Free Palo Alto Networks Cybersecurity-Practitioner Exam Questions

Become Palo Alto Networks Certified with updated Cybersecurity-Practitioner exam questions and correct answers

Page: 1 / 60

Total 300 Questions | Updated On: Mar 25, 2025

Add To Cart

Question 1

How does TLS ensure the confidentiality of the session key during the handshake process?

A : The session key is shared over an encrypted channel established by the server’s certificate.

B : The client sends the session key encrypted with the server’s private key.

C : The session key is pre-shared before the handshake begins.

D : The session key is derived independently by both parties using shared secrets.

Answer: D

Question 2

Which of the following statements best describes the primary function of a Next-Generation Firewall (NGFW) in a modern enterprise network?

A : It solely blocks traffic based on static packet filtering rules.

B : It encrypts and decrypts traffic end-to-end to ensure data privacy.

C : It is designed to route traffic between VLANs and prioritize bandwidth allocation.

D : It provides deep packet inspection to analyze application-level data and enforce security policies.

Answer: D

Question 3

When designing a secure serverless function to process sensitive data, which of the following practices should be followed to ensure compliance with data protection standards?

A : Leverage environment variables to pass sensitive data securely to the serverless function.

B : Enable logging and store logs containing sensitive data in a public S3 bucket for auditing purposes.

C : Allow functions to dynamically fetch sensitive data from unencrypted third-party APIs.

D : Deploy serverless functions without any form of input validation to maximize performance.

Answer: A

Question 4

Which of the following methods is most effective for detecting a command-and-control (C2) communication channel in a compromised network?

A : Using endpoint detection tools to identify unauthorized USB device connections.

B : Scanning email attachments for known malware signatures.

C : Blocking all internet access from the internal network to prevent potential C2 channels.

D : Monitoring network traffic for abnormal outbound connections to uncommon or suspicious domains.

Answer: D

Question 5

An employee receives an urgent email claiming that their email account will be disabled unless they log in immediately through a provided link. The email includes a realistic-looking company logo and signature but uses a slightly misspelled domain name. Which phishing techniques are demonstrated in this scenario? (Choose two)

A : Whaling

B : Domain spoofing

C : Clone phishing

D : Email spoofing

E : Spear phishing

Answer: B,D

Page: 1 / 60

Total 300 Questions | Updated On: Mar 25, 2025

Add To Cart