良質なPCCETのPDF問題集でPCCET試験問題を試せます [Q63-Q87]

良質なPCCETのPDF問題集でPCCET試験問題を試せます

一番最新のPalo Alto Networks PCCET試験問題集PDF2023年更新

質問 # 63
Which Palo Alto Networks tool is used to prevent endpoint systems from running malware executables such as viruses, trojans, and rootkits?

A. AutoFocus
B. App-ID
C. Cortex XDR
D. Expedition

正解：C

質問 # 64
What are the two most prominent characteristics of the malware type rootkit? (Choose two.)

A. It steals personal information.
B. It cannot be detected by antivirus because of its masking techniques.
C. It encrypts user data.
D. It takes control of the operating system.

正解：B、D

質問 # 65
Which product from Palo Alto Networks extends the Security Operating Platform with the global threat intelligence and attack context needed to accelerate analysis, forensics, and hunting workflows?

A. AutoFocus
B. STIX
C. WildFire
D. Global Protect

正解：A

解説：
Explanation
page 173 "AutoFocus makes over a billion samples and sessions, including billions of artifacts, immediately actionable for security analysis and response efforts. AutoFocus extends the product portfolio with the global threat intelligence and attack context needed to accelerate analysis, forensics, and hunting workflows.
Together, the platform and AutoFocus move security teams away from legacy manual approaches that rely on aggregating a growing number of detectionbased alerts and post-event mitigation, to preventing sophisticated attacks and enabling proactive hunting activities."

質問 # 66
Which Palo Alto Networks product provides playbooks with 300+ multivendor integrations that help solve any security use case?

A. Cortex XDR
B. AutoFocus
C. Prisma Cloud
D. Cortex XSOAR

正解：D

質問 # 67
Which statement is true about advanced persistent threats?

A. They have the skills and resources to launch additional attacks.
B. They use script kiddies to carry out their attacks.
C. They lack the financial resources to fund their activities.
D. They typically attack only once.

正解：A

質問 # 68
Which type of Wi-Fi attack depends on the victim initiating the connection?

A. Parager
B. Jasager
C. Evil twin
D. Mirai

正解：C

解説：
Explanation
Perhaps the easiest way for an attacker to find a victim to exploit is to set up a wireless access point that serves as a bridge to a real network. An attacker can inevitably bait a few victims with "free Wi-Fi access." The main problem with this approach is that it requires a potential victim to stumble on the access point and connect.
The attacker can't easily target a specific victim, because the attack depends on the victim initiating the connection.
https://www.paloaltonetworks.com/blog/2013/11/wireless-man-middle/

質問 # 69
Which pillar of Prisma Cloud application security addresses ensuring that your cloud resources and SaaS applications are correctly configured?

A. dynamic computing
B. compute security
C. visibility, governance, and compliance
D. network protection

正解：C

解説：
Explanation
Ensuring that your cloud resources and SaaS applications are correctly configured and adhere to your organization's security standards from day one is essential to prevent successful attacks. Also, making sure that these applications, and the data they collect and store, are properly protected and compliant is critical to avoid costly fines, a tarnished image, and loss of customer trust. Meeting security standards and maintaining compliant environments at scale, and across SaaS applications, is the new expectation for security teams.

質問 # 70
In an IDS/IPS, which type of alarm occurs when legitimate traffic is improperly identified as malicious traffic?

A. False-positive
B. True-positive
C. True-negative
D. False-negative

正解：A

解説：
In anti-malware, a false positive incorrectly identifies a legitimate file or application as malware. A false negative incorrectly identifies malware as a legitimate file or application. In intrusion detection, a false positive incorrectly identifies legitimate traffic as a threat, and a false negative incorrectly identifies a threat as legitimate traffic.

質問 # 71
Which IPsec feature allows device traffic to go directly to the Internet?

A. Diffie-Hellman groups
B. Split tunneling
C. d.Authentication Header (AH)
D. IKE Security Association

正解：B

解説：
Explanation
"Or split tunneling can be configured to allow internet traffic from the device to go directly to the internet, while other specific types of traffic route through the IPsec tunnel, for acceptable protection with much less performance degradation."

質問 # 72
What is the primary security focus after consolidating data center hypervisor hosts within trust levels?

A. control and protect inter-host traffic by using IPv4 addressing
B. control and protect inter-host traffic by exporting all your traffic logs to a sysvol log server using the User Datagram Protocol (UDP)
C. control and protect inter-host traffic using routers configured to use the Border Gateway Protocol (BGP) dynamic routing protocol
D. control and protect inter-host traffic using physical network security appliances

正解：D

解説：
Explanation
page 211 "Consolidating servers within trust levels: Organizations often consolidate servers within the same trust level into a single virtual computing environment: ... ... ... This virtual systems capability enables a single physical device to be used to simultaneously meet the unique requirements of multiple VMs or groups of VMs. Control and protection of inter-host traffic with physical network security appliances that are properly positioned and configured is the primary security focus."

質問 # 73
Match the Identity and Access Management (IAM) security control with the appropriate definition.

正解：

解説：

質問 # 74
Which NGFW feature is used to provide continuous identification, categorization, and control of known and previously unknown SaaS applications?

A. User-ID
B. Content-ID
C. Device-ID
D. App-ID

正解：D

解説：
Explanation
App-ID™ technology leverages the power of the broad global community to provide continuous identification, categorization, and granular risk-based control of known and previously unknown SaaS applications, ensuring new applications are discovered automatically as they become popular.

質問 # 75
Under which category does an application that is approved by the IT department, such as Office 365, fall?

A. sanctioned
B. tolerated
C. unsanctioned
D. prohibited

正解：A

質問 # 76
Which type of IDS/IPS uses a baseline of normal network activity to identify unusual patterns or levels of network activity that may be indicative of an intrusion attempt?

A. Database-based
B. Behavior-based
C. Signature-based
D. Knowledge-based

正解：B

解説：
IDSs and IPSs also can be classified as knowledge-based (or signature-based) or behavior-based (or statistical anomaly-based) systems:
* A knowledge-based system uses a database of known vulnerabilities and attack profiles to identify intrusion attempts. These types of systems have lower false-alarm rates than behavior-based systems but must be continually updated with new attack signatures to be effective.
* A behavior-based system uses a baseline of normal network activity to identify unusual patterns or levels of network activity that may be indicative of an intrusion attempt.
These types of systems are more adaptive than knowledge-based systems and therefore may be more effective in detecting previously unknown vulnerabilities and attacks, but they have a much higher false-positive rate than knowledge-based systems

質問 # 77
A user is given access to a service that gives them access to cloud-hosted physical and virtual servers, storage, and networking.
Which NIST cloud service model is this?

A. IaaS
B. CaaS
C. SaaS
D. PaaS

正解：A

質問 # 78
In SecOps, what are two of the components included in the identify stage? (Choose two.)

A. Breach Response
B. Content Engineering
C. Change Control
D. Initial Research

正解：B、D

質問 # 79
Match the DNS record type to its function within DNS.

正解：

解説：

Explanation
The basic DNS record types are as follows:
A (IPv4) or AAAA (IPv6) (Address): Maps a domain or subdomain to an IP address or multiple IP addresses CNAME (Canonical Name): Maps a domain or subdomain to another hostname MX (Mail Exchanger): Specifies the hostname or hostnames of email servers for a domain PTR (Pointer): Points to a CNAME; commonly used for reverse DNS lookups that map an IP address to a host in a domain or subdomain SOA (Start of Authority): Specifies authoritative information about a DNS zone such as primary name server, email address of the domain administrator, and domain serial number NS (Name Server): The NS record specifies aan authoritative name server for a given host.
TXT (Text): Stores text-based information

質問 # 80
Which core component is used to implement a Zero Trust architecture?

A. VPN Concentrator
B. Segmentation Platform
C. Content Identification
D. Web Application Zone

正解：B

解説：
Explanation
"Remember that a trust zone is not intended to be a "pocket of trust" where systems (and therefore threats) within the zone can communicate freely and directly with each other. For a full Zero Trust implementation, the network would be configured to ensure that all communications traffic, including traffic between devices in the same zone, is intermediated by the corresponding Zero Trust Segmentation Platform."

質問 # 81
Which three services are part of Prisma SaaS? (Choose three.)

A. Data Loss Prevention
B. DevOps
C. Denial of Service
D. Threat Prevention
E. Data Exposure Control

正解：A、D、E

質問 # 82
In addition to integrating the network and endpoint components, what other component does Cortex integrate to speed up IoC investigations?

A. Infrastructure
B. Computer
C. Switch
D. Cloud

正解：A

質問 # 83
A native hypervisor runs:

A. with extreme demands on network throughput
B. within an operating system's environment
C. only on certain platforms
D. directly on the host computer's hardware

正解：D

質問 # 84
In a traditional data center what is one result of sequential traffic analysis?

A. simplifies security policy management
B. reduces network latency
C. causes security policies to be complex
D. improves security policy application ID enforcement

正解：C

解説：
Explanation
Multiple policies, no policy reconciliation tools: Sequential traffic analysis (stateful inspection, application control, intrusion prevention system (IPS), anti-malware, etc.) in traditional data center security solutions requires a corresponding security policy or profile, often using multiple management tools. The result is that your security policies become convoluted as you build and manage a firewall policy with source, destination, user, port, and action; an application control policy with similar rules; and any other threat prevention rules required. Multiple security policies that mix positive (firewall) and negative (application control, IPS, and anti-malware) control models can cause security holes by missing traffic and/or not identifying

質問 # 85
You have been invited to a public cloud design and architecture session to help deliver secure east west flows and secure Kubernetes workloads.
What deployment options do you have available? (Choose two.)