Paloalto Networks PCCP 시험

Question No : 1

Which of the Cloud-Delivered Security Services (CDSS) will detect zero-day malware by using inline cloud machine learning (ML) and sandboxing?

• A.DNS security
• B.Advanced WildFire
• C.loT security
• D.Advanced Threat Prevention

답을 확인하기

정답:
Explanation:
Advanced WildFire is a Cloud-Delivered Security Service (CDSS) that detects zero-day malware using inline cloud machine learning (ML) and sandboxing techniques. It analyzes unknown files in real-time to identify and block new threats before they can cause harm.

Question No : 2

What differentiates SOAR from SIEM?

• A.SOAR platforms focus on analyzing network traffic.
• B.SOAR platforms integrate automated response into the investigation process.
• C.SOAR platforms collect data and send alerts.
• D.SOAR platforms filter alerts with their broader coverage of security incidents.

답을 확인하기

정답:
Explanation:
SOAR (Security Orchestration, Automation, and Response) differs from SIEM by adding automated incident response and workflow orchestration to the detection and alerting capabilities found in SIEM. This enables faster and more efficient handling of security incidents.

Question No : 3

Which two descriptions apply to an XDR solution? (Choose two.)

• A.It employs machine learning (ML) to identity threats.
• B.It is designed for reporting on key metrics for cloud environments.
• C.It ingests data from a wide spectrum of sources.
• D.It is focused on single-vector attacks on specific layers of defense.

답을 확인하기

정답:
Explanation:
XDR (Extended Detection and Response) uses machine learning (ML) to detect threats by identifying patterns and anomalies. XDR ingests data from multiple sources ― including endpoints, networks, servers, and cloud workloads ― to provide a unified and correlated view of threats across the environment.

Question No : 4

Which security tool provides policy enforcement for mobile users and remote networks?

• A.Service connection
• B.Prisma Access
• C.Prisma Cloud
• D.Digital experience management

답을 확인하기

정답:
Explanation:
Prisma Access is a cloud-delivered security platform that provides policy enforcement, secure access, and threat prevention for mobile users and remote networks, ensuring consistent security regardless of location.

Question No : 5

What type of attack redirects the traffic of a legitimate website to a fake website?

• A.Watering hole
• B.Pharming
• C.Spear phishing
• D.Whaling

답을 확인하기

정답:
Explanation:
Pharming is an attack that redirects traffic from a legitimate website to a malicious fake website, typically by corrupting the DNS system or modifying host files, with the intent of stealing user credentials or sensitive data.

Question No : 6

What is the function of an endpoint detection and response (EDR) tool?

• A.To provide organizations with expertise for monitoring network devices
• B.To ingest alert data from network devices
• C.To monitor activities and behaviors for investigation of security incidents on user devices
• D.To integrate data from different products in order to provide a holistic view of security posture

답을 확인하기

정답:
Explanation:
Endpoint Detection and Response (EDR) tools monitor, record, and analyze endpoint activity to detect suspicious behavior, investigate incidents, and respond to threats on user devices such as laptops and desktops.

Question No : 7

What is the purpose of host-based architectures?

• A.They share the work of both clients and servers.
• B.They allow client computers to perform most of the work.
• C.They divide responsibilities among clients.
• D.They allow a server to perform all of the work virtually.

답을 확인하기

정답:
Explanation:
In a host-based architecture, the server (host) handles all processing tasks, while the client mainly provides input/output. This centralizes control, processing, and data storage on the server, reducing the client’s role to that of a terminal.

Question No : 8

Which type of system collects data and uses correlation rules to trigger alarms?

• A.SIM
• B.SIEM
• C.UEBA
• D.SOAR

답을 확인하기

정답:
Explanation:
A Security Information and Event Management (SIEM) system collects data from various sources (logs, events, etc.) and uses correlation rules to analyze this data and trigger alarms when suspicious or predefined patterns are detected.

Question No : 9

Which capability does Cloud Security Posture Management (CSPM) provide for threat detection within Prisma Cloud?

• A.Real-time protection from threats
• B.Alerts for new code introduction
• C.Integration with threat feeds
• D.Continuous monitoring of resources

답을 확인하기

정답:
Explanation:
Cloud Security Posture Management (CSPM), including Prisma Cloud’s offering, continuously monitors all cloud resources ― such as compute instances, storage, network configurations, and identities ― to detect misconfigurations, vulnerabilities, and potential threats in near real time.
Reference: https://www.paloaltonetworks.com/prisma/cloud/cloud-security-posture-management

Question No : 10

Which component of the AAA framework verifies user identities so they may access the network?

• A.Allowance
• B.Authorization
• C.Accounting
• D.Authentication

답을 확인하기

정답:
Explanation:
Authentication is the component of the AAA (Authentication, Authorization, and Accounting) framework that verifies user identities (e.g., via passwords, certificates, or biometrics) before granting access to network resources.

Question No : 11

Which statement describes the process of application allow listing?

• A.It allows only trusted files, applications, and processes to run.
• B.It creates a set of specific applications that do not run on the system.
• C.It encrypts application data to protect the system from external threats.
• D.It allows safe use of applications by scanning files for malware.

답을 확인하기

정답:
Explanation:
Application allow listing is a security practice that permits only pre-approved (trusted) applications, files, and processes to run on a system. This approach helps prevent unauthorized or malicious software from executing, thereby reducing the attack surface.

Question No : 12

Which type of firewall should be implemented when a company headquarters is required to have redundant power and high processing power?

• A.Cloud
• B.Physical
• C.Virtual
• D.Containerized

답을 확인하기

정답:
Explanation:
A physical firewall is ideal for environments like a company headquarters that require redundant power, high throughput, and dedicated hardware for maximum reliability and performance. It supports more robust failover and scalability compared to virtual or containerized options.

Question No : 13

Which next-generation firewall (NGFW) deployment option provides full application visibility into Kubernetes environments?

• A.Virtual
• B.Container
• C.Physical
• D.SASE

답을 확인하기

정답:
Explanation:
A container-based NGFW is specifically designed to integrate with Kubernetes environments, providing full application visibility and control within containerized workloads. It operates at the pod level, making it ideal for securing dynamic microservices architectures.

Question No : 14

A high-profile company executive receives an urgent email containing a malicious link. The sender appears to be from the IT department of the company, and the email requests an update of the executive's login credentials for a system update.
Which type of phishing attack does this represent?

• A.Whaling
• B.Vishing
• C.Pharming
• D.Angler phishing

답을 확인하기

정답:
Explanation:
Whaling is a targeted phishing attack aimed at high-profile individuals, such as executives. The attacker impersonates a trusted entity (e.g., IT department) to trick the executive into revealing sensitive credentials. This is a form of spear phishing specifically focused on “big fish” targets.

Question No : 15

What are two common lifecycle stages for an advanced persistent threat (APT) that is infiltrating a network? (Choose two.)

• A.Lateral movement
• B.Communication with covert channels
• C.Deletion of critical data
• D.Privilege escalation

답을 확인하기

정답:
Explanation:
Lateral movement is a key stage where the attacker moves across the network to find valuable targets.
Privilege escalation involves gaining higher access rights to expand control within the compromised environment.
Communication with covert channels is a tactic used during persistence or exfiltration, while deletion of critical data is not a standard APT lifecycle stage ― it’s more characteristic of destructive attacks.