<< Don' for get to press the AD ! mant thanks ! >>
True or false? Traps Local Analysis capability is based on a signature database maintained on the endpoint system and regularly updated by WildFire.
True
False
Mark for follow up
Question 13 of 18. [T]
True or false? An executable’s hash verdict from WildFire can be overridden to mark the hash as Malicious or Benign for the local domain.
True
False
Mark for follow up
Question 10 of 18. [F]
True or false? Traps must be sold in conjunction with Palo Alto Networks next-generation firewall products and cannot be sold separately.
True
False
Mark for follow up
Question 10 of 18. [A]
How does Traps complement Palo Alto Networks perimeter protection?
Endpoints sometimes are operated by their users outside the corporate network perimeter.
Information about threats is uploaded into Traps agents.
Traps endpoints send signatures about threats directly to Palo Alto Networks firewalls.
ESM Servers send hashes of files directly to Palo Alto Networks firewalls.
Mark for follow up
Question 9 of 18. [A]
Which licenses or subscriptions are required for a Traps deployment?
one license for all endpoints to be protected (workstations, servers, and VDI)
separate licenses for workstations, servers, and VDI
WildFire subscription
perpetual ESM Server license
Mark for follow up
Question 8 of 18. [A]
What is the HTTP address for the Cloud Services Portal?
https://apps.paloaltonetworks.com
https://portal.paloaltonetworks.com
https://csp.paloaltonetworks.com
https://services.paloaltonetworks.com
Mark for follow up
Question 6 of 18. [A]
Which endpoint solution type most accurately describes Traps?
Prevention Solution
Detection and Response Solution
Remediation Solution
Endpoint Management Solution
Mark for follow up
Question 5 of 18. [A]
Which statement is true regarding Traps Execution Restrictions?
They limit the attack surface of an endpoint by defining where and how users can run executable files.
They are used to specify which EPMs will be applied to a given process.
They are used to blacklist or whitelist files for further MPM processing.
They are included in regular content updates.
Mark for follow up
Question 18 of 18. [A]
Which statement is true regarding Traps Management Service Security Event logs?
Logs are generated by the protection modules when threats occur on endpoints.
Record status of all log files is collected by the Traps management service.
Log system events are reported by the Traps agent.
Record configuration, policy, and system events are reported by the Traps management service.
Mark for follow up
Question 11 of 18. [A]
True or false? WildFire detects malware using both static analysis and dynamic analysis mechanisms.
True
False
Mark for follow up
Question 8 of 18. [A]
Which Palo Alto Networks cloud service is used by the Traps management service?
Directory Sync Service
Domain Name Service
Reporting Service
Magnifier Service
Mark for follow up
Question 13 of 18. [A]
Which statement is true regarding scanning in the Traps Management Service?
It helps companies obtain regulatory compliance.
It is a protection and prevention feature.
It supports macOS endpoints only.
It is supported by all agent types.
Mark for follow up
Question 17 of 18. [AB]
Which two attack vector locations can Traps protect? (Choose two.)
data center servers
end-user workstations
internet perimeter firewall
branch office firewall
Mark for follow up
Question 5 of 18. [A]
True or false? Traps can be positioned as a replacement for traditional antivirus.
True
False
Mark for follow up
Question 9 of 18. [AB]
Which two locations can Traps forward logs? (Choose two.)
syslog server
Panorama
next-generation firewall
FTP server
SNMP Trap
Mark for follow up
Question 15 of 18. [ABC]
Which three file types can be sent by Traps to WildFire for malware analysis? (Choose three.)
Mach-O files (Mach-o) for macOS
Excel and Word documents containing macros
any executable file
Adobe Flash files
Mark for follow up
Question 17 of 18. [ABC]
Which three options are Traps differentiators? (Choose three.)
automatic conversion of threat intelligence into prevention
multi-method prevention
persistent protection
proactive patching for servers and endpoints
Mark for follow up
Question 13 of 18. [A]
Which statement is true regarding Traps process protection?
Traps protects no processes by default. All processes to be protected must be defined by an administrator.
Traps protects more than 100 different Windows Processes and more than 50 different Mac processes. Additional processes can be protected based on administrative configuration and settings tuned to the customer’s production environment.
Traps protects more than 100 different Windows Processes and more than 50 different Mac processes. No additional processes can be protected.
By default, Traps protects every process running on an endpoint.
Mark for follow up
Question 6 of 18. [A]
Which activity should not be highlighted during a Traps demonstration?
disabling or deleting the Traps agent
viewing prevention events in the Traps management service web interface
Traps multi-method prevention of malware
exploit technique prevention by Traps EPMs
Mark for follow up
Question 6 of 18. [A]
In the Traps management service, which exception type is not valid?
Administrator Exception
Support Exception
Hash Exception
Process Exception
Mark for follow up
Question 11 of 18. [A]
Which statement is true about advanced cyberthreats?
A zero-day vulnerability is defined as a security flaw of which the vulnerable product's vendor has no prior awareness.
A zero-day vulnerability is defined as a security flaw of which the vulnerable product's customers have no prior awareness.
Zero-day attacks are unstoppable.
Protection against zero-day attacks is impractical.
Mark for follow up
Question 18 of 18. [A]
When an executable is being evaluated by a Traps malware prevention process, what are restriction rules used for?
restrict where and how users can run executable files
restrict the information displayed to users when the Traps agent blocks an exploit
restrict which processes will be protected by EPMs
restrict which administrators can set policies
Mark for follow up
Question 12 of 18. [A]
What does Traps use to stop an exploit technique?
exploit protection modules (EPMs)
malware protection modules (MPMs)
memory corruption
logic flaws
Mark for follow up
Question 16 of 18. [A]
How many exploit techniques must be prevented to stop a successful attack?
1
2
3
all of the techniques
Mark for follow up
Question 4 of 18. [A]
Which statement is true about the malware protection flow?
A trusted signed file is locally exempt from WildFire analysis and Local Analysis.
Child process MPM policy is the last step of the malware protection flow.
Administrative hash control is evaluated after local static analysis.
Local static analysis occurs before a WildFire verdict check.
Mark for follow up
Question 5 of 18. [A]
Content updates do not include which item?
new EPMs
updates to the Local Analysis model
new trusted publishers
new default policy rules
Mark for follow up
Question 4 of 18. [A]
Which option is not a category of an exploit technique?
stack canary exploitation techniques, such as CVE20121313
logic flaw techniques, such as malicious code masquerading as a variable
memory corruption techniques, such as Heap Spray and ROP Chain
code execution techniques, such as malicious code embedded in application data files
Mark for follow up
Question 6 of 18. [D]
How much logging storage comes with the Traps management service?
10TB
100TB
None. The Logging Service is a paid service.
100GB
Mark for follow up
Question 16 of 18. [A]
Which statement is true about file hashes?
The Traps agent caches the hashes of executable files for which it has verdicts.
Each day WildFire automatically updates the ESM Server's cache with hashes of files known from other customers.
ESM Servers send hashes of PDF files to WildFire.
ESM Servers send hashes of PDF files and MS Office files to the local cache folder.
Mark for follow up
Question 17 of 18. [C]
How often does WildFire send verdict updates to the Traps management service?
every 5 minutes
every 24 hours
every 8 hours
every 1 hour
Mark for follow up
Question 5 of 18. [A]
When a security event occurs, which Traps component captures forensic information about the event?
Traps agent
NGFW Database
Traps Management Server
Traps Management Server Console
Mark for follow up
Question 11 of 18. [A]
What does the term "Service Protection" mean?
The Traps agent is tamperproof.
A specified process is protected.
The process running on a Windows Server system is protected.
One Traps Management Server can take over for another.
Mark for follow up
----------------------------------
Question 7 of 18.
Which two statements describe characteristics of malware executable files? (Choose two.)
It can take the form of executable code or scripts.
It is contained in an application data file such as a PDF, JPEG, or HTML file.
It has malicious intent, acting against the interest of the computer user
It relies on a legitimate application reading it.
Mark for follow up
SAS Systems Engineering takes pride in offering a wide range of practical, safe, and efficient fire protection systems, fire alarms, security systems, CCTV.Access Control, intrusion detection computerized monitoring, motion detection, perimeter protection, Closed Circuit Televisions (CCTV), burglar-alarm systems and fire alarms service in Saudi Arabia. Not only do we provide intrusion detection computerized monitoring and motion detection but also we provide perimeter protection, closed Circuit Televisions (CCTV), Burglar-alarm systems, Control centers (CMCCS), Metal and explosive detection, X-Ray scanners, Under-vehicle inspection systems, Automatic car-plate-recognition system. With the knowledge and experience of our highly skilled team of engineers, we are able to provide high quality solutions.
回覆刪除