Palo Alto Networks PCCET Practice Test - Questions Answers, Page 8

Application (Layer 4 or L4): This layer loosely corresponds to Layers 5 through 7 of the OSI model.

Transport (Layer 3 or L3): This layer corresponds to Layer 4 of the OSI model.

Internet (Layer 2 or L2): This layer corresponds to Layer 3 of the OSI model.

Network Access (Layer 1 or L1): This layer corresponds to Layers 1 and 2 of the OSI model

According to the NIST definition of cloud computing1, there are three service models for cloud computing: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). In the SaaS model, the cloud provider delivers the software applications over the internet, and the users access them from various devices through a web browser or a program interface. The cloud provider manages the underlying infrastructure, including the servers, databases, and code of the applications. The users do not need to install, update, or maintain the software, and they only pay for the service they use. The scenario described in the question is an example of the SaaS model, as the user is provided access over the internet to an application running on a cloud infrastructure, and the vendor hosts and maintains the servers, databases, and code of that application.Reference:

SP 800-145, The NIST Definition of Cloud Computing | CSRC

Final Version of NIST Cloud Computing Definition Published

NIST Cloud Computing Program - NCCP | NIST

SaaS - User responsible for only the data, vendor responsible for rest

A worm is a type of malware that replicates itself to spread rapidly through a computer network. Unlike a virus, a worm does not need a host program or human interaction to infect other devices.A worm can consume network bandwidth, slow down the system performance, or deliver a malicious payload, such as ransomware or a backdoor123.Reference:Types of Malware & Malware Examples - Kaspersky,10 types of malware + how to prevent malware from the start,Computer worm - Wikipedia

A worm replicates through the network while a virus replicates, not necessarily to spread through the network.

When you enable URL Filtering, all web traffic is compared against the URL Filtering database, PAN-DB, which contains millions of URLs that have been grouped into about 65 categories.

Identity and access management (IAM) is a software service or framework that allows organizations to define user or group identities within software environments, then associate permissions with them. The identities and permissions are usually spelled out in a text file, which is referred to as an IAM policy.

Prisma Cloud comprises four pillars:

Visibility, governance, and compliance. Gain deep visibility into the security posture of multicloud environments. Track everything that gets deployed with an automated asset inventory, and maintain compliance with out-of-the-box governance policies that enforce good behavior across your environments.

Compute security. Secure hosts, containers, and serverless workloads throughout the application lifecycle. Detect and prevent risks by integrating vulnerability intelligence into your integrated development environment (IDE), software configuration management

(SCM), and CI/CD workflows. Enforce machine learning-based runtime protection to protect applications and workloads in real time.

Network protection. Continuously monitor network activity for anomalous behavior, enforce microservice-aware micro-segmentation, and implement industry-leading firewall protection. Protect the network perimeter and the connectivity between containers and hosts.

Identity security. Monitor and leverage user and entity behavior analytics (UEBA) across your environments to detect and block malicious actions. Gain visibility into and enforce governance p

As containers grew in popularity and used diversified orchestrators such as Kubernetes (and its derivatives, such as OpenShift), Mesos, and Docker Swarm, it became increasingly important to deploy and operate containers at scale.

https://www.dynatrace.com/news/blog/kubernetes-vs-docker/

A sanctioned application is an application that is approved by the IT department and meets the security and compliance requirements of the organization. Sanctioned applications are allowed to access the organization's network and data and are monitored and protected by the IT department. Examples of sanctioned applications are Office 365, Salesforce, and Zoom. Sanctioned applications are different from unsanctioned, prohibited, and tolerated applications, which are not approved by the IT department and may pose security risks to the organization. Unsanctioned applications are applications that are used by the employees without the IT department's knowledge or consent, such as Dropbox, Gmail, or Facebook. Prohibited applications are applications that are explicitly forbidden by the IT department, such as BitTorrent, Tor, or malware. Tolerated applications are applications that are not approved by the IT department, but are not blocked or restricted, such as Skype, Spotify, or YouTube.Reference:Palo Alto Networks Certified Cybersecurity Entry-level Technician (PCCET),Cloud Security Fundamentals - Module 4: Cloud Security Best Practices,Application Visibility and Control

Simplicity: Because each device is centrally managed, with routing based on application policies, WAN managers can create and update security rules in real time as network requirements change. Also, when SD-WAN is combined with zero-touch provisioning, a feature that helps automate the deployment and configuration processes, organizations can further reduce the complexity, resources, and operating expenses required to spin up new sites. Improved performance: By allowing efficient access to cloud-based resources without the need to backhaul traffic to centralized locations, organizations can provide a better user experience.