palo alto networks pccsa practice test

Question 1

What does a hypervisor enable?

• A. high-speed searching of already aggregated security log files
• B. high-speed aggregation and viewing of security log files
• C. multiple physical machines to be configured into a high-performance cluster
• D. multiple guest operating systems to run on a single physical machine

Question 2

DRAG DROP
Match the OSI network model Layer 3 function to the correct description.
Select and Place:

Question 3

Which two remote access methods are secure because they encrypt traffic? (Choose two.)

• A. IPsec-AH
• B. SSH
• C. VPN
• D. Telnet
• E. rlogin

Question 4

Which type of adversary would commit cybercrimes with the authorization of their country’s government?

• A. state-sponsored
• B. hacktivist
• C. gray hat
• D. white hat

Question 5

Which protocol converts voice into a digital signal?

• A. IVO
• B. VoIP
• C. SNMP
• D. IGMP

Question 6

From which resource can a Palo Alto Networks firewall get URL category information for URLs whose categories cannot be
found on the firewall?

• A. App-ID database
• B. WildFire
• C. PDF file
• D. PAN-DB database

Question 7

A firewall located on an organization’s network perimeter can be used to protect against which type of attack?

• A. a malicious SaaS application file accessed from an unmanaged mobile phone
• B. ransomware installed from an infected USB drive
• C. malware installed on the laptop by a disgruntled employee
• D. a malicious PDF file located on an internet website

Question 8

In the context of a mobile device management solution, what is a function of the “policy enforcement” feature?

• A. controls which websites can be accessed when connected to Wi-Fi
• B. controls which Wi-Fi networks can be accessed
• C. controls which phone numbers can be dialed
• D. controls which password/passcode settings are allowed

Question 9

What does Palo Alto Networks Traps do first when an endpoint is asked to run an executable?

• A. send the executable to WildFire
• B. run a static analysis
• C. run a dynamic analysis
• D. check its execution policy

Question 10

In PKI, which item is issued by a CA?

• A. digital certificate
• B. SSH key
• C. KDC ticket
• D. shared key

Question 11

DRAG DROP
Match each cryptographic method with its description.
Select and Place:

Question 12

Which action must be taken prior to a successful ransomware attack to enable recovery from the attack?

• A. create a data snapshot on your IDS device
• B. back up all hosts that contain critical data
• C. update all firewall malware signatures
• D. limit external exposure of internal DNS resource records

Question 13

Which type of firewall monitors traffic streams from beginning to end?

• A. circuit-level gateway
• B. stateless
• C. stateful
• D. packet filter

Question 14

Which option describes a characteristic of a distributed denial-of-service attack?

• A. uses multiple types of malware to corrupt system services
• B. uses a single remote host to delete data from multiple target servers
• C. uses a single remote host to flood a target network with traffic
• D. uses a botnet to flood traffic to a target network

Question 15

Which two types of SaaS applications are allowed by an IT department? (Choose two.)

• A. tolerated
• B. certified
• C. sanctioned
• D. unsanctioned