Download PALO PCCET Exam Questions and Answers (2025) and more Exams Cybercrime, Cybersecurity and Data Privacy in PDF only on Docsity!
PALO PCCET EXAM WITH (LATEST UPDATE)- 2025
WITH ACCURATE RESPONSE
True or False: Business intelligence (BI) software consists of tools and techniques used to surface large amounts of raw unstructured data to perform a variety of tasks, including data mining, event processing, and predictive analytics. – answer: True. True or False: The process in which end users find personal technology and apps that are more powerful or capable, more convenient, less expensive, quicker to install, and easier to use than enterprise IT solutions is known as consumerization. – answer: True. Which action is associated with Web 1.0? A. checking CNN's website for news B. posting on Facebook C. adding information to Wikipedia D. asking Apple's Siri a question – answer: A. checking CNN's website for news Which action is associated with Web 3.0? A. Checking CNN's website for news B. posting on Facebook C. adding information to Wikipedia D. asking Apple's Siri a question – answer: D. asking Apple's Siri a question Gmail is associated with which cloud computing model? A. SaaS B. PaaS C. IaaS D. DaaS – answer: A. SaaS
Which two port numbers are associated with HTTP? (Choose two.) A. 80 B. 389 C. 8080 D. 25 - answerA. 80 C. 8080 Which port number is associated with HTTPS? A. 21 B. 23 C. 443 D. 53 - answerC. 443 Which port is used for encrypted communication? A. 22 B. 80 C. 389 D. 25 - answerA. 22 Which protocol distinguishes between applications using port numbers? A. TCP B. ICMP C. ESP D. UDP - answer
. If you are responsible for the application's security but not the operating system's security, which cloud computing service model are you using? A. your own data center B. IaaS C. PaaS D. SaaS - answerC. PaaS Which kind of security always is the responsibility of the cloud customer? A. physical B. network C. application D. data - answerD. data Where is your data typically stored in a SaaS application? A. in your data center, in a database under your control B. in your data center, in a database controlled by the SaaS provider C. in the cloud, in a database you control D. in the cloud, in a database controlled by the SaaS provider - answerD. in the cloud, in a database controlled by the SaaS provider Who is responsible for the security settings in an enterprise SaaS application? A. SaaS provider B. IT administrator of the customer organization C. user, typically an employee of the customer organization D. both IT administrators and users - answerD. both IT administrators and users
When is it impossible to secure SaaS data? A. when a user uses an unmanaged device to access an unsanctioned SaaS instance B. when a user uses a managed device to access an unsanctioned SaaS instance C. when a user uses an unmanaged device to access a sanctioned SaaS instance D. when a user uses a managed device to access a sanctioned SaaS instance - answerA. when a user uses an unmanaged device to access an unsanctioned SaaS instance True or False? An organization can be compliant with all applicable security and privacy regulations for its industry yet still not be secure. - answerTrue Which three data fields are considered personally identifiable information (PII)? Choose three.) A. unique identification number (such as driver's license number) B. honorific (Mr., Mrs., Dr., etc.) C. telephone number D. blood pressure (when not connected to other fields) E. fingerprints - answerA. unique identification number (such as driver's license number) C. telephone number E. fingerprints Which risk is eliminated in an organization that is 100% compliant? A. having confidential information become public B. having an advanced persistent threat change your information C. having the regulator punish you for being non-compliant D. having malicious insiders steal information - answerC. having the regulator punish you for being non-compliant What does CVE mean?
True or False? The cyberattack lifecycle is a seven-step process. - answerFalse True or False? A defender needs to break only a single step in the cyberattack lifecycle framework to prevent an attack from succeeding. - answerFalse True or False? The key to breaking the cyberattack lifecycle during the Installation phase is to implement network segmentation, a Zero Trust model, and granular control of applications to limit or restrict an attacker's lateral movement within the network. - answerTrue Which stage of the cyberattack lifecycle can be identified by port scans from external sources? A. Reconnaissance B. Weaponization and Delivery C. Exploitation D. Installation - answerA. Reconnaissance Which stage of the cyberattack lifecycle involves querying public databases and testing exploits in the attacker's internal network? A. Reconnaissance B. Weaponization and Delivery C. Exploitation D. Installation - answerB. Weaponization and Delivery Which step is involved in getting malware to run on the inside of the targeted organization? A. Weaponization and Delivery B. Exploitation and Installation C. Command and Control D. Actions on the Objective - answerB. Exploitation and Installation
In which stage of the cyberattack lifecycle would you identify unusual communication between an internal database that should not access the internet and an external server? A. Exploitation B. Installation C. Command and Control D. Actions on the Objective - answerC. Command and Control Which two malware types are self-replicating? (Choose two.) A. logic bomb B. back door C. virus D. trojan horse E. worm - answerC. virus E. worm Which two malware types are likely to be left behind by a disgruntled employee? (Choose two.) A. logic bomb B. back door C. virus D. trojan horse E. worm - answerA. logic bomb B. back door Which two malware types require external communication channels? (Choose two.) A. ransomware
B. between when a patch is published and when the patch is installed on your system C. between when a vulnerability is discovered and when the patch is installed on your system D. between when a vulnerability is discovered and when it is disclosed to the vendor - answerC. between when a vulnerability is discovered and when the patch is installed on your system Which type of attack includes an email advertisement for a dry cleaning service? A. spamming B. phishing C. spear phishing D. whaling - answerA. spamming Which type of attack includes an email with an attachment not-a-trojan.exe? A. spamming B. phishing C. spear phishing D. Whaling - answerB. phishing Which type of attack would include an email with your name that claims to be from your bank and tells you to click the link https://chase.bankofamerica.mysite.ru? A. spamming B. phishing C. spear phishing D. whaling - answerC. spear phishing Your CFO receives an email with her name that claims to be the company's bank and tells her to click the link https://chase.bankofamerica.mysite.ru. Which type of attack is this? A. spamming
B. phishing C. spear phishing D. whaling - answerD. whaling Which two techniques do "social engineers" use to distract their targets so they'll do whatever the attacker wants? (Choose two.) A. autopilot, requesting an action that the user does automatically without thinking B. phishing, sending email that asks for specific actions C. masquerading as a trojan horse D. infecting programs with a virus E. emotional distraction, such as yelling that the target would get fired - answerA. autopilot, requesting an action that the user does automatically without thinking E. emotional distraction, such as yelling that the target would get fired Who is the most likely target of social engineering? A. executive management, because it has the most permissions B. senior IT engineers, because the attacker hopes to get them to disable the security infrastructure C. junior people, because they are easier to stress and probably not as well trained D. the accounting department, because it can wire money directly to the attacker's account - answerC. junior people, because they are easier to stress and probably not as well trained In the cyberattack lifecycle, what does C2 mean? A. Configuration and Communication B. Configuration Control C. Command and Control D. Communication Control - answerC. Command and Control
detected D. use a low-and-slow approach to avoid triggering alarms - answerD. use a low-and-slow approach to avoid triggering alarms Which two types of behavior could enable someone to eavesdrop on a WiFi network? (Choose two.) A. passive B. inactive C. yielding D. active E. agile - answerA. passive D. active What is the name of the attack in which the attacker gets the victim to connect to an access point the attack controls? A. person in the middle B. man in the middle C. access point in the middle D. access point masquerading - answerB. man in the middle What is the name of the "authentication" method that lets anybody with the password access a WiFi network? A. Pre-Shared Key (PSK) B. Password Authentication (PA) C. Extensible Authentication Protocol (EAP) D. service set identifier (SSID) - answerA. Pre-Shared Key (PSK)
What is a network demilitarized zone (DMZ)? A. the safest part of the network, used for the security infrastructure B. the part of the network you don't secure, for example, a network segment used for visitors to access the internet C. the database management zone D. the network zone where you put servers that serve the outside, to limit the exposure - answerD. the network zone where you put servers that serve the outside, to limit the exposure Which type of traffic flows between the public internet and private DMZ? A. north-south B. east-west C. up-down D. egress traffic - answerA. north-south Which type of traffic flows inside a data center? A. north-south B. east-west C. up-down D. egress traffic - answerB. east-west What is the name of the device used to secure a network's perimeter? A. switch B. hub C. modem D. firewall - answerD. firewall A Zero Trust network security model is based on which security principle?
A. trojan horses B. viruses C. worms D. insider threat - answerD. insider threat Which Palo Alto Networks product suite is used to secure the data center? A. Strata B. Prisma C. Cortex D. WildFire - answerA. Strata Which Palo Alto Networks product suite is used to secure remote access and cloud native technologies? A. Strata B. Prisma C. Cortex D. WildFire - answerB. Prisma Which Palo Alto Networks product suite is used to manage alerts, obtain additional information,and orchestrate responses? A. Strata B. Prisma C. Cortex D. WildFire - answerC. Cortex Which device does not process addresses? A. hub
B. switch C. WiFi access point D. router - answerA. hub Which device processes logical addresses? A. hub B. switch C. WiFi Access point D. router - answerD. router On which device do you configure VLANs? A. wireless repeater B. hub C. switch D. router - answerC. switch Which option is an example of a static routing protocol? A. Open Shortest Path First (OSPF) B. Border Gateway Protocol (BGP) C. Routing Information Protocol (RIP) D. split horizon - answerB. Border Gateway Protocol (BGP) Which is a routed protocol? A. Open Shortest Path First (OSPF) B. Internet Protocol (IP) C. Border Gateway Protocol (BGP)
D. web server - answerA. hub Which requirement must be fulfilled for a client device to use a DHCP server, assuming there are no DHCP relay agents? A. be on the same collision domain B. be on the same broadcast domain C. have latency below 20msec D. have the same subnet mask - answerB. be on the same broadcast domain What kind of network is most likely to use point-to-point links? A. LAN B. WAN C. SD WAN (only) D. WAN (only if it is not SD WAN) - answerB. WAN Which DNS record type do you use to find the IPv4 address of a host? A. A B. AAAA C. PTR D. MX - answerA. A Which DNS record type do you use to find the IPv6 address of a host? A. A B. AAAA C. PTR D. MX - answerB. AAAA
A website is called www.amazing.co.uk. What does that mean? A. The website is hosted in the United Kingdom by a company called Amazing. B. The website can be hosted anywhere, but the company must be located in the United Kingdom. C. The website can be hosted anywhere, and the company decided to appear British. D. The company decided to appear British, and the website is hosted in the United Kingdom. - answerC. The website can be hosted anywhere, and the company decided to appear British. Which device is M2M (machine to machine)? A. Internet-connected TV B. home alarm that dials the police for response C. car GPS D. temperature sensor connected to a fire suppression system - answerD. temperature sensor connected to a fire suppression system Sensors for a cultivated field must report the results once a day. These sensors are powered by batteries that need to last for years. Which form of connectivity do you use? A. Bluetooth B. Wi-Fi C. LoRaWAN D. Satellite C-Band - answerC. LoRaWAN Which two advantages make 2G a popular choice for cellular IoT devices? (Choose two.) A. low latency B. high latency C. low hardware cost D. low power consumption - answerC. low hardware cost
