PA PCCET Study Guide 2022 with complete solution;
(Study Guide for Palo Alto PCCET)
True or False: Business intelligence (BI) software consists of tools and
techniques used to surface large amounts of raw unstructured data to perform a
variety of tasks, including data mining, event processing, and predictive
analytics.
True
True or False: The process in which end users find personal technology and apps
that are more powerful or capable, more convenient, less expensive, quicker to
install, and easier to use than enterprise IT solutions is known as
consumerization.
True
Which action is associated with Web 1.0?
checking CNN's website for news
Which action is associated with Web 3.0?
asking Apple's Siri a question
Gmail is associated with which cloud computing model?
SaaS
Which two port numbers are associated with HTTP? (Choose two.)
80, 8080
Which port number is associated with HTTPS?
443
Which port is used for encrypted communication?
22
Which protocol distinguishes between applications using port numbers?
TCP
How do attackers prevent port scans from being noticed by monitoring software?
Scan ports so quickly it is finished before it can be detected and stopped
Which potentially risky attribute is the most serious?
Malware
Which one of these applications can be used as a tunnel for other applications?
SSH
Which two devices or systems require the configuration of non-standard ports to
be able to use an application on a non-standard port? (Choose two.)
Client, Server
If you are responsible for the application's security, but not the operating
system's security, which cloud computing service model are you using?
PaaS
Which kind of security always is the responsibility of the cloud customer?
Data Security
Where is your data typically stored in a SaaS application?
in the cloud, in a database controlled by the SaaS provider
Who is responsible for the security settings in an enterprise SaaS application?
(choose the best answer)
, Both IT administrators and users
When is it impossible to secure SaaS data?
when a user uses an unmanaged device to access an unsanctioned SaaS
True or False. An organization can be compliant with all applicable security and
privacy regulations for its industry yet still not be secure.
True
Which three data fields are considered personally identifiable information (PII)?
(select three)
unique identification number (such as driver's license number), phone number,
fingerprints
Which risk is eliminated in an organization that is 100% compliant?
having the regulator punish you for being non-compliant
What does CVE mean?
Common Vulnerabilities and Exposures
What is the difference between CVE and CVSS?
CVE tells you what the vulnerabilities are. CVSS gives vulnerabilities a score (0- 10) to
evaluate how serious they are.
True or False. External threat actors have accounted for the majority of data
breaches over the past five years.
True
Which group is likely to attack indiscriminately, whether you are a valuable target
or not?
Cyberterrorists
Which group is primarily motivated by money?
Cybercriminals
True or False: The cyberattack lifecycle is a seven-step process.
True
True or False: An attacker needs to succeed in executing only one step of the
cyberattack lifecycle to infiltrate a network, whereas a defender must "be right
every time" and break every step of the chain to prevent an attack.
False
True or False: The key to breaking the cyberattack lifecycle during the Installation
phase is to implement network segmentation, a Zero Trust model, and granular
control of applications to limit or restrict an attacker's lateral movement within
the network.
True
Which stage of the cyberattack lifecycle can be identified by port scans from
external sources?
Reconnaissance
Which stage of the cyberattack lifecycle involves querying public databases and
testing exploits in the attacker's internal network?
Weaponization and Delivery
Which step is involved in getting malware to run on the inside of the targeted
organization?
Exploitation and Installation
(Study Guide for Palo Alto PCCET)
True or False: Business intelligence (BI) software consists of tools and
techniques used to surface large amounts of raw unstructured data to perform a
variety of tasks, including data mining, event processing, and predictive
analytics.
True
True or False: The process in which end users find personal technology and apps
that are more powerful or capable, more convenient, less expensive, quicker to
install, and easier to use than enterprise IT solutions is known as
consumerization.
True
Which action is associated with Web 1.0?
checking CNN's website for news
Which action is associated with Web 3.0?
asking Apple's Siri a question
Gmail is associated with which cloud computing model?
SaaS
Which two port numbers are associated with HTTP? (Choose two.)
80, 8080
Which port number is associated with HTTPS?
443
Which port is used for encrypted communication?
22
Which protocol distinguishes between applications using port numbers?
TCP
How do attackers prevent port scans from being noticed by monitoring software?
Scan ports so quickly it is finished before it can be detected and stopped
Which potentially risky attribute is the most serious?
Malware
Which one of these applications can be used as a tunnel for other applications?
SSH
Which two devices or systems require the configuration of non-standard ports to
be able to use an application on a non-standard port? (Choose two.)
Client, Server
If you are responsible for the application's security, but not the operating
system's security, which cloud computing service model are you using?
PaaS
Which kind of security always is the responsibility of the cloud customer?
Data Security
Where is your data typically stored in a SaaS application?
in the cloud, in a database controlled by the SaaS provider
Who is responsible for the security settings in an enterprise SaaS application?
(choose the best answer)
, Both IT administrators and users
When is it impossible to secure SaaS data?
when a user uses an unmanaged device to access an unsanctioned SaaS
True or False. An organization can be compliant with all applicable security and
privacy regulations for its industry yet still not be secure.
True
Which three data fields are considered personally identifiable information (PII)?
(select three)
unique identification number (such as driver's license number), phone number,
fingerprints
Which risk is eliminated in an organization that is 100% compliant?
having the regulator punish you for being non-compliant
What does CVE mean?
Common Vulnerabilities and Exposures
What is the difference between CVE and CVSS?
CVE tells you what the vulnerabilities are. CVSS gives vulnerabilities a score (0- 10) to
evaluate how serious they are.
True or False. External threat actors have accounted for the majority of data
breaches over the past five years.
True
Which group is likely to attack indiscriminately, whether you are a valuable target
or not?
Cyberterrorists
Which group is primarily motivated by money?
Cybercriminals
True or False: The cyberattack lifecycle is a seven-step process.
True
True or False: An attacker needs to succeed in executing only one step of the
cyberattack lifecycle to infiltrate a network, whereas a defender must "be right
every time" and break every step of the chain to prevent an attack.
False
True or False: The key to breaking the cyberattack lifecycle during the Installation
phase is to implement network segmentation, a Zero Trust model, and granular
control of applications to limit or restrict an attacker's lateral movement within
the network.
True
Which stage of the cyberattack lifecycle can be identified by port scans from
external sources?
Reconnaissance
Which stage of the cyberattack lifecycle involves querying public databases and
testing exploits in the attacker's internal network?
Weaponization and Delivery
Which step is involved in getting malware to run on the inside of the targeted
organization?
Exploitation and Installation
