Identify a weakness of a perimeter-based network security strategy to protect an organization's endpoint systems.
Answer : C
A perimeter-based network security strategy relies on firewalls, routers, and other devices to create a boundary between the internal network and the external network. This strategy assumes that every internal endpoint can be trusted, and that any threat comes from outside the network. However, this assumption is flawed, as internal endpoints can also be compromised by malware, phishing, insider attacks, or other methods. Once an attacker gains access to an internal endpoint, they can use it to move laterally within the network, bypassing the perimeter defenses. Therefore, a perimeter-based network security strategy is not sufficient to protect an organization's endpoint systems, and a more comprehensive approach, such as Zero Trust, is needed.Reference:
Palo Alto Networks Certified Cybersecurity Entry-level Technician (PCCET)
Traditional perimeter-based network defense is obsolete---transform to a Zero Trust model
What is Network Perimeter Security? Definition and Components | Acalvio
On an endpoint, which method is used to protect proprietary data stored on a laptop that has been stolen?
Answer : B
Full-disk encryption is a method of protecting data on a laptop that has been stolen by encrypting the entire hard drive, making it unreadable without the correct password or key. This prevents unauthorized access to the proprietary data stored on the laptop, even if the thief removes the hard drive and connects it to another device.Full-disk encryption can be enabled using built-in features such as BitLocker on Windows or FileVault on macOS, or using third-party software such as Absolute Home & Office12.Reference:How to Protect your Data if a Laptop is Lost or Stolen,What to do when your laptop is stolen,Palo Alto Networks Certified Cybersecurity Entry-level Technician
Why is it important to protect East-West traffic within a private cloud?
Answer : A
East-West traffic is the lateral movement of data packets between servers within a data center, or across private and public clouds1.This type of traffic has grown substantially with the proliferation of data centers and cloud adoption, and it now surpasses the conventional North-South traffic that goes in or out of the network2.Therefore, it is important to protect East-West traffic from potential malicious actors and breaches, as threats can arise internally and move laterally without ever touching the traditional network perimeter12.By inspecting and monitoring all East-West traffic, organizations can effectively block the lateral movement of threat actors, increase network visibility, protect vital applications and data, and lower costs and risks for distributed operations23.Reference:
East-West Traffic: Everything You Need to Know | Gigamon Blog
What is East-West Security? | VMware Glossary
How to Harness East-West Visibility for a Stronger Defensive Security ...
Which key component is used to configure a static route?
Answer : D
A static route is a manually configured route that specifies the destination network and the next hop IP address or interface to reach it. A static route does not depend on any routing protocol and remains in the routing table until it is removed or overridden. Static routes are useful for defining default routes, reaching stub networks, or providing backup routes in case of link failures. To configure a static route in a virtual router on a Palo Alto Networks firewall, you need to specify the name, destination, interface, and next hop IP address or virtual router of the route.Reference:Configure a Static Route in Virtual Routers,Palo Alto Networks Certified Cybersecurity Entry-level Technician (PCCET),FREE Cybersecurity Education Courses
Which type of Software as a Service (SaaS) application provides business benefits, is fast to deploy, requires minimal cost and is infinitely scalable?
Answer : C
Sanctioned SaaS applications are those that are approved and supported by the organization's IT department. They provide business benefits such as increased productivity, collaboration, and efficiency. They are fast to deploy because they do not require installation or maintenance on the user's device. They require minimal cost because they are usually paid on a subscription or usage basis, and they do not incur hardware or software expenses.They are infinitely scalable because they can adjust to the changing needs and demands of the organization without affecting performance or availability12.Reference:8 Types of SaaS Solutions You Must Know About in 2024,What is SaaS (Software as a Service)? | SaaS Types | CDW,Palo Alto Networks Certified Cybersecurity Entry-level Technician
Which network firewall operates up to Layer 4 (Transport layer) of the OSI model and maintains information about the communication sessions which have been established between hosts on trusted and untrusted networks?
Answer : C
Stateful packet inspection firewalls Second-generation stateful packet inspection (also known as dynamic packet filtering) firewalls have the following characteristics:
They operate up to Layer 4 (Transport layer) of the OSI model and maintain state information about the communication sessions that have been established between hosts on the trusted and untrusted networks.
They inspect individual packet headers to determine source and destination IP address, protocol (TCP, UDP, and ICMP), and port number (during session establishment only) to
determine whether the session should be allowed, blocked, or dropped based on configured
firewall rules.
After a permitted connection is established between two hosts, the firewall creates and
deletes firewall rules for individual connections as needed, thus effectively creating a tunnel that allows traffic to flow between the two hosts without further inspection of individual packets during the session.
This type of firewall is very fast, but it is port-based and it is highly dependent on the
trustworthiness of the two hosts because individual packets aren't inspected after the
connection is established.
In the attached network diagram, which device is the switch?

Answer : D
A switch is a network device that connects multiple devices on a local area network (LAN) and forwards data packets between them. A switch can be identified by its icon, which is a rectangle with four curved lines on each side. In the attached network diagram, device D is the switch, as it matches the icon and connects three computers to device A, which is another network device.Reference:
[What is a Network Switch and How Does it Work?]
[Network Diagram Symbols and Icons | Lucidchart]