What are two common lifecycle stages for an advanced persistent threat (APT) that is infiltrating a
network? (Choose two.)
A, D
Explanation:
Lateral movement is a key stage where the attacker moves across the network to find valuable
targets.
Privilege escalation involves gaining higher access rights to expand control within the compromised
environment.
Communication with covert channels is a tactic used during persistence or exfiltration, while deletion
of critical data is not a standard APT lifecycle stage — it’s more characteristic of destructive attacks.
A high-profile company executive receives an urgent email containing a malicious link. The sender
appears to be from the IT department of the company, and the email requests an update of the
executive's login credentials for a system update.
Which type of phishing attack does this represent?
A
Explanation:
Whaling is a targeted phishing attack aimed at high-profile individuals, such as executives. The
attacker impersonates a trusted entity (e.g., IT department) to trick the executive into revealing
sensitive credentials. This is a form of spear phishing specifically focused on “big fish” targets.
Which next-generation firewall (NGFW) deployment option provides full application visibility into
Kubernetes environments?
B
Explanation:
A container-based NGFW is specifically designed to integrate with Kubernetes environments,
providing full application visibility and control within containerized workloads. It operates at the pod
level, making it ideal for securing dynamic microservices architectures.
Which type of firewall should be implemented when a company headquarters is required to have
redundant power and high processing power?
B
Explanation:
A physical firewall is ideal for environments like a company headquarters that require redundant
power, high throughput, and dedicated hardware for maximum reliability and performance. It
supports more robust failover and scalability compared to virtual or containerized options.
Which statement describes the process of application allow listing?
A
Explanation:
Application allow listing is a security practice that permits only pre-approved (trusted) applications,
files, and processes to run on a system. This approach helps prevent unauthorized or malicious
software from executing, thereby reducing the attack surface.
Which component of the AAA framework verifies user identities so they may access the network?
D
Explanation:
Authentication is the component of the AAA (Authentication, Authorization, and Accounting)
framework that verifies user identities (e.g., via passwords, certificates, or biometrics) before
granting access to network resources.
Which capability does Cloud Security Posture Management (CSPM) provide for threat detection
within Prisma Cloud?
D
Explanation:
Cloud Security Posture Management (CSPM), including Prisma Cloud’s offering, continuously
monitors all cloud resources — such as compute instances, storage, network configurations, and
identities — to detect misconfigurations, vulnerabilities, and potential threats in near real time.
Reference:
https://www.paloaltonetworks.com/prisma/cloud/cloud-security-posture-management
Which type of system collects data and uses correlation rules to trigger alarms?
B
Explanation:
A Security Information and Event Management (SIEM) system collects data from various sources
(logs, events, etc.) and uses correlation rules to analyze this data and trigger alarms when suspicious
or predefined patterns are detected.
What is the purpose of host-based architectures?
D
Explanation:
In a host-based architecture, the server (host) handles all processing tasks, while the client mainly
provides input/output. This centralizes control, processing, and data storage on the server, reducing
the client’s role to that of a terminal.
What is the function of an endpoint detection and response (EDR) tool?
C
Explanation:
Endpoint Detection and Response (EDR) tools monitor, record, and analyze endpoint activity to
detect suspicious behavior, investigate incidents, and respond to threats on user devices such as
laptops and desktops.