Palo Alto Networks PCCET Palo Alto Networks Certified Cybersecurity Entry-level Technician Exam Practice Test

Page: 1 / 14
Total 158 questions
Question 1

What are two disadvantages of Static Rout ng? (Choose two.)



Answer : A, C

Static routing is a form of routing that occurs when a router uses a manually-configured routing entry, rather than information from dynamic routing traffic 1. Static routing has some advantages, such as simplicity, low overhead, and full control, but it also has some disadvantages, such as:

* Manual reconfiguration: Static routes require manual effort to configure and maintain. This can be time-consuming and error-prone, especially in large networks with many routes. If there is a change in the network topology or a link failure, the static routes need to be updated manually by the network administrator 23.

* Single point of failure: Static routing is not fault tolerant. This means that if the path used by the static route stops working, the traffic will not be rerouted automatically. The network will be unreachable until the failure is repaired or the static route is changed manually. Dynamic routing, on the other hand, can adapt to network changes and find alternative paths 23.


Question 2

What are the two most prominent characteristics of the malware type rootkit? (Choose two.)



Answer : B, C

A rootkit is a type of malware that enables cyber criminals to gain access to and infiltrate data from machines without being detected.It covers software toolboxes designed to infect computers, give the attacker remote control, and remain hidden for a long period of time1One of the most prominent characteristics of a rootkit is that it cannot be detected by antivirus because of its masking techniques.A rootkit may be able to subvert the software that is intended to find it, such as by hooking system calls, modifying kernel objects, or tampering with the registry2Another prominent characteristic of a rootkit is that it takes control of the operating system. A rootkit may install itself in the kernel or the firmware of the device, giving it the highest level of privilege and access. A rootkit may also replace the bootloader or the BIOS of the machine, making it difficult to remove.A rootkit can use its control over the operating system to launch other malware, such as ransomware, bots, keyloggers, or trojans34Reference:

1: What Is a Rootkit? How to Defend and Stop Them? | Fortinet

2: Rootkit - Wikipedia

3: What Is a Rootkit? -- Microsoft 365

4: What is Rootkit? Attack Definition & Examples - CrowdStrike


Question 3

Which of the following is a Routed Protocol?



Answer : C

A routed protocol is a protocol by which data can be routed. It provides appropriate addressing information in its internet layer or network layer to allow a packet to be forwarded from one network to another network. Examples of routed protocols are the Internet Protocol (IP) and Internetwork Packet Exchange (IPX). IP is the most widely used routed protocol on the Internet and other networks. It assigns a unique logical address to each device and enables data to be fragmented, reassembled, and routed across multiple networks.Reference:

Routing v/s Routed Protocols in Computer Network

Routing protocol - Wikipedia

CCNA Certification: Routed Protocols vs Routing Protocols

What is the difference between Routing Protocols and Routed Protocols


Question 4

Which security component can detect command-and-control traffic sent from multiple endpoints within a corporate data center?



Answer : C

A next-generation firewall (NGFW) is a security component that can detect command-and-control (C2) traffic sent from multiple endpoints within a corporate data center. A NGFW is a network device that combines traditional firewall capabilities with advanced features such as application awareness, intrusion prevention, threat intelligence, and cloud-based analysis. A NGFW can identify and block C2 traffic by inspecting the application layer protocols, signatures, and behaviors of the network traffic, as well as correlating the traffic with external sources of threat intelligence. A NGFW can also leverage inline cloud analysis to detect and prevent zero-day C2 threats in real-time. A NGFW can provide granular visibility and control over the network traffic, as well as generate alerts and reports on the C2 activity.Reference:

Palo Alto Networks Certified Cybersecurity Entry-level Technician (PCCET)

Command and Control, Tactic TA0011 - Enterprise | MITRE ATT&CK

Advanced Threat Prevention: Inline Cloud Analysis - Palo Alto Networks


Question 5

What is a key benefit of Cortex XDR?



Answer : A

Cortex XDR is a detection and response platform that natively integrates network, endpoint, and cloud data to stop sophisticated attacks. A key benefit of Cortex XDR is that it acts as a safety net during an attack while patches are developed. Cortex XDR uses machine learning and behavioral analytics to detect and validate threats, and automatically reveals the root cause of alerts to speed up investigations. Cortex XDR also enables flexible and rapid response actions to contain and remediate threats across the environment.Reference:Cortex XDR- Extended Detection and Response - Palo Alto Networks,What is Cortex XDR | Palo Alto Networks,Cortex XDR Datasheet - Palo Alto Networks


Question 6

With regard to cloud-native security in layers, what is the correct order of the four C's from the top (surface) layer to the bottom (base) layer?



Answer : B

Cloud-native security is the integration of security strategies into applications and systems designed to be deployed and to run in cloud environments. It involves a layered approach that considers security at every level of the cloud-native application architecture.The four C's of cloud-native security are123:

Code: This layer refers to the application code and its dependencies. Security at this layer involves ensuring the code is free of vulnerabilities, using secure coding practices, and implementing encryption, authentication, and authorization mechanisms.

Container: This layer refers to the lightweight, isolated units that encapsulate the application and its dependencies. Security at this layer involves scanning and verifying the container images, enforcing policies and rules for container deployment and runtime, and isolating and protecting the containers from unauthorized access.

Cluster: This layer refers to the group of nodes that host the containers and provide orchestration and management capabilities. Security at this layer involves securing the communication between the nodes and the containers, monitoring and auditing the cluster activity, and applying security patches and updates to the cluster components.

Cloud: This layer refers to the underlying infrastructure and services that support the cloud-native applications. Security at this layer involves configuring and hardening the cloud resources, implementing identity and access management, and complying with the cloud provider's security standards and best practices.

The correct order of the four C's from the top (surface) layer to the bottom (base) layer iscode, container, cluster, cloud, as each layer depends on the security of the next outermost layer.Reference:What Is Cloud-Native Security? - Palo Alto Networks,What is Cloud-Native Security? An Introduction | Splunk,The 4C's of Cloud Native Kubernetes security - Medium


Question 7

A doctor receives an email about her upcoming holiday in France. When she clicks the URL website link in the email, the connection is blocked by her office firewall because it's a known malware website. Which type of attack includes a link to a malware website in an email?



Answer : B

Phishing is a type of attack that involves sending fraudulent emails that appear to be from legitimate sources, such as banks, companies, or individuals, in order to trick recipients into clicking on malicious links, opening malicious attachments, or providing sensitive information12.The link to a malware website in the email is an example of a malicious link, which may lead to the installation of malware, ransomware, spyware, or other malicious software on the user's device, or the redirection to a fake website that mimics a legitimate one, where the user may be asked to enter their credentials, personal information, or financial details34.Phishing emails often use social engineering techniques, such as creating a sense of urgency, curiosity, or fear, to persuade the user to click on the link or attachment, or to reply to the email5.Phishing emails may also spoof the sender's address, domain, or logo, to make them look more authentic and trustworthy6.

Whaling, pharming, and spam are not the correct answers for this question.Whaling is a specific type of phishing that targets high-profile individuals, such as executives, celebrities, or politicians, with the aim of stealing their confidential information or influencing their decisions7. Pharming is a type of attack that involves redirecting the user's web browser to a fake website, even if they enter the correct URL, by modifying the DNS server or the user's hosts file. Spam is the unsolicited or unwanted electronic messages, such as emails, texts, or instant messages, that are sent in bulk to a large number of recipients, usually for advertising, marketing, or scamming purposes.Reference:

What is phishing? | Malwarebytes

Phishing - Wikipedia

Don't Panic! Here's What To Do If You Clicked On A Phishing Link

How can Malware spread through Email and How to Protect

What is phishing? How this cyber attack works and how to prevent it ...

Identifying Illegitimate Email Links | Division of Information Technology

What is whaling? | NortonLifeLock

[What is pharming? | NortonLifeLock]

[What is spam? | NortonLifeLock]


Page:    1 / 14   
Total 158 questions