Download Cybersecurity Q&A: Cyber-Attack Lifecycle, Network Security, and Defense Mechanisms and more Exams Computer Networks in PDF only on Docsity!
PCCSA Knowledge Questions | 100% Correct
Answers | Verified | Latest 202 5/
Version
In which cloud computing service model does a provider's applications run on a cloud infrastructure and the consumer does not manage or control the underlying infrastructure? (Choose one.) a) platform as a service (PaaS) b) infrastructure as a service (IaaS) c) software as a service (SaaS) d) public cloud - ✔✔[c] software as a service (SaaS) True or False. Business intelligence (BI) software consists of tools and techniques used to surface large amounts of raw unstructured data to perform a variety of tasks including data mining, event processing, and predictive analytics. - ✔✔True True or False. The process in which end users find personal technology and apps that are more powerful or capable, more convenient, less expensive, quicker to install, and easier to use than enterprise IT solutions is known as consumerization. - ✔✔True True or False. An organization can be compliant with all applicable security and privacy regulations for its industry, yet still not be secure. - ✔✔True Fill in the Blank. The U.S. law that establishes national standards to protect individuals' medical records and other health information is known as the
. - ✔✔Health Insurance Portability and Accountability Act (HIPAA) True or False. Most cyberattacks today are perpetrated by internal threat actors such as malicious employees engaging in corporate espionage. - ✔✔False True or False. The Cyber-Attack Lifecycle is a five-step process that an attacker goes through to attack a network. - ✔✔False
Multiple Answer. List and describe the steps of the Cyber-Attack Lifecycle. - ✔✔Reconnaissance, Weaponization, Delivery, Exploitation, Installation, Command and Control, Actions on the Objective True or False. An attacker needs to succeed in executing only one step of the Cyber-Attack Lifecycle to infiltrate a network, whereas a defender must "be right every time" and break every step of the chain to prevent an attack. - ✔✔False Multiple Choice. Which technique is not used to break the command-and- control (C&C) phase of the Cyber-Attack Lifecycle? (Choose one.) a) blocking outbound traffic to known malicious sites and IP addresses b) DNS sinkholing and DNS poisoning c) vulnerability and patch management d) all of the above - ✔✔[c] vulnerability and patch management True or False. The key to breaking the Cyber-Attack Lifecycle during the Installation phase is to implement network segmentation, a Zero Trust model, and granular control of applications to limit or restrict an attacker's lateral movement within the network. - ✔✔True True or False. Network firewalls cannot completely protect hosts from zero- day exploits. - ✔✔True Fill in the Blank. exploits target unknown vulnerabilities in operating system and application software on a host machine. - ✔✔Zero-day Multiple Choice. Which option describes malicious software or code that typically takes control of, collects information from, or damages an infected endpoint? (Choose one.) a) exploit b) malware c) vulnerability d) none of the above - ✔✔[b] malware
a) distance-vector b) path-vectorc) link-stated) point-to-point - ✔✔[a] distance-vector, [b] path-vector, and [c] link-state True or False. The internet is an example of a wide-area network (WAN). - ✔✔true Fill in the Blank. The is a distributed, hierarchical internet database that maps FQDNs to IP addresses. - ✔✔Domain Name System (DNS) Multiple Choice. Which option is an example of a logical address? (Choose one.) a) IP address b) hardware address c) MAC address d) burned-in address - ✔✔[a] IP address Fill in the Blank. An IPv4 address consists of four - bit octets - ✔✔ 8 Fill in the Blank. is a technique used to divide a large network into smaller, multiple subnetworks by segmenting an IPv4 address into a network and host portion. - ✔✔Subnetting The OSI model consists of how many layers? - ✔✔Seven Multiple Choice. Which two protocols function at the Transport layer of the OSI model? (Choose two). a) Transmission Control Protocol (TCP) b) Internet Protocol (IP) c) User Datagram Protocol (UDP) d) Hypertext Transfer Protocol (HTTP) - ✔✔[a] Transmission Control Protocol (TCP), [c] User Datagram Protocol (UDP) Fill in the Blank. The Data Link layer of the OSI model is further divided into these two sublayers: _ and _.
- ✔✔media access control (MAC), Logical Link Control (LLC)
Multiple Choice. Which four layers comprise the TCP/IP model? (Choose four.) a) Application b) Transport c) Physical d) Internet e) Network Access - ✔✔[a] Application, [b] Transport, [d] Internet, [e] Network Access Fill in the Blank. The process that wraps protocol information from the (OSI or TCP/IP) layer immediately above in the data section of the layer immediately below is known as. - ✔✔data encapsulation Short Answer. What is the primary issue with a perimeter-based network security strategy today? - ✔✔The primary issue with a perimeter-centric network security strategy is that it relies on the assumption that everything on the internal network can be trusted. Multiple Choice. A Zero Trust network security model is based on which security principle? (Choose one.) a) due diligence b) least privilege c) non-repudiation d) negative control - ✔✔[b] least privilege Short Answer. List some of the principles of cloud computing that are contrary to network security best practices. - ✔✔Cloud computing doesn't mitigate existing network security risks; security requires isolation and segmentation, whereas the cloud relies on shared resources; security deployments are process-oriented, whereas cloud computing environments are dynamic. Multiple Choice. Intra-VM traffic is also known as which type of traffic? (Choose one.) a) north-south b) unknown c) east-west
Multiple Choice. Which is NOT a characteristic of Unified Threat Management (UTM)? (Choose one.) a) It combines security functions such as firewalls, intrusion detection systems (IDS), anti-malware, and data loss prevention (DLP) in a single appliance. b) enabling all of the security functions in a UTM device can have a significant performance impact. c) It fully integrates all the security functions installed on the device. d) It can be a convenient solution for small networks. - ✔✔[c] It fully integrates all the security functions installed on the device. True or False. Signature-based anti-malware software is considered a proactive security countermeasure.
- ✔✔False. Fill in the Blank. endpoint protection wraps a protective virtual barrier around vulnerable processes while they're running. - ✔✔Container-based Short Answer. What is the main disadvantage of application whitelisting related to exploit prevention? - ✔✔The main disadvantage of application whitelisting related to exploit prevention is that an application that has been whitelisted is permitted to run - even if the application has a vulnerability that can be exploited. Multiple Choice. What are three typical mobile device management software capabilities? (Choose three.) a) data loss prevention (DLP) b) policy enforcement c) intrusion detection d) malware prevention - ✔✔[a] data loss prevention (DLP), [b] policy enforcement, [d] malware prevention Multiple Choice. Which three cloud computing service models are defined by NIST? (Choose three.) a) software as a service (SaaS) b) platform as a service (PaaS) c) desktop as a service (DaaS)
d) infrastructure as a service (IaaS) - ✔✔[a] software as a service (SaaS), [b] platform as a service (PaaS), [d] infrastructure as a service (IaaS) Fill in the Blank. A cloud infrastructure comprises two or more cloud deployment models, bound by standardized or proprietary technology that enables data and application portability. - ✔✔hybrid Fill in the Blank. The defines who (customer and/or provider) is responsible for what, related to security, in the public cloud. - ✔✔Shared Responsibility Model Fill in the Blank. A allows multiple, virtual operating systems to run concurrently on a single physical host computer. - ✔✔hypervisor Multiple Choice. Which three important security considerations are associated with virtualization? (Choose three.) a) dormant VMs b) hypervisor vulnerabilities c) hypervisor sprawl d) intra-VM communications - ✔✔[a] dormant VMs, [b] hypervisor vulnerabilities, [d] intra-VM communications Fill in the Blank. A storage area network (SAN)-based uses storage. - ✔✔block Fill in the Blank. is a network directory service developed by Microsoft for Windows networks. - ✔✔Active Directory Fill in the Blank. is a set of IT service management best practices. - ✔✔ITIL Fill in the Blank. is a purpose-built, fully integrated cybersecurity approach that helps organizations get control of their networks and protect critical assets. - ✔✔Security Operating Platform
Short Answer. Describe stream-based malware scanning and explain its benefits. - ✔✔Unlike file-based malware scanning that waits until an entire file is loaded into memory to begin scanning, stream-based malware scanning begins scanning as soon as the first packets of the file are received. Stream-based malware scanning reduces latency and improves performance by receiving, scanning, and sending traffic to its intended destination immediately, without having to first buffer and then scan the file. Short Answer. What is the advantage of using templates in Panorama? - ✔✔Templates eliminate manual, repetitive, risky, and error-prone configuration changes to multiple, individual firewalls deployed throughout the enterprise network. Multiple Choice. Panorama does not integrate with which option? (Choose one.) a) WildFire b) Splunk c) Palo Alto Networks NGFWs d) traditional port-based firewalls - ✔✔[d] traditional port-based firewalls True or False. The key to Traps is blocking core exploit and malware techniques, not the individual attacks. - ✔✔True Short Answer. Describe the basic function of Traps exploit prevention modules (EPMs). - ✔✔The Traps agent injects itself into each process as it is started. If the process attempts to execute any of the core attack techniques, the corresponding EPM kills the process and prevents the exploit. Multiple Answer. What are the three keys to safely enabling mobile devices in the enterprise? - ✔✔manage the device, protect the device, control the data Fill in the Blank. provides continuous monitoring of public clouds and helps organizations achieve a continuous state of compliance in their public cloud workloads. - ✔✔Evident Short Answer. What are some of the organizational security risks associated with unsanctioned SaaS application usage? - ✔✔regulatory non-compliance or compliance violations, loss of corporate intellectual property (IP) or other sensitive data, and malware distribution.
Short Answer. Explain why traditional perimeter-based firewalls are not effective for protecting data in SaaS environments. - ✔✔Traditional perimeter-based firewalls only have visibility of traffic that passes through the firewall. True or False. Aperture is deployed as a standalone inline service between the organization's traditional perimeter-based firewalls and requires a software agent to be installed on mobile devices. - ✔✔False True or False. Aperture protects data in hosted files and application entries. - ✔✔True Fill in the Blank. Magnifier leverages to analyze network, endpoint, and cloud data, which helps security analysts rapidly confirm threats by reviewing actionable alerts. - ✔✔machine learning Multiple Choice. Which three options are threat intelligence sources for AutoFocus? (Choose three.) a) WildFire b) URL filtering with PAN-DB service c) Unit 42 threat intelligence and research team d) third-party intrusion prevention systems - ✔✔[a] WildFire, [b] URL filtering with PAN-DB service, [c] Unit 42 threat intelligence and research team True or False. AutoFocus is an optional module that can be installed on NGFWs. - ✔✔False Fill in the Blank. is an open-source application, available directly on GitHub, that streamlines the aggregation, enforcement, and sharing of threat intelligence. - ✔✔MineMeld Multiple Choice. WildFire operates on which concept? (Choose one.) a) file-based scanning against a signature database b) IPS and SIEM tool correlation c) cloud-based reputation service d) virtualized sandbox - ✔✔[d] virtualized sandbox
