Palo Alto Networks Cybersecurity-Practitioner Exam Questions Instant Access

Question 1

Why is it important to protect East-West traffic within a private cloud?

AAll traffic contains threats, so enterprises must protect against threats across the entire network

BEast-West traffic contains more session-oriented traffic than other traffic

CEast-West traffic contains more threats than other traffic

DEast-West traffic uses IPv6 which is less secure than IPv4

Answer : A

East-West traffic is the lateral movement of data packets between servers within a data center, or across private and public clouds1.This type of traffic has grown substantially with the proliferation of data centers and cloud adoption, and it now surpasses the conventional North-South traffic that goes in or out of the network2.Therefore, it is important to protect East-West traffic from potential malicious actors and breaches, as threats can arise internally and move laterally without ever touching the traditional network perimeter12.By inspecting and monitoring all East-West traffic, organizations can effectively block the lateral movement of threat actors, increase network visibility, protect vital applications and data, and lower costs and risks for distributed operations23.Reference:

East-West Traffic: Everything You Need to Know | Gigamon Blog

What is East-West Security? | VMware Glossary

How to Harness East-West Visibility for a Stronger Defensive Security ...

Question 2

Which of the following is an AWS serverless service?

ABeta

BKappa

CDelta

DLambda

Answer : D

Examples of serverless environments include Amazon Lambda and Azure Functions. Many PaaS offerings, such as Pivotal Cloud Foundry, also are effectively serverless even if they have not historically been marketed as such. Although serverless may appear to lack the container-specific, cloud native attribute, containers are extensively used in the underlying implementations, even if those implementations are not exposed to end users directly.

Question 3

Systems that allow for accelerated incident response through the execution of standardized and automated playbooks that work upon inputs from security technology and other data flows are known as what?

AXDR

BSTEP

CSOAR

DSIEM

Answer : C

SOAR stands forsecurity orchestration, automation and response. It is a software solution that enables security teams to integrate and coordinate separate tools into streamlined threat response workflows. SOAR systems allow for accelerated incident response through the execution of standardized and automated playbooks that work upon inputs from security technology and other data flows. SOAR systems can also help ensure consistency, reduce human errors, and improve efficiency and scalability of security operations.Reference:

Security Operations Infrastructurefrom Palo Alto Networks

What is SOAR (security orchestration, automation and response)?from IBM

Security Operations Fundamentals (SOF) Flashcardsfrom Quizlet

Question 4

If an endpoint does not know how to reach its destination, what path will it take to get there?

AThe endpoint will broadcast to all connected network devices.

BThe endpoint will not send the traffic until a path is clarified.

CThe endpoint will send data to the specified default gateway.

DThe endpoint will forward data to another endpoint to send instead.

Answer : C

If an endpoint does not know how to reach its destination, it will send data to the specified default gateway. A default gateway is a device that routes traffic from a local network to other networks or the internet. The endpoint will use the default gateway's IP address as the next hop for packets that are destined for unknown or remote networks. The default gateway will then forward the packets to the appropriate destination or another gateway, based on its routing table.Reference:

Fundamentals of Network Security, Module 2: Networking Concepts, Lesson 2: IP Addressing and Routing1

PCCET Study Guide, Section 2.2: Describe IP Addressing and Routing2

Question 5

In addition to local analysis, what can send unknown files to WildFire for discovery and deeper analysis to rapidly detect potentially unknown malware?

ACortex XDR

BAutoFocus

CMineMild

DCortex XSOAR

Answer : A

In addition to local analysis, Cortex XDR can send unknown files to WildFire for discovery and deeper analysis to rapidly detect.

Question 6

Which two statements are true about servers in a demilitarized zone (DMZ)? (Choose two.)

AThey can be accessed by traffic from the internet.

BThey are located in the internal network.

CThey can expose servers in the internal network to attacks.

DThey are isolated from the internal network.

Answer : A, D

A demilitarized zone (DMZ) is a portion of an enterprise network that sits behind a firewall but outside of or segmented from the internal network1.The DMZ typically hosts public services, such as web, mail, and domain servers, that can be accessed by traffic from the internet1.However, the DMZ is isolated from the internal network by another firewall or security gateway, which prevents unauthorized access to the private network2. Therefore, statements A and D are true about servers in a DMZ, while statements B and C are false.Reference:

What is a Demilitarized Zone (DMZ)? | F5

Demilitarized Zones (DMZs) - Secure Network Architecture - CompTIA ...

Question 7

Which three layers of the OSI model correspond to the Application Layer (L4) of the TCP/IP model?

ASession, Transport, Network

BApplication, Presentation, and Session

CPhysical, Data Link, Network

DData Link, Session, Transport

Answer : B

Application (Layer 4 or L4): This layer loosely corresponds to Layers 5 through 7 of the OSI model.

Transport (Layer 3 or L3): This layer corresponds to Layer 4 of the OSI model.

Internet (Layer 2 or L2): This layer corresponds to Layer 3 of the OSI model.

Network Access (Layer 1 or L1): This layer corresponds to Layers 1 and 2 of the OSI model

Palo Alto Networks Cybersecurity Practitioner Cybersecurity-Practitioner Exam Questions