PALO ALTO PCCET QUESTIONS WITH
CORRECT ANSWERS
Which type of cyberattack sends extremely high volumes of network traffic such as
packets, data, or transactions that render the victim's network unavailable or unusable?
A. distributed denial-of-service (DDoS)
B. spamming botnet
C. phishing botnet
D. denial-of-service (DoS) - Correct Answers -A
Which core component of Cortex combines security orchestration, incident
management, and interactive investigation to serve security teams across the incident
lifecycle?
A. AutoFocus
B. Cortex XDR
C. Cortex XSOAR
D. Cortex Data Lake - Correct Answers -C
Which type of advanced malware has entire sections of code that serve no purpose
other than to change the signature of the malware, thus producing an infinite number of
signature hashes for even the smallest of malware programs?
A. distributed
B. polymorphic
C. multi-functional
D. obfuscated - Correct Answers -B
Which type of phishing attack is specifically directed at senior executives or other high-
profile targets within an organization?
A. whaling
B. watering hole
C. pharming
D. spear phishing - Correct Answers -A
,Which wireless security protocol includes improved security for IoT devices, smart
bulbs, wireless appliances, and smart speakers?
A. WPA2
B. WPA3
C. WPA1
D. WEP - Correct Answers -B
Which tactic, technique, or procedure (TTP) masks application traffic over port 443
(HTTPS)?
A. using non-standard ports
B. hopping ports
C. hiding within SSL encryption
D. tunneling - Correct Answers -C
Which specific technology is associated with Web 3.0?
A. social networks
B. instant messaging
C. remote meeting software
D. blockchain - Correct Answers -D
Which Wi-Fi attack leverages device information about which wireless networks it
previously connected to?
A. evil twin
B. man-in-the-middle
C. Jasager
D. SSLstrip - Correct Answers -C
Which malware type is installed in the BIOS of a machine, which means operating
system level tools cannot detect it?
A. rootkit
B. logic bomb
C. ransomware
D. spyware - Correct Answers -A
Which Zero Trust capability provides a combination of anti-malware and intrusion
prevention technologies to protect against both known and unknown threats, including
mobile device threats?
A. least privilege
B. secure access
C. inspection of all traffic
D. cyberthreat protection - Correct Answers -D
Which three options describe the relationship and interaction between a customer and
SaaS? (Choose three.)
A. subscription service
B. extensive manpower required
,C. internet- or application-based
D. complex deployment
E. convenient and economical - Correct Answers -ACE
Mobile devices are easy targets for attacks for which two reasons? (Choose two.)
A. They have poor battery-charging capabilities.
B. They use speaker phones.
C. They stay in an always-on, always-present state.
D. They roam in unsecured areas. - Correct Answers -CD
Which path or tool is used by attackers?
A. storage-area networks (SAN)
B. anti-malware update
C. SaaS
D. threat vector - Correct Answers -D
Which kind of server is a master server that is designed to listen to individual
compromised endpoints and respond with appropriate attack commands?
A. command and control
B. bot
C. web
D. directory services - Correct Answers -A
What type of malware can have multiple control servers distributed all over the world
with multiple fallback options?
A. logic bombs
B. rootkits
C. advanced or modern
D. exploits - Correct Answers -C
Which type of malware disables protection software?
A. anti-AV
B. Trojan horse
C. ransomware
D. worm - Correct Answers -A
Another term for a bot is a "zombie". (True or False) - Correct Answers -T
The spread of unsolicited content to targeted endpoints is known as what?
A. spamming
B. pharming
C. phishing
D. exploiting - Correct Answers -A
, Which type of attack utilizes many endpoints as bots or attackers in a coordinated effort,
and can be extremely effective in taking down a website or some other publicly
accessible service?
A. Bluetooth
B. adware
C. distributed denial-of-service
D. man-in-the-middle - Correct Answers -C
Which Wi-Fi attack intercepts the victim's web traffic, redirects the victim's browser to a
web server that it controls, and serves up whatever content the attacker desires?
A. Evil Twin
B. SSLstrip
C. Emotet
D. Jasager - Correct Answers -B
Which part of APTs indicate that attackers use advanced malware and exploits and
typically also have the skills and resources necessary to develop additional cyberattack
tools and techniques?
A. Secure
B. Persistent
C. Threat
D. Advanced - Correct Answers -D
WPA2 includes a function that generates a 256-bit key based on a much shorter
passphrase created by the administrator of the Wi-Fi network and the service set
identifier (SSID) of the AP is used as a salt (random data) for the one-way hash
function. (True or False) - Correct Answers -T
Which component of the zero trust conceptual architecture is called a "platform" to
reflect that it is made up of multiple distinct (and potentially distributed) security
technologies that operate as part of a holistic threat protection framework to reduce the
attack surface and correlate information about discovered threats?
A. Management infrastructure
B. Pocket of trust
C. Trust zone
D. Single component - Correct Answers -D
Which zero trust deployment method obtains a detailed picture of traffic flows
throughout the network, including where, when, and to what extent specific users are
using specific applications and data resources?
A. Define trust zones
B. Establish trust zones
C. Implement at major access points
D. Listen-only mode - Correct Answers -D
CORRECT ANSWERS
Which type of cyberattack sends extremely high volumes of network traffic such as
packets, data, or transactions that render the victim's network unavailable or unusable?
A. distributed denial-of-service (DDoS)
B. spamming botnet
C. phishing botnet
D. denial-of-service (DoS) - Correct Answers -A
Which core component of Cortex combines security orchestration, incident
management, and interactive investigation to serve security teams across the incident
lifecycle?
A. AutoFocus
B. Cortex XDR
C. Cortex XSOAR
D. Cortex Data Lake - Correct Answers -C
Which type of advanced malware has entire sections of code that serve no purpose
other than to change the signature of the malware, thus producing an infinite number of
signature hashes for even the smallest of malware programs?
A. distributed
B. polymorphic
C. multi-functional
D. obfuscated - Correct Answers -B
Which type of phishing attack is specifically directed at senior executives or other high-
profile targets within an organization?
A. whaling
B. watering hole
C. pharming
D. spear phishing - Correct Answers -A
,Which wireless security protocol includes improved security for IoT devices, smart
bulbs, wireless appliances, and smart speakers?
A. WPA2
B. WPA3
C. WPA1
D. WEP - Correct Answers -B
Which tactic, technique, or procedure (TTP) masks application traffic over port 443
(HTTPS)?
A. using non-standard ports
B. hopping ports
C. hiding within SSL encryption
D. tunneling - Correct Answers -C
Which specific technology is associated with Web 3.0?
A. social networks
B. instant messaging
C. remote meeting software
D. blockchain - Correct Answers -D
Which Wi-Fi attack leverages device information about which wireless networks it
previously connected to?
A. evil twin
B. man-in-the-middle
C. Jasager
D. SSLstrip - Correct Answers -C
Which malware type is installed in the BIOS of a machine, which means operating
system level tools cannot detect it?
A. rootkit
B. logic bomb
C. ransomware
D. spyware - Correct Answers -A
Which Zero Trust capability provides a combination of anti-malware and intrusion
prevention technologies to protect against both known and unknown threats, including
mobile device threats?
A. least privilege
B. secure access
C. inspection of all traffic
D. cyberthreat protection - Correct Answers -D
Which three options describe the relationship and interaction between a customer and
SaaS? (Choose three.)
A. subscription service
B. extensive manpower required
,C. internet- or application-based
D. complex deployment
E. convenient and economical - Correct Answers -ACE
Mobile devices are easy targets for attacks for which two reasons? (Choose two.)
A. They have poor battery-charging capabilities.
B. They use speaker phones.
C. They stay in an always-on, always-present state.
D. They roam in unsecured areas. - Correct Answers -CD
Which path or tool is used by attackers?
A. storage-area networks (SAN)
B. anti-malware update
C. SaaS
D. threat vector - Correct Answers -D
Which kind of server is a master server that is designed to listen to individual
compromised endpoints and respond with appropriate attack commands?
A. command and control
B. bot
C. web
D. directory services - Correct Answers -A
What type of malware can have multiple control servers distributed all over the world
with multiple fallback options?
A. logic bombs
B. rootkits
C. advanced or modern
D. exploits - Correct Answers -C
Which type of malware disables protection software?
A. anti-AV
B. Trojan horse
C. ransomware
D. worm - Correct Answers -A
Another term for a bot is a "zombie". (True or False) - Correct Answers -T
The spread of unsolicited content to targeted endpoints is known as what?
A. spamming
B. pharming
C. phishing
D. exploiting - Correct Answers -A
, Which type of attack utilizes many endpoints as bots or attackers in a coordinated effort,
and can be extremely effective in taking down a website or some other publicly
accessible service?
A. Bluetooth
B. adware
C. distributed denial-of-service
D. man-in-the-middle - Correct Answers -C
Which Wi-Fi attack intercepts the victim's web traffic, redirects the victim's browser to a
web server that it controls, and serves up whatever content the attacker desires?
A. Evil Twin
B. SSLstrip
C. Emotet
D. Jasager - Correct Answers -B
Which part of APTs indicate that attackers use advanced malware and exploits and
typically also have the skills and resources necessary to develop additional cyberattack
tools and techniques?
A. Secure
B. Persistent
C. Threat
D. Advanced - Correct Answers -D
WPA2 includes a function that generates a 256-bit key based on a much shorter
passphrase created by the administrator of the Wi-Fi network and the service set
identifier (SSID) of the AP is used as a salt (random data) for the one-way hash
function. (True or False) - Correct Answers -T
Which component of the zero trust conceptual architecture is called a "platform" to
reflect that it is made up of multiple distinct (and potentially distributed) security
technologies that operate as part of a holistic threat protection framework to reduce the
attack surface and correlate information about discovered threats?
A. Management infrastructure
B. Pocket of trust
C. Trust zone
D. Single component - Correct Answers -D
Which zero trust deployment method obtains a detailed picture of traffic flows
throughout the network, including where, when, and to what extent specific users are
using specific applications and data resources?
A. Define trust zones
B. Establish trust zones
C. Implement at major access points
D. Listen-only mode - Correct Answers -D
