SASE:

For network security, the challenges that have arisen as a result of rapid and
disruptive digital innovation, we know as such

• Evolving Compliance Requirements*

• Growing number of off-network users accessing the central data
center, without proper security*
• Attack surface expansion*

SASE's core capabilities are:

• ZTNA Zero Trust Network Access*

• Next Generation Firewall* NGFW
• Data Loss Prevention *DLP
The two cloud capabilities that combine to deliver SASE are:

• Network as a service *
• Security as a service *

The result of outdated network security solutions that require all traffic to pass
through the main data center for inspection resulting in increased latency

When they talk about Thin Edge we refer to Branches with minimum security that are
connected to a central network

SASE's goal is to support the secure and dynamic access needs of today's
organizations by extending enterprise-grade networking and security, regardless of
location.

The benefits of SASE are to deliver

• Consistent security for mobile workforces*

• Optimized routes for all users to all clouds to improve performance and
agility*
Cloud Security:
The correct description for IaaS is that it will allow us to rent a virtualized data
infrastructure without having to physically manage it on premises

It is important to emphasize that the final responsibility for the security of the client's
data and services hosted in the cloud rests with the Client.

One potential issue customers risk if they rely solely on vendor cloud security tools is
that these types of tools provide basic security and do not protect all facets of a multi-
cloud environment.

Cloud computing is the practice of using a network of remote servers hosted on the
Internet to store, manage and process data. And examples of this we have Platform
as a Service (PaaS), Infrastructure as a Service (IaaS)

The reason that led organizations to use cloud services is mainly cost savings by
paying only for the necessary computing services.

And finally, remember the examples of Software as a Service or also known as

SaaS, Google Mail, Salesforce, and Netflix.
SD-WAN:

Previous companies used a single dedicated service provider to connect to the

Internet. What was the main weakness of this design?

• Unreliable

WAN is a computer network that spans a large geographic area and typically
consists of two or more LANs.

The benefits obtained by using a centralized SD-WAN management console are:

• The ability to prioritize business-critical applications

• Greater network visibility

Managing multiple point products could cause increased complexity for IT security
due to

• Lack of integration between security products.

• Multiple management consoles are usually required

Demand for more cloud applications and services led to higher Internet latency in the
network model for the single dedicated service provider or MPLS model

Basic Load Balancing was one of the features of the first generation SD-WAN
applied smart business decisions.
Firewalls

Some features of a next generation firewall (NGFW) are:

• You can segment a network based on user, device, and application type
• Offers high performance inspection
• Control apps based on type or who the user is

The first generation of firewalls was through packet filtering

The two types of firewalls that can block a connection depending on the type of
application are

• Next Generation Firewall (NGFW)

• Application layer

One of the limitations of first-generation firewalls was that they could not distinguish
between malicious and legitimate applications.

A packet filter firewall controls network traffic based on network addresses,

protocols, and ports.

An example of NGFW can be configured to allow a user to connect to Facebook, but

not view videos from that site
NAC:

The main feature of headless devices is that they are devices that cannot support a
third-party security agent.

The activities carried out by NAC:

• Profile all devices to identify what access they should have

• Provide proper network access to devices
• Discover all devices on the network

The advantages of implementing a FortiNAC solution

• FortiNAC is integrated into the security framework.

• The FortiNAC solution has complete network visibility.
• FortiNAC can profile headless devices that are not equipped with an agent.

The security challenges presented by IoT devices for IT security professionals are
that

• They are often not compatible with security programs.

• They can be exploited by bad actors.

When the NAC is implemented for the first time one of the first tasks it performs is:

• Profile all connected devices

Among the network security concerns that have grown dramatically for businesses
in recent years

• Need for overall network visibility

• IoT devices that connect to a network

One of the shortcomings of NAC solutions is that some NAC solutions underperform
in wired environments, creating a security vulnerability.

The three parties involved in network authentication, according to IEEE 802.1X

standards, are

• Authentication server
• Authenticator
• client device

Normally to join a public network, such as one in a coffee shop we must accept the
legal terms for using the network
What drives organizations to purchase IoT devices is that they can save time and
money

IoT devices are potential conduits of contagion since security software cannot be
installed on them
SOAR Quiz Answers What are playbooks used for?

• To automate actions, an analyst would typically have to complete them

manually.

Of the following options, which is the best description of SOAR?

• It connects all the tools in your security stack into defined workflows
that can be executed automatically.

Why is SOAR used?

• To synchronize tools, speed response times, reduce alert fatigue, and

fill the skills shortage gap.

What is alert fatigue?

• When an analyst feels overwhelmed by the number of alerts they

receive.

What does the acronym SOAR mean?

• Security orchestration, automation and response

Identify a benefit of SOAR.

• Increase the efficiency of your security team by automating repetitive

manual processes.

What are the three reasons why SOAR is used? (Choose three.) Select one or more:

• Compensate for skills shortages*

• Speed response times*
• Reduce alert fatigue*

What is a common use case for customers implementing SOAR?

Phishing investigations*

Which statement best describes SOAR?

• SOAR connects all security tools into defined workflows that can be
executed automatically*

EndPoint:

What type of malware seriously reduced the effectiveness of signature-based

antivirus?
 • Polymorphic

Which attribute describes older antivirus software?

• Signature based

What was the culmination of the development of endpoint security?

• EDR and EPP technologies merged

Identify two problems that are solved by having a single security agent on the
endpoints. (Choose two.)

• Lack of integration between endpoint security products

• Multiple management consoles add complexity

What service is used as part of endpoint detection and response (EDR)?

• Forensic investigation tool

Which description best identifies file-based malware?

• A downloaded file, which when opened, executes malicious code or

script

What two prevention-focused attributes are found in most contemporary endpoint

security solutions? (Choose two.)

• Machine Learning (ML)

• virtual patches

What three prevention-focused services are found in the Endpoint Protection

Platform (EPP)? (Choose three.)

• Antivirus (AV)
• Data protection through encryption
• Web filtering

Why do threat actors target endpoints on a network?

• They are an easy entry point to a network.

What two types of devices are considered terminals, according to the lesson
description? (Choose two.)

• Computing devices used by end users

• Internet of Things (IoT)

Wifi
Question 1: What standard is Wi-Fi based on?

•
IEEE 802.11
•
ISO 5750
•
5-4-3 rule
•
10Base-T
Question 2: When the Ethernet switch was introduced, what important benefit
did it bring to networks?

•
It allowed simultaneous transmissions on a network.
•
The number of computers that can be connected to a network has
increased.
• Reduced the number of transmission collisions that occur in a
wired network.
• Enabled the connection of wireless clients.
Question 3: The current best level of security provided for Wi-Fi networks is
WPA3. What other Wi-Fi security protocol is also commonly recommended?

WPA4 •
WPA •
•
W.E.P.
WPA2 •
Question 4: In what year did the first wireless local access network emerge?

SASE:......................................................................................................................................1
Cloud Security:........................................................................................................................2
SD-WAN:................................................................................................................................3
Firewalls..................................................................................................................................4
NAC:.......................................................................................................................................5
• Stop any user action if it exceeds your network permissions........................................14
• IP.......................................................................................................................................15
• Complying with regulations*.........................................................................................16
• Complying with regulations...........................................................................................17
• Data leak prevention (DLP)...........................................................................................19
• FortiMail can integrate with segmentation firewalls.....................................................19
• It doesn't scale well, because the number of malware files increases by millions or
more every day......................................................................................................................24
• He behaved abnormally*...............................................................................................24
•
Question 5: What does WPA mean?

• Wireless proliferation algorithm

• Wi-Fi Protected Access

• Wi-Fi performance attributes

 • Wireless Provisioning Agency Question 6: Why is wireless security
necessary?

• To avoid espionage by bad actors

• To enable bandwidth modulation
• To enable secure payment methods to access points of payment
Wi-Fi access
• To enable Internet connection monitoring for viruses, malware, and
hacking attempts
Question 7: Which change introduced in Wi-Fi Protected Access 2 (WPA2)
strengthens encrypted Wi-Fi communications?

Choose one:

• Enforcing stronger passphrases

• Hardware Security Modules (HSM)
• Encryption digital certificate
• Advanced Encryption Standard (AES) Algorithm*
Question 8: What two security practices make your home wireless network
more secure? (Choose two.)

Select one or more:

• Keep your router firmware up to date.*

• Choose passphrases that are difficult to guess.*
• Install antivirus software on all Wi-Fi devices.
• Check with NIST for the latest security strategies.
Question 9: Which two features of Wi-Fi Protected Access 3 (WPA3) strengthen
security? (Choose two.)

Select one or more:

• Digital signatures were introduced to help identify valid access points

(APs).
• Encryption key size lengthened.*
• Complex passphrases were applied.
• The handshake to establish connections just became more
secure.*
Question 10: What is Wi-Fi?
Choose one:

• Fiber that makes wireless technology possible

• An Ethernet network protocol
• Quality audio technology
• Technology for wireless radio local area networks*

Question 11: What weakness of Wired Equivalent Privacy (WEP) made it

inadequate for securing Wi-Fi communications?
Choose one:
 • The RC4 encryption algorithm was easily defeated.*
• Did not impose complex passwords.
• It was susceptible to man-in-middle attacks.
• It did not support digital signatures.

WEB filter

Question 1: Which three Fortinet products have built-in web filters? (Choose
three.)

• FortiClient
• FortiAP
• FortiSIEM
• FortiGate
• FortiSandbox
Question 2: Web filters can provide a safe browsing experience by blocking
which three threats? (Choose three.)

• DHCP requests
• spyware
• virus
• advertising
Question 3: What are two things a web filter does? (Choose two.)

• Block certain words or phrases based on user preference.

• Make decisions based on rules established by the company.
• Monitors Internet traffic to ensure that users do not exceed their online
quota.
• Examines incoming web pages to determine if any content should
be blocked.
Question 4: Web filters use rules to determine which websites are blocked.
Who or what sets the rules?

• Device manufacturers
• The company or person who installs the application.
• Governments
• law enforcement
Question 5: What method do web filters typically use to block websites?

• They examine email links to make sure the URLs have not been
spoofed.
• They return search results only from authorized websites.

• They inspect web pages in a secure container for viruses.

• They query a database of URLs for websites and domains that are
known to be harmful.
Question 6: What are two reasons why our clients need web filters? (Choose
two.)
 • To allow users to customize the content they want
• To prevent users from accessing objectionable content
• To comply with regulatory policies such as GDPR
• To prevent users from accessing websites that contain malware
Question 7: What task can other types of web filters perform?

Choose one:

• Content Categorization
• Searching content
• Test files in Virtual machines segregated
• Facilitate the performance of network traffic
Question 8: How have web filters improved computer security?

Choose one:

• They tested all the URLs on segregated virtual machines to see what
they would do.
• They blocked adware, spam, viruses and spyware.
• They prevented denial of service attacks.
• They blocked lewd websites.
Question 9: Why did some people oppose web filters?

Choose one:

• They lacked role-based filter settings.

• They censored the information.
• They deny listing certain sites.
• They interfered with email traffic.
Question 10: Which attribute best describes how early web filters worked?

Choose one:

• Web filters use big data benchmarking.

• Heuristics for using web filters.
• Web filters are rule-based.
• Web filters are role-based.*
Question 11: What two reasons gave rise to web filters? (Choose two.)

Select one or more:

• Web filters promote education.

• Web filters reduce network traffic.
• Web filters improve security.
• Web filters stop objectionable content.
Question 12: Which two actions describe how web filters work? (Choose two.)

Select one or more:

 • Web filters filter sites by keywords and predefined content.
• Web filters query URL deny lists and allow lists.
• Web filters query a database of threat actors.
• Web filters apply heuristic analysis.

WAF:

Question 1: When considering web application firewalls, what two factors

make a signature-based defense approach obsolete? (Choose two.)

• Signature-based detection is too slow to identify threats.

• Signature-based detection is not effective against zero-day
vulnerabilities.
• Signature-based detection, when used alone, can generate many
false positives.
• Signatures cannot stop SQL injection attacks.
Question 2: What was the predecessor of a web application firewall?

• Antivirus software
• Application firewall
• web firewall
• internet filter
Question 3: What do web application firewalls do that traditional perimeter
firewalls don't?

• Block port numbers

• Block protocols
• Block MAC addresses
• Block SQL injection attacks
Question 4: What does a web application firewall do?
• Allows applications to access online content.
• Prevents applications from accessing the web at certain times of the
day.
• Monitors and blocks malicious HTTP/HTTPS traffic to and from a
web application.
• Provides a means for businesses to control which web applications
their users access.
Question 5: Which statement about FortiGuard Labs' integration with FortiWeb
is true?

• FortiGuard Labs must first integrate with FortiGate, before integrating

with FortiWeb.
• FortiGuard Labs is an optional feature that provides no benefit to
FortiWeb.
• FortiGuard Labs provides vital updates to FortiWeb on new
threats.
• FortiGuard Labs provides machine learning capabilities to FortiWeb.
Question 6: In what two ways does machine learning help make modern web
application firewalls more effective? (Choose two.)

• It allows them to return search results faster than traditional filtering

methods.
• It allows them to adapt to the ever-changing attributes of threats.
• It allows them to choose the most appropriate web application for a
given task.
• It allows them to perform behavioral analysis at machine speed.
Question 7: What two products can be integrated with FortiWeb? (Choose two.)

• FortiPhone
• FortiConnect
• FortiGate
• FortiFax
• FortiSandbox
Question 8: What action can a modern WAF perform?

Choose one:

• Stop any user action if it exceeds your network permissions

• Inspect the network and calculate a value to represent the security
posture
• Segment the network based on device type and user role
• Connect all tools in the security stack into defined workflows
Question 9: What three features are characteristic of the next-generation WAF?
(Choose two.)

Select one or more:

• UPE
• DDoS defense
• DLP
• Network segmentation
• IP reputation
Question 10: What protocol traffic does a web application firewall (WAF)
monitor?

Choose one:

• HTTP
• CLNP
• IP
• TCP
Question 11: What new feature characterized the second generation WAFs?

Choose one:
 • Packet analysis
• Machine learning without human supervision
• Port and protocol blocking
• Heuristics

SIEM:

Question 1: How did SIEM evolve?

• Only as an information platform

• From an information platform to a threat intelligence center
• From an information platform to a fully integrated and automated
center for network operations and security
• Only as a threat intelligence center
Question 2: What are the three standards and regulatory laws that businesses,
hospitals and other organizations must comply with? (Choose three.)

• HIPAA
• PCI
• SPML
• XSLT
• GDPR

Question 3: What three problems does SIEM solve? (Choose three.)

• The complexity of the technology and the difficulty of identifying

attacks
• The lack of implementation of authentication methods.
• Lack of security awareness on the part of employees.
• The long delay in security teams discovering security breaches
• More sophisticated and stealthy cyberattacks
Question 4: What two requirements led to the development of SIEM? (Choose
two.)

• To perform a vulnerability scan

• To measure and test compliance with various legislations.
• To deal with the avalanche of alerts issued from IPS and IDS
• To simulate phishing attacks
Question 5: What does the term SIEM mean?

• Security information and email management

• Information Security and Electronic Messaging
• Information Security and Emergency Management
• Security information and event manager
Question 6: What three tasks must technology perform to satisfy network
security compliance requirements? (Choose three.)

• Monitor, correlate and report events in real time

 • Aggregated logs from many network sources
• Prevent employees from accessing the Internet
• Store log data for a period of time that satisfies audit requirements
• Allow public access to aggregated records
Question 7: What does SIEM mainly do?

Choose one:

• Collect, normalize and store alerts and log events

• Connect all security tools into defined workflows
• Manage network events and alerts /
• Manage network information and alerts/
Question 8: What was the impetus for more automation and machine learning
in later SIEM devices?

Choose one:

• Requirement to manage Big Data

• Shortage of trained personnel
• Need to improve MIS efficiency
• Demand to reduce MIS costs
Question 9: What two requirements were the motivation for SIEM? (Choose
two.)

Select one or more:

• Complying with regulations*

• Exploitation of big data
• Remain competitive
• Increasing number of alerts*
Question 10: Which feature is a feature of downstream SIEMs?

Choose one:

• Automatic backups and integrity verification

• Collect, normalize and store log events and alerts/
• User and Entity Behavior Analysis (UEBA)
• Decrypt encrypted data streams
Question 11: What compliance, if ignored by businesses, hospitals and other
organizations, can result in punitive fines?

Choose one:

• Complying with regulations

• Comply with user and entity behavior analysis (UEBA)
• Comply with machine learning controls
• Comply with automatic backups and integrity checks
Question 12: What was the main driver behind purchasing SIEM?

Choose one:

• Collect information about customers.

• Comply with regulations
• Improve MIS efficiency
• Compensating for labor shortages with skills gap Question 13: What is
one method that SIEM uses to analyze data?

Choose one:

• Decrypt encrypted logs and alerts

• Apply security controls
• Decrypt encrypted data streams
• Be on the lookout for known indicators of compromise (IoC)

Question 14: Which feature provides SIEM with greater visibility into the entire
network?

Choose one:

• Complying with regulations

• IoT and BYOD log sharing
• Decrypt encrypted logs and alerts
• Analyzing logs and alerts from a single pane of glass Question 15:
What issue was a barrier to general acceptance of the first-generation SIEM?

Choose one:

• The purchase cost was prohibitive/

• A high level of skill was required
• The point solution approach to network security
• It did not have the features organizations needed Question 16: Which
three compliance regulations are legislative and industry-sponsored? (Choose
three.)

Select one or more:

• Payment Industry Card (PIC)/Standard

• Health Portability Insurance and Accountability Act (HPIAA)/
• Payment Card Industry (PCI) Standard
• General Data Protection Regulation (GDPR)
• Health Insurance Portability and Accountability Act (HIPAA)
Question 17: What is one method that SIEM uses to analyze data?

Choose one:
 • Decrypt encrypted/data streams
• Apply security controls
• Decrypt encrypted logs and alerts
• Be on the lookout for known indicators of compromise (IoC)
Question 18: What was your primary reason for purchasing SIEM?

Choose one:

• Compensate for labor shortages with skills gaps

• Comply with regulations
• Improve MIS efficiency
• Collect information about customers.
Question 19: What is a method that SIEM uses to analyze data?

Choose one:

• Decrypt encrypted logs and alerts

• Apply security controls/
• Decrypt encrypted data streams
• Be on the lookout for known indicators of compromise (IoC)

Secure Email Gateway Questionnaire Answers

Question 1: What are spam filters?

• Filters that send automatic responses to the sender

• Filters that scan the network for the presence of malware
• A network component that strengthens the authentication method.
• Filters that identify specific words or patterns in email messages
to validate the content of those messages
Question 2: What are two features of FortiMail? (Choose two.)

• FortiMail is a next generation firewall (NGFW).

• FortiMail is a secure email gateway (SEG).
• FortiMail is a sandboxing solution.
• FortiMail integrates with firewalls and sandboxing solutions.
Question 3: What are the three benefits of FortiMail? (Choose three.)

• FortiMail identifies spam and phishing emails.

• FortiMail filters outbound traffic to protect valuable data.
• FortiMail integrates with FortiSandbox to identify advanced
threats.
• FortiMail provides caching and streaming video splitting.
Question 4: What is phishing?

• The process of installing a fake firewall instance on the network

• The network vulnerability scanning process
• The practice of changing user credentials
 • The practice of tricking unsuspecting people into revealing
confidential information or handing over money
Question 5: For two reasons do you need to implement the Sender Policy
Framework (SPF)? (Choose two.)

• SPF scans only network traffic and became a standard in 2014.

• SPF can stop unknown threats; firewalls can't.
• SPF is an email authentication method that detects fake sender
addresses and emails.
• SPF secures the network by strengthening the authentication
method. Question 6: What feature can be added to the secure email gateway?

• Data leak prevention (DLP)

• Distributed Leak Prevention (DLP)
• Data Layer Protection (DLP)
• Data Warehouse Processing (DSP) Question 7: What are two
benefits of FortiMail integration? (Choose two.)

• FortiMail can integrate with segmentation firewalls.

• FortiMail does not need to be managed centrally.
• FortiMail does not need to be continually updated.
• FortiMail can integrate with edge firewalls.
Question 8: What technique used by a threat actor is known as spam?

Choose one:

• Weaponized emails claiming to come from a legitimate sender

Irrelevant or inappropriate messages sent over the Internet to a
• large number of recipients
Fraudulent messages targeting a specific role or person within an
organization
• An attacker observes the websites a target group visits and directs
them to an infected website.
Question 9: What two methods do threat actors use to compromise your device when
running phishing campaigns? (Choose two.)

Select one or more:

• An infected USB flash drive

• A file attached to an email
• click bait
• A hyperlink embedded within an email Question 10: What technique
used by threat actors is known as phishing?

Choose one:
 • An attacker observes the websites a target group visits and directs
them to an infected website.
• A fraudulent practice of sending emails purporting to be
reputable to steal information. Fraudulent messages targeting a
specific role or person within an organization
•• Irrelevant or inappropriate messages sent over the Internet to a large
number of recipients
Question 11: Which option identifies the phishing trend?

Choose one:

•Plateau
•Erratic
•Declining
•Growing
Question 12: What challenge caused Secure Email Gateway (SEG) to embrace
automation and machine learning?

Choose one:

•Attack volume
•Delay in the implementation of the sender's policy framework
•Clickbait success
•Data loss
Question 13: What method did the first spam filter use to stop spam?

Choose one:

• Unusual behavior detected

• Illegitimate email addresses detected
• Specific words or patterns identified
• Emails tested in a sandbox environment
Question 14: In addition to a spam filter, what two technologies are typically
part of the secure email gateway (SEG)? (Choose two.)

Select one or more:

• Email emulator
• Antivirus scanner
• Sandbox
• firewall

Sandbox:

Question 1: What two problems were network security experiencing before the
introduction of a sandboxed solution? (Choose two.)
 • Network security was unable to handle a coordinated attack using
different methods and threat vectors.

• AVs were not introduced into network security.

• The security devices were not communicating with other security
devices on the network.
• Firewalls were non-existent.
Question 2: For two reasons the sandbox solution was added to network
security? (Choose two.)

• Firewalls were sufficient, but better risk management was needed.

• Firewalls and antiviruses could do nothing against the unknown
threats.
• Unknown threats were to be quarantined.
• Antiviruses were able to stop unknown threats, but firewalls were not.
Question 3: How does sandbox solve the problem of aggregating threat
intelligence data?

• By sharing malicious code with all devices on the network

• By sharing valuable threat intelligence with security devices on
your network
• By alerting administrators to threats
• By executing malicious code in multiple isolated environments
Question 4: What are two characteristics of a sandbox? (Choose two.)

• A sandbox only provides completely independent protection of IOT

devices.
• If something unexpected or malicious happens, it only affects the
sandbox.
• A sandbox provides complete network security.
• A sandbox limits code actions to the sandbox device and, in
isolation, to the rest of the network.
Question 5: What two business problems is FortiSandbox trying to solve?
(Choose two.)

• No or inadequate firewall protection

• Insufficient network performance tuning
• Businesses Choosing Performance Over Security
• The potential to exploit operating system or application
weaknesses with malicious code
Question 6: What is the purpose of the sandbox?

• To stop all BYOD network traffic

• To flag and pass the known exploit to the endpoint to handle
• To observe unknown code activity in a quarantined environment
• To run vulnerability scans on all network endpoints

Question 7: What is a zero-day attack?

 • Exploitation of a vulnerability scanner
• Vulnerability scanning from day zero
• Exploit only zero-day configured firewalls.
• Exploit an unknown deficiency in the code.
What new development in malware made sandbox technology automate and
introduce AI learning?
Choose one:

• AI-powered attacks*
• Troy Horse
• Data ransom
• polymorphic viruses
What feature of early networks made it difficult to aggregate threat
intelligence?
Choose one:

• Hybrid cloud environments

• virtualization
• Segmentation
• point solutions
What flaw characterized early sandbox technology?
Choose one:

• Zero-day attacks could not be stopped/

• Error when categorizing malware/
• Lack of integration with other security devices.
• Slow network traffic
Within the context of computer security, what is a sandbox? Choose one:

• An isolated virtual environment to test suspicious files and

hyperlinks*
• A process used to identify, describe and categorize malware.
• A cloud service used to collect and share threat information
• A segment of the network reserved for testing unknown programs
What feature characterizes third generation sandbox technology? Choose one:

• Scanning encrypted data streams

• Streamline manual testing
• Automation and artificial intelligence
• Faster network speeds
What was a benefit of second generation sandbox technology? Choose one:

• Scanning encrypted data streams

• Automation and artificial intelligence (AI)
• Faster network speeds
• Timely Threat Intelligence Sharing

Threat intelligence services:

Question 1: Which statement about cyber attacks is true?

• It is important that people become more aware and informed about any
attacks.
• Sharing intelligence between security vendors is the best way to
combat threats.
• There is no secrecy within security providers and all information is
shared.
• As bad actors continue to evolve, it is important to invest in expensive
security products.
• Security products and threat intelligence services that can act
together in real time have the best chance of stopping these
attacks.
Question 2: What are the three functions of sandboxing? (Choose three.)

• Sandboxing quarantines suspicious files and immediately marks them

as malware.
• Depending on the configuration, the sandbox owner can
propagate this new knowledge throughout their network security
environment.
• After a while, if nothing malicious is detected in the quarantined files,
the sandbox declares them safe and releases them from quarantine.
• Sandboxing products take a suspicious file and place it in an
environment where its behaviors can be closely analyzed.
• Sandboxes can send the details to the vendor's threat intelligence
service so that the details can be shared around the world.
Question 3: In the early days of threat intelligence, what three time frames were
vendor updates released? (Choose three.)

• Once a year
• Weekly
• Monthly
• Twice a year
• Quarterly

Question 4: What happens when each known malware file is represented by a

one-to-one signature approach?

• It doesn't scale well, because the number of malware files

increases by millions or more every day.
• Malware count increases daily, however, it can be detected early using
a one-to-one signature approach.
• There are more vendor organizations that can keep up with the growing
number of malware files.
• Malware-as-a-service organizations provide DIY malware kits as a
solution.
• Malware variations are easily detected thanks to the affordability of
malware kits.
• Delete my choice
Question 5: What happened when the malware became more sophisticated and
was able to change the contents of its own file?

• Less sophisticated malware could still evade classic signature-based

scanning.
• One new type of malware was detected per year, resulting in the
growth of the malware family.
• The malware signatures did not change and it was unable to sneak
past older antivirus products.
• A single type of malware did not multiply and no bad behavior was
detected.
• A single type of malware turned into an entire malware family,
consisting of perhaps thousands of different files, but each file performed the
same bad behaviors. Question 6: Threat intelligence catalogs data about
existing or emerging attacks, including specific attack mechanisms and
evidence that the attack has occurred.

• How is this data also known?

• sandboxing
• Intelligence catalogs
• Artificial intelligence
• Commitment indicators
• Machine learning
Question 7: What behavior does a sandbox look for when searching for
malware? Choose one:

• He behaved abnormally*
• Exploited a known software weakness
• Checksum failed
• Matching signatures
Question 8: Which statement best describes an indicator of compromise (IoC)?
Choose one:
• A list of network devices that are known to be compromised
• Sources of potential threat actors and their sponsors.
• Evidence that a cyber attack has occurred or is in progress*
• Valuable information about computer systems and the network.
Question 9: Which two organizations are examples of a threat intelligence
service that serves the broader security community? (Choose two.)
Select one or more:

• NIST
• Malware as a service
• Alliance against cyber threats*
• FortiGuard Laboratories*
Question 10: How is the sandbox detection method known? Choose one:

• Heuristic detection
• Detection checksum
• Detection signature based
• Detection rule based
Question 11: Which method best defeats unknown malware? Choose one:
 • Anticipated malware detection
• Web filtering
• Sandbox*
• Signature-based detection
Question 12: Which statement best describes polymorphic malware? Choose
one:

• Polymorphic malware is malware that exploits an unknown security

weakness in an application or operating system
• Polymorphic malware is unsophisticated malware that can evade
signature-based analysis.
• Polymorphic malware is a family of malware with thousands of
variants but that behaves in the same way.*
• Polymorphic malware is malware that remains unique and unalterable.

EndPoint:

Question 1: What type of malware seriously reduced the effectiveness of

signature-based antivirus?

• advertising
• file based
• Polymorphic
• Social engineering

Question 2: Which attribute describes older antivirus software?

• Detection and response

• Signature based
• Polymorphic
• Machine learning
Question 3: What was the culmination of the development of endpoint
security?

• Artificial intelligence replaced EDR and EPP technologies

• EPP remained but EDR technology fell out of favor
• Web filtering technology replaced EPP
• EDR and EPP technologies merged
Question 4: Identify two problems that are solved by having a single security
agent on the endpoints. (Choose two.)

• Lack of integration between endpoint security products

• Lack of visibility into how many endpoints have not applied the latest
security patches
• Multiple management consoles add complexity
• Some users visit dangerous websites
Question 5: What service is used as part of Endpoint Detection and Response
(EDR)?
 • Web filtering
• Antivirus (AV)
• Forensic investigation tool
• Device control
Question 6: Which description best identifies file-based malware?

• Exploits security loopholes and spreads only in device memory

• The use of deception to manipulate people into disclosing confidential
information.
• A large number of irrelevant or inappropriate messages sent over the
Internet.
• A downloaded file, which when opened, executes malicious code
or script
Question 7: What two prevention-focused attributes are found in most
contemporary endpoint security solutions? (Choose two.)

• Remediation
• Machine Learning (ML)
• forensic Medicine
• virtual patches
Question 8: What three prevention-focused services are found in the Endpoint
Protection Platform (EPP)? (Choose three.)

• Antivirus (AV)
• forensic Medicine
• Remediation tools
• Data protection through encryption
• Web filtering
Question 9: Why do threat actors target endpoints on a network?

• Endpoints have a higher monetary value than other assets, such as a

database.
• Compromising endpoints offers a greater challenge.
• They are an easy entry point to a network.
• Antivirus software on terminals is inferior to that on servers. Question
10: What two types of devices are considered terminals, according to the
lesson description? (Choose two.)

• databases
• Computing devices used by end users
• Internet of Things (IoT)
• Servers

ZTNA
What three examples qualify as remote work? (Choose three.)
• A CEO using VPN to securely connect to the network from home.
• An IT manager gets stuck using email while waiting for a flight.
• A guest auditor working from the data center.
 • A member who is granted temporary access to the network while
visiting the
main office.
• A human resources specialist who works from a branch office.

Which three methods are common implementations of secure remote access?

(Choose three.)
• PKI
• SSL VPN
• IPsec VPN
• ZTNA
• SAML
Which statement best describes the zero trust approach that is the basis of
ZTNA's design?
• Remote devices and users cannot be trusted.
• No device or user can be trusted on or off the network.
• IoT and BYOD devices must be authenticated before they can be
trusted.
• Once devices are authenticated, they are always trusted.

What two traits are unique to ZTNA? (Choose two.)

• Tunnel type is session-based only
• Ensure site-to-site communication
• Provides privacy through encryption.
• Requires device and user identity validation

What feature or principle differentiates ZTNA from VPN?

• Reliable connection
• Authentication
• End-to-end privacy
• Zero trust