PCCP Best Training Material and Practice Test Q&A from CertLibrary.com

Question 1

Which action is unique to the security orchestration, automation, and response (SOAR) platforms?

A. Prioritizing alerts
B. Enhancing data collection
C. Using predefined workflows
D. Correlating incident data

Answer : C

Question 2

Which two processes are critical to a security information and event management (SIEM) platform? (Choose two.)

A. Detection of threats using data analysis
B. Automation of security deployments
C. Ingestion of log data
D. Prevention of cybersecurity attacks

Answer : AC

Question 3

Which Palo Alto Networks solution has replaced legacy IPS solutions?

A. Advanced DNS Security
B. Advanced WildFire
C. Advanced Threat Prevention
D. Advanced URL Filtering

Answer : C

Question 4

Which type of system is a user entity behavior analysis (UEBA) tool?

A. Correlating
B. Active monitoring
C. Archiving
D. Sandboxing

Answer : B

Question 5

What is a function of SSL/TLS decryption?

A. It applies to unknown threat detection only.
B. It reveals malware within web-based traffic.
C. It protects users from social engineering.
D. It identifies IoT devices on the internet.

Answer : B

Question 6

Which feature is part of an intrusion prevention system (IPS)?

A. API-based coverage of apps
B. Automated security actions
C. Protection of data at rest
D. Real-time web filtering

Answer : B

Question 7

What are two capabilities of identity threat detection and response (ITDR)? (Choose two.)

A. Securing individual devices
B. Matching risks to signatures
C. Scanning for excessive logins
D. Analyzing access management logs

Answer : CD

Question 8

Which type of attack involves sending data packets disguised as queries to a remote server, which then sends the data back to the attacker?

A. DDoS
B. DNS tunneling
C. Command-and-control (C2)
D. Port evasion

Answer : B

Question 9

Which service is encompassed by serverless architecture?

A. Infrastructure as a Service (IaaS)
B. Function as a Service (FaaS)
C. Security as a Service (SaaS)
D. Authentication as a Service (AaaS)

Answer : B

Question 10

Which architecture model uses virtual machines (VMs) in a public cloud environment?

A. Kubernetes
B. Serverless
C. Docker
D. Host-based

Answer : D

Question 11

Which two statements apply to SaaS financial botnets? (Choose two.)

A. They are larger than spamming or DDoS botnets.
B. They are sold as kits that allow attackers to license the code.
C. They are a defense against spam attacks.
D. They are used by attackers to build their own botnets.

Answer : BD

Question 12

What is an event-driven snippet of code that runs on managed infrastructure?

A. API
B. Serverless function
C. Hypervisor
D. Docker container

Answer : B

Question 13

Which type of attack obscures its presence while attempting to spread to multiple hosts in a network?

A. Advanced malware
B. Smishing
C. Reconnaissance
D. Denial of service

Answer : A

Question 14

What is a dependency for the functionality of signature-based malware detection?

A. Frequent database updates
B. Support of a DLP device
C. API integration with a sandbox
D. Enabling quality of service

Answer : A

Question 15

When does a TLS handshake occur?

A. Before establishing a TCP connection
B. Only during DNS over HTTPS queries
C. After a TCP handshake has been established
D. Independently of HTTPS communications

Answer : C

Palo Alto Networks Cybersecurity Practitioner v1.0

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

Question 14

Question 15

Talk to us!