Pass the Paloalto Networks Certified Cybersecurity Associate Practitioner Questions and answers with CertsForce

An application allow list prevents malware from executing by only permitting approved applications to run on an endpoint. Any unauthorized or unknown software, including malicious programs, is automatically blocked from executing.

SOAR tools ingest aggregated alerts from detection sources (such as SIEMs, network security tools, and mailboxes) before executing automatable, process-driven playbooks to enrich and respond to these alerts.

https://www.paloaltonetworks.com/cortex/security-operations-automation

Cloud-hosted refers to the deployment of traditional on-premises software on cloud-based servers. This approach allows organizations to run their applications in the cloud without re-architecting them for cloud-native environments.

A TLS handshake occurs after the TCP handshake is complete. The TLS handshake is responsible for establishing a secure, encrypted session between client and server, including the negotiation of encryption algorithms and exchange of keys.

A Jasager attack is a type of wireless man-in-the-middle attack that exploits the way mobile devices search for known wireless networks. A Jasager device will respond to any beacon request from a mobile device by saying “Yes, I’m here”, pretending to be one of the preferred networks. This way, the Jasager device can trick the mobile device into connecting to it, without the user’s knowledge or consent. The Jasager device can then intercept, modify, or redirect the traffic of the victim. For this attack to work, the attacker needs to be within close proximity of the victim, and the victim must have at least one known network in their preferred list. The victim does not need to manually choose the attacker’s access point, nor does the attacker try to get victims to connect at random. References: Wireless Man in the Middle - Palo Alto Networks, Man-in-the-middle attacks with malicious & rogue Wi-Fi access points - Privacy Guides

A Cloud Access Security Broker (CASB) secures SaaS applications and network data by providing visibility, data security, threat protection, and compliance enforcement. It acts as a control point between users and cloud service providers to enforce security policies.

TCP stands for Transmission Control Protocol, and it is one of the main protocols used in the internet. TCP provides reliable, ordered, and error-free delivery of data between applications 1. In terms of the OSI model, TCP is a transport-layer protocol. The transport layer is the fourth layer of the OSI model, and it is responsible for establishing end-to-end connections, segmenting data into packets, and ensuring reliable and efficient data transfer 2. The transport layer also provides flow control, congestion control, and error detection and correction mechanisms 2. TCP is not the only transport-layer protocol; another common one is UDP (User Datagram Protocol), which is faster but less reliable than TCP 3. References: 1: TCP/IP TCP, UDP, and IP protocols - IBM 2: Transport Layer | Layer 4 | The OSI-Model 3: TCP/IP Model vs. OSI Model | Similarities and Differences - Fortinet

A SASE solution converges networking and security services into one unified, cloud-delivered solution (see Figure 3-12) that includes the following:

● Networking

○ Software-defined wide-area networks (SD-WANs)

○ Virtual private networks (VPNs)

○ Zero Trust network access (ZTNA)

○ Quality of Service (QoS)

● Security

○ Firewall as a service (FWaaS)

○ Domain Name System (DNS) security

○ Threat prevention

○ Secure web gateway (SWG)

○ Data loss prevention (DLP)

○ Cloud access security broker (CASB)

Application allow listing is a security practice that permits only pre-approved (trusted) applications, files, and processes to run on a system. This approach helps prevent unauthorized or malicious software from executing, thereby reducing the attack surface.

A meddler-in-the-middle (MITM) attack is a type of Wi-Fi attack where the attacker intercepts and redirects the victim’s web traffic to serve content from a web server it controls. The attacker can use various techniques, such as ARP spoofing, DNS spoofing, or SSL stripping, to trick the victim into connecting to a rogue access point or a proxy server that acts as a middleman between the victim and the legitimate website. The attacker can then modify, inject, or drop the packets that are exchanged between the victim and the website, and perform malicious actions, such as stealing credentials, injecting malware, or displaying fake or misleading content. A MITM attack can compromise the confidentiality, integrity, and availability of the victim’s web traffic and expose them to various risks and threats. References:

What is a man-in-the-middle attack?

The 5 most dangerous Wi-Fi attacks, and how to fight them

What Are Sniffing Attacks, and How Can You Protect Yourself?