up to four levels of nested or encoded files to identify and block threats.
What does Palo Alto offer to combat against zero-day threats and APTs in networks using a cloud-based malwar analysis environment that share threat data globally?
WildFire
What is a type of malware that uses free CPU cycles of a victim's computer without their knowledge and permissions to generate revenue for an attacker?
Cryptomining
What is a type of social engineering attack where an attacker could leave a malware-infected USB stick in the lobby of a hotel, hoping that an employee will plug it into one of their computers?
Baiting
What type of Malware can be dormant and then be activated by user intervention?
Trojan Horse
A Trojan Horse is a type of malware that disguises itself as legitimate software, allowing it to sneak onto a user's system.
What type of wireless attack would use a beacon (commonly a pineapple device) to respond to every probe from all clients who wish to connect to any wireless network?
Evil Twin
An Evil Twin attack uses a fake Wi-Fi access point (like a Wi-Fi Pineapple) to mimic a legitimate network, broadcasting the same SSID (network name). It then intercepts traffic from devices that connect to the fake access point, effectively acting as a "man-in-the-middle
The cloud computing service model in which a provider’s applications run on a cloud infrastructure and the consumer does not manage or control the underlying infrastructure is known as:
Software as a service (SaaS)
Which of the following is a cloud platform by Microsoft?
Azure
An attacker only needs to successfully execute one step of the Cyber Kill Chain® to infiltrate a network, whereas a defender must "be right every time" and break every step of the chain to prevent an attack.
True or False
False
Platform as a service (Platform as a Service (PaaS)) is best described as
An online space where customers can develop, run, and manage applications without the complexity of building and maintaining the infrastructure typically associated with developing and launching an app.
What is an easy way to make your WiFi security stronger and make it more difficult for hackers to discover your wireless network?
Change the Service Set Identifier (SSID)
The first phase of implementing security in virtualized data centers consists of:
consolidating servers within trust levels.
This involves grouping servers that operate with the same security clearance together, which simplifies management and increases control over potential security issues.
What is the first phase of implementing security in virtualized data centers?
Consolidating servers within trust levels
What is the LEAST secure WLAN standard?
Wired Equivalent Privacy (WEP)