PCCSA Knowledge Questions | 100% Correct
Answers | Verified | Latest 2024 Version
In which cloud computing service model does a provider's applications run on a cloud infrastructure and
the consumer does not manage or control the underlying infrastructure? (Choose one.)
a) platform as a service (PaaS)
b) infrastructure as a service (IaaS)
c) software as a service (SaaS)
d) public cloud - ✔✔[c] software as a service (SaaS)
True or False. Business intelligence (BI) software consists of tools and techniques used to surface large
amounts of raw unstructured data to perform a variety of tasks including data mining, event processing,
and predictive analytics. - ✔✔True
True or False. The process in which end users find personal technology and apps that are more powerful
or capable, more convenient, less expensive, quicker to install, and easier to use than enterprise IT
solutions is known as consumerization. - ✔✔True
True or False. An organization can be compliant with all applicable security and privacy regulations for its
industry, yet still not be secure. - ✔✔True
Fill in the Blank. The U.S. law that establishes national standards to protect individuals' medical records
and other health information is known as the
. - ✔✔Health Insurance Portability and Accountability Act (HIPAA)
True or False. Most cyberattacks today are perpetrated by internal threat actors such as malicious
employees engaging in corporate espionage. - ✔✔False
True or False. The Cyber-Attack Lifecycle is a five-step process that an attacker goes through to attack a
network. - ✔✔False
, Multiple Answer. List and describe the steps of the Cyber-Attack Lifecycle. - ✔✔Reconnaissance,
Weaponization, Delivery, Exploitation, Installation, Command and Control, Actions on the Objective
True or False. An attacker needs to succeed in executing only one step of the Cyber-Attack Lifecycle to
infiltrate a network, whereas a defender must "be right every time" and break every step of the chain to
prevent an attack. - ✔✔False
Multiple Choice. Which technique is not used to break the command-and- control (C&C) phase of the
Cyber-Attack Lifecycle? (Choose one.)
a) blocking outbound traffic to known malicious sites and IP addresses
b) DNS sinkholing and DNS poisoning
c) vulnerability and patch management
d) all of the above - ✔✔[c] vulnerability and patch management
True or False. The key to breaking the Cyber-Attack Lifecycle during the Installation phase is to
implement network segmentation, a Zero Trust model, and granular control of applications to limit or
restrict an attacker's lateral movement within the network. - ✔✔True
True or False. Network firewalls cannot completely protect hosts from zero- day exploits. - ✔✔True
Fill in the Blank. _______________ exploits target unknown vulnerabilities in operating system and
application software on a host machine. - ✔✔Zero-day
Multiple Choice. Which option describes malicious software or code that typically takes control of,
collects information from, or damages an infected endpoint? (Choose one.)
a) exploit
b) malware
c) vulnerability
d) none of the above - ✔✔[b] malware
Answers | Verified | Latest 2024 Version
In which cloud computing service model does a provider's applications run on a cloud infrastructure and
the consumer does not manage or control the underlying infrastructure? (Choose one.)
a) platform as a service (PaaS)
b) infrastructure as a service (IaaS)
c) software as a service (SaaS)
d) public cloud - ✔✔[c] software as a service (SaaS)
True or False. Business intelligence (BI) software consists of tools and techniques used to surface large
amounts of raw unstructured data to perform a variety of tasks including data mining, event processing,
and predictive analytics. - ✔✔True
True or False. The process in which end users find personal technology and apps that are more powerful
or capable, more convenient, less expensive, quicker to install, and easier to use than enterprise IT
solutions is known as consumerization. - ✔✔True
True or False. An organization can be compliant with all applicable security and privacy regulations for its
industry, yet still not be secure. - ✔✔True
Fill in the Blank. The U.S. law that establishes national standards to protect individuals' medical records
and other health information is known as the
. - ✔✔Health Insurance Portability and Accountability Act (HIPAA)
True or False. Most cyberattacks today are perpetrated by internal threat actors such as malicious
employees engaging in corporate espionage. - ✔✔False
True or False. The Cyber-Attack Lifecycle is a five-step process that an attacker goes through to attack a
network. - ✔✔False
, Multiple Answer. List and describe the steps of the Cyber-Attack Lifecycle. - ✔✔Reconnaissance,
Weaponization, Delivery, Exploitation, Installation, Command and Control, Actions on the Objective
True or False. An attacker needs to succeed in executing only one step of the Cyber-Attack Lifecycle to
infiltrate a network, whereas a defender must "be right every time" and break every step of the chain to
prevent an attack. - ✔✔False
Multiple Choice. Which technique is not used to break the command-and- control (C&C) phase of the
Cyber-Attack Lifecycle? (Choose one.)
a) blocking outbound traffic to known malicious sites and IP addresses
b) DNS sinkholing and DNS poisoning
c) vulnerability and patch management
d) all of the above - ✔✔[c] vulnerability and patch management
True or False. The key to breaking the Cyber-Attack Lifecycle during the Installation phase is to
implement network segmentation, a Zero Trust model, and granular control of applications to limit or
restrict an attacker's lateral movement within the network. - ✔✔True
True or False. Network firewalls cannot completely protect hosts from zero- day exploits. - ✔✔True
Fill in the Blank. _______________ exploits target unknown vulnerabilities in operating system and
application software on a host machine. - ✔✔Zero-day
Multiple Choice. Which option describes malicious software or code that typically takes control of,
collects information from, or damages an infected endpoint? (Choose one.)
a) exploit
b) malware
c) vulnerability
d) none of the above - ✔✔[b] malware
