Palo Alto PCCET UPDATED ACTUAL Questions and CORRECT Answers
1 keer bekeken 0 keer verkocht
Vak
Palo Alto PCCET
Instelling
Palo Alto PCCET
Palo Alto PCCET UPDATED ACTUAL
Questions and CORRECT Answers
A native hypervisor runs:
Within an operating system's environment
Directly on the host computer's hardware
Only on certain platforms
With extreme demands on network throughput - CORRECT ANSWER- Directly on the
host computer's ha...
Palo Alto PCCET UPDATED ACTUAL
Questions and CORRECT Answers
A native hypervisor runs:
Within an operating system's environment
Directly on the host computer's hardware
Only on certain platforms
With extreme demands on network throughput - CORRECT ANSWER✔✔- Directly on the
host computer's hardware
Activity gathered by Erik and the SOC team electronically and in real-time from a given
source is called?
Telemetry
Log
Forensic (raw)
Alert - CORRECT ANSWER✔✔- Telemetry
Anthem server breaches disclosed Personally Identifiable Information (PII) from a number of
its servers. The infiltration by hackers was attributed to which type of vulnerability?
Exploitation of an unpatched security vulnerability.
A phishing scheme that captured a database administrator's password.
An intranet-accessed contractor's system that was compromised.
Access by using a third-party vendor's password. - CORRECT ANSWER✔✔- A phishing
scheme that captured a database administrator's password
Can you recommend what kind of configuration and operational questions they would need
to answer? (Choose three.)
Are the technologies in place configured to best practice?
,How many analysts are resolving incidents per day?
How often are there deviations to SOC procedures?
How many events are analysts handling per hour?
How many firewall and endpoint technologies are in place? - CORRECT ANSWER✔✔- Are
the technologies in place configured to best practice?
How often are there deviations to SOC procedures?
How many events are analysts handling per hour?
Can you remind Erik what is the SOC team's main goal?
Detect, analyze, and respond to cybersecurity incidents using a combination of technology
solutions and a set of processes to help mitigate the incidents.
Improve the security posture of the business, its products, and services by introducing
security as a shared responsibility.
Reduce the time required to contain a breach.
Connect disparate security technologies through standardized and automatable workflows. -
CORRECT ANSWER✔✔- Detect, analyze, and respond to cybersecurity incidents using a
combination of technology solutions and a set of processes to help mitigate the incidents.
During the OSI layer 3 step of the encapsulation process, what is the Protocol Data Unit
(PDU) called when the IP stack adds source (sender) and destination (receiver) IP addresses?
Data
Segment
Packet
Frame - CORRECT ANSWER✔✔- Packet
Erik has identified the alert and opened an incident in the ticketing system. What Security
Operations function would Erik perform next?
Perform a detail analysis of the alert.
Investigate the root cause and impact of the incident.
Stop the attack and close the ticket.
,Adjust and improve operations to stay current with changing and emerging threats. -
CORRECT ANSWER✔✔- Investigate the root cause and impact of the incident.
Erik is concerned that some of these alerts may be critical and the team will need help
mitigating all of them. What should Erik do?
Deploy more SIEMs to collect and process the data before having a SOC analyst interpret the
data and take appropriate action.
Deploy additional endpoint security to protect servers, PCs, laptops, and tablets so that alerts
that are missed can be caught before exfiltrating data from the end user.
Deploy SOAR technologies so he can accelerate incident response and automatically execute
process-driven playbooks to mitigate critical alerts.
Deploy more firewalls to protect the network while SOC analysts are interpreting data and
taking appropriate action. - CORRECT ANSWER✔✔- Deploy SOAR technologies so he
can accelerate incident response and automatically execute process-driven playbooks to
mitigate critical alerts.
Erik's SOC team is divided into groups with different functions. Which three teams are
responsible for the development, implementation, and maintenance of security policies?
Endpoint Security, Network Security, and Cloud Security.
Enterprise Security, Endpoint Security, and Cloud Security.
HelpDesk Security, Operational Security, and Information Technology Security.
Telemetry Security, Forensics Security, and Threat Intelligence Security - CORRECT
ANSWER✔✔- Endpoint Security, Network Security, and Cloud Security.
How does adopting a serverless model impact application development?
Prevents developers from focusing on just the application code because you need to provision
the underlying infrastructure to run the code.
Slows down the deployment of application code, but it improves the quality of code
development.
Reduces the operational overhead necessary to deploy application code.
, Costs more to develop application code because it uses more compute resources. -
CORRECT ANSWER✔✔- Reduces the operational overhead necessary to deploy
application code.
How does DevSecOps improve the Continuous Integration/Continuous Deployment (CI/CD)
pipeline?
DevSecOps ensures the pipeline has horizontal intersections for application code deployment.
DevSecOps does security checking after the application code has been processed through the
CI/CD pipeline.
DevSecOps unites the Security team with the Development and Operations teams to integrate
security into the CI/CD pipeline.
DevSecOps improves pipeline security by assigning the security team as the lead team for
continuous deployment. - CORRECT ANSWER✔✔- DevSecOps unites the Security team
with the Development and Operations teams to integrate security into the CI/CD pipeline.
How many bytes are in an IPv6 address?
4
8
16
32 - CORRECT ANSWER✔✔- 16
If the SOC team is unable to detect a security breach, what are the two potential damages that
can happen to the business? (Choose two.)
Infrastructure and server uptime.
Ransom payments to attackers.
Legal and media fees while dealing with breach.
Increase in customer switching to your company. - CORRECT ANSWER✔✔- Ransom
payments to attackers.
Legal and media fees while dealing with breach.
Voordelen van het kopen van samenvattingen bij Stuvia op een rij:
√ Verzekerd van kwaliteit door reviews
Stuvia-klanten hebben meer dan 700.000 samenvattingen beoordeeld. Zo weet je zeker dat je de beste documenten koopt!
Snel en makkelijk kopen
Je betaalt supersnel en eenmalig met iDeal, Bancontact of creditcard voor de samenvatting. Zonder lidmaatschap.
Focus op de essentie
Samenvattingen worden geschreven voor en door anderen. Daarom zijn de samenvattingen altijd betrouwbaar en actueel. Zo kom je snel tot de kern!
Veelgestelde vragen
Wat krijg ik als ik dit document koop?
Je krijgt een PDF, die direct beschikbaar is na je aankoop. Het gekochte document is altijd, overal en oneindig toegankelijk via je profiel.
Tevredenheidsgarantie: hoe werkt dat?
Onze tevredenheidsgarantie zorgt ervoor dat je altijd een studiedocument vindt dat goed bij je past. Je vult een formulier in en onze klantenservice regelt de rest.
Van wie koop ik deze samenvatting?
Stuvia is een marktplaats, je koop dit document dus niet van ons, maar van verkoper MGRADES. Stuvia faciliteert de betaling aan de verkoper.
Zit ik meteen vast aan een abonnement?
Nee, je koopt alleen deze samenvatting voor €9,71. Je zit daarna nergens aan vast.
