Term
Match the appropriate WildFire independent detection techniques for high-fidelity and evasion-resistant discovery that goes beyond legacy approaches:
POWERFUL FORM OF ANALYSIS, BASED IN THE CLOUD, THAT DETECTS KNOWN THREATS BY ANALYZING THE CHARACTERISTICS OF SAMPLES BEFORE EXECUTION:
Dynamic Analysis
Static Analysis
Bare-Metal Analysis |
|
Definition
|
|
Term
Match the appropriate WildFire independent detection techniques for high-fidelity and evasion-resistant discovery that goes beyond legacy approaches:
SANDBOXING DETONATES PREVIOUSLY UNKNOWN SUBMISSIONS IN A CUSTOM-BUILT, EVASION-RESISTANT VIRTUAL ENVIRONMENT TO DETERMINE REAL-WORLD EFFECTS AND BEHAVIOR:
Dynamic Analysis
Static Analysis
Bare-Metal Analysis |
|
Definition
|
|
Term
Match the appropriate WildFire independent detection techniques for high-fidelity and evasion-resistant discovery that goes beyond legacy approaches:
USES A HARDWARE-BASED ANALYSIS ENVIRONMENT SPECIFICALLY DESIGNED FOR ADVANCED THREATS THAT EXHIBIT HIGHLY EVASIVE CHARACTERISTICS AND CAN DETECT VIRTUAL ANALYSIS.
Dynamic Analysis
Static Analysis
Bare-Metal Analysis |
|
Definition
|
|
Term
Which acronym represents a set of routines, protocols, and tools for building software applications and integrations?
API
IoT
IoC
PCAP |
|
Definition
|
|
Term
Which application identification technique determines whether the initially detected application protocol is the "real one" or if it is being used as a tunnel to hide the actual application (for example, Tor might run inside HTTPS).
Heuristics
Application signatures
Application protocol detection and decyption
Application protocol decoding |
|
Definition
|
|
Term
Which security-as-a-service layer in Prisma Access SASE capability provides visibility into SaaS application usage, understands where their sensitive data resides, enforces company policies for user access, and protects their data from hackers.
Cloud Access Security Broker (CASB)
Data Loss Prevention (DLP)
Secure Web Gateway (SWG)
Threat Prevention |
|
Definition
|
|
Term
Which content-id filtering capability controls the transfer of sensitive data patterns such as credit card and social security numbers in application content and attachments?
file blocking by type
data filtering
file filtering by size
file transfer function control |
|
Definition
|
|
Term
select the scalable, cloud-based log repository that stores context-rich logs generated by palo alto networks security products, including next-generation firewall, prisma access, and cortex xdr agents.
cortex xdr endpoint agent.T
cortex xdr management console
wildfire malware prevention service
cortex data lake |
|
Definition
|
|
Term
which palo alto networks ngfw logs display entries for the security rules that help prevent sensitive information such as credit card numbers from leaving the area that the firewall protects?
data filtering logs
correlation logs
url filtering logs
threat logs |
|
Definition
|
|
Term
which palo alto networks ngfw report can be created and scheduled to show exactly the information you want to see by filtering on conditions and columns to include. You can also include query builders for more specific details in report data?
custom reports
predefined reports
pdf summary reports
botnet reports |
|
Definition
|
|
Term
what are the results of techniques used against a system that are designed to gain access through vulnerabilities in the code of an operating system or application?
malware
exploits
adware
ransomware |
|
Definition
|
|
Term
which pa series firewall brings next generation firewall capabilities to distributed enterprise branch offices, retail locations, and midsize businesses in a small form factor?
800
3200
220
220R |
|
Definition
|
|
Term
select the prisma cloud capability the decouples workload identity from ip addresses, leverages tags and metadata to assign a logical identity to applicaitons and workloads, and then uses it to enforce id based micro segmentation and security policies that adapt to your dynamic environments.
access management
machine identity
identity and access management (IAM) security
UEBA |
|
Definition
| identity and access management |
|
|
Term
which prima access sase capability can be used to block inappropriate content (such as pornography and gambling) or websites that businesses simply don't want users accessing while at work, such a streaming services like netflix?
secure web gateway (SWG)
zero trust network access (ZTNA)
virtual private network (VPN)
firewall as a service (FWaaS) |
|
Definition
|
|
Term
which security operating platform capability supports a coordinated security platform that accounts for the full scope of an attack, across the various security controls that compose the security posture. this allows organizations to quickly identify and block known threats.
prevent all known threats fast
detect and prevent new unknown threats with automation
reduce the attack surface
full visibility |
|
Definition
| detect and prevent new unknown threats with automation |
|
|
Term
which 3 options are threat intelligence sources for auto focus?
a. wildfire
b. url filtering with pan-db service
c. unit 42 threat intelligence and research team
d. third-party intrusion prevention systems |
|
Definition
|
|
Term
which traps capability enables organizations to identify non-malicious but otherwise undesirable software, such as adware and prevent it from running in their environment?
execution restrictions
behavior-based ransomeware protection
grayware classification
granular child process protection |
|
Definition
|
|
Term
which key method does traps not use to prevent malicious executables on the endpoint?
policy-based restrictions
wildfire inspection and analysis
access control inspection
malware techniques mitigation |
|
Definition
| wildfire inspection and analysis |
|
|
Term
to safely enable saas usage in your organization, start by clearly defining the saas applications that should be used and which behaviors within those applications are allowed. which category of applications are not allowed, then controlling their usage with granular policies?
tolerated
permitted
unsanctioned
sanctioned |
|
Definition
|
|
Term
select the type of cybersecurity solution or feature that discovers threats by identifying activity that deviates from a baseline.
dynamic user list (DUL)
software configuration management (SCM)
user and identity behavior analytics(UEBA)
integrated development environment (IDE) |
|
Definition
| integrated development environment |
|
|
Term
on the ngfw, which type of user-id technique can be configured to probe microsoft windows servers for active network sessions of a user?
client probing
server probing
connection probing
internet probing |
|
Definition
|
|
Term
which type of wildfire analysis method supports a custom built, evasion resistant virtual environment in which previously unknown submissions are executed within a virtualized test environment to determine real world effects and behavior?
static
machine
dynamic
bare metal |
|
Definition
|
|
Term
wildfire operates on which concept?
cloud based reputation service
virtualized sandbox
file-based scanning against a signature database
ips and siem tool correlation |
|
Definition
|
|
Term
which wildfire verdict indicates no security risk but might display obtrusive behavior (for ex adware, spyware, and browser helper objects)
grayware
malware
phishing
benign |
|
Definition
|
|
Term
a zero trust network security model is based on which security principle?
non repudiation
due diligence
least privilege
negative control |
|
Definition
|
|
Term
which of the following is not a benefit of implementing a zero trust network?
improved ability to securely enable transformative it initiates.
greater efficiency for achieving and maintaining compliance with security and privacy mandates.
clearly improved effectiveness in mitigating data loss with visibility and safe enablement of applications.
higher total cost of ownership (TCO) with a consolidated and fully integrated security operating platform. |
|
Definition
| higher total cost of ownership |
|
|
Term
which capability of a zero trust segmentation platform uses a combination of anti malware, intrusion prevention, and cyberthreat prevention technologies to provide comprehensive protection against both known and unknown threats, including threats on mobile devices?
least privilege access control
cyberthreat protection
inspection of all traffic
secure access |
|
Definition
| inspection of all traffic |
|
|
Term
an android package kit (APK) file is an app created for the android mobile operating system
true
false |
|
Definition
|
|
Term
autofocus is an optional module that can be added to next generation firewalls?
true
false |
|
Definition
|
|
Term
autofocus allows you to build sophisticated multilayer searches at the host and network based artifact levels, and target your search within industry, time period, and other filters. These searches allow you to make previously unknown connections between attacks and plan your incident response actions accordingly.
true
false |
|
Definition
|
|
Term
the term "cloud native" refers to an approach to building and running applications that takes full advantage of a cloud computing delivery model instead of an on premises data center.
true
false |
|
Definition
|
|
Term
content-id is an intrusion prevention feature that protects networks from all types of vulnerability exploits, buffer overflows, DoS attacks, and port scans that lead to the compromise of confidential and sensitive enterprise information.
true
false |
|
Definition
|
|
Term
before a file runs, the cortex xdr agent queries wildfire with the hash of any windows, macOS, or linux executable file, as well as any dynamic link library (DLL) or office macro, to assess its standing within the global threat community. Wildfire returns a near instantaneous verdict on whether a file is malicious or benign.
true
false |
|
Definition
|
|
Term
identity and access management (IAM) uniquely identifies users and groups in a directory service (such as active directory), controls what resources those users and groups can access, and what functions they can perform on a resource (such a read, write, delete, and execute)
true
false |
|
Definition
|
|
Term
ironskillet is a set of day one, next generation firewall configuration templates for PAN-OS that are based on security best practice recommendations.
true false |
|
Definition
|
|
Term
the principle of least privilege in network security requires that only the permission or access rights necessary to perform an authorized task is denied.
true or false |
|
Definition
|
|
Term
a mutex is a program object that allows multiple program threads to share the same resource, such as file access, but not simultaneously.
true or false |
|
Definition
|
|
Term
a single pass architecture of the ngfw integrates multiple threat prevention disciplines (IPS, anti malware, url filtering, etc) into a single stream based engine with a uniform signature format.
true or false |
|
Definition
|
|
Term
the primary issue with a perimeter based network security strategy in which countermeasures are deployed at a handful of well defined ingress and egress points to the network is that it relies on the assumption that everything on the internal network can be trusted.
true or false |
|
Definition
|
|
Term
Prisma SaaS is an inline service, so it doesn't impact latency, bandwidth, or end user experience.
true or false |
|
Definition
|
|
Term
the security operating platform proactively blocks known threats, which provides baseline defenses against known exploits, malware, malicious urls, and c2 activity.
true or false |
|
Definition
|
|
Term
representational state transfer (REST) is an extensible markup language (XML) format for conveying data about cybersecurity threats in a standardized format.
true or false |
|
Definition
|
|
Term
sanctioned SaaS applications fulfill a legitimate business need, but certain usage restrictions may be necessary to reduce risk.
true or false |
|
Definition
|
|
Term
the traps agent injects itself into each process as it is started and automatically blocks advanced attacks that would otherwise evade detection.
t or f |
|
Definition
|
|
Term
the key to traps is blocking core exploit and malware techniques, not the individual attacks.
t or f |
|
Definition
|
|
Term
traps leverages the intelligence obtained from tens of thousands of subscribers to the wildfire cloud based threat analysis service to continuously aggregate threat data and maintain the collective immunity of all users across endpoints, networks, and cloud applications.
t or f |
|
Definition
|
|
Term
| wildfire performs deep packet inspection of malicious outbound communications to disrupt C&C activity. t or f |
|
Definition
|
|
Term
| wildfire prevents known and unknown malware threats. t or f |
|
Definition
|
|
