A SOC analyst is investigating an alert from Cortex XDR that suggests a fileless malware attack on a critical server. The initial investigation reveals a suspicious PowerShell process that was spawned by a legitimate application. Which Zero Trust principle is most directly challenged by this type of attack?
A manufacturing company is implementing network security for its Operational Technology (OT) environment. The primary concern is preventing malware from spreading from the corporate IT network to the sensitive industrial control systems (ICS). Which network security technology is specifically designed to control traffic flow and enforce granular policies between different network segments like IT and OT?
A cloud security architect is designing a security strategy for a multi-cloud environment. The organization uses a mix of IaaS, PaaS, and SaaS services. A primary requirement is to gain consistent visibility into misconfigurations and compliance violations across all cloud providers. Which technology is best suited for this purpose?
A security team is implementing Cortex XDR. They want to proactively search for signs of compromise that might not have triggered a formal alert, based on hypotheses about attacker techniques. What is this security practice called?
An organization is looking to replace its legacy anti-malware solution, which frequently fails to detect polymorphic malware and zero-day threats. Which two endpoint security capabilities are essential for addressing this limitation? (Select TWO)
A retail company is adopting a SASE architecture to secure its distributed workforce and branch offices. A key business requirement is to prevent the exfiltration of sensitive customer data, such as credit card numbers, from both corporate-managed devices and SaaS applications. Which SASE component is specifically designed to address this requirement?
True or False: The primary function of a Cloud Native Application Protection Platform (CNAPP) is to replace the need for a Security Information and Event Management (SIEM) system.
A security operations team is overwhelmed with the volume of alerts from various security tools. They want to implement a solution that can automate the initial triage and response actions for common, low-risk alerts by following predefined workflows. Which technology is best suited for this purpose?
During a security audit, an administrator discovers several unauthorized IoT devices (e.g., smart speakers, IP cameras) connected to the corporate wireless network. What is the most significant risk associated with these unmanaged devices?
A financial services company is using Prisma Access to provide secure remote access for its employees. To comply with regulations, the company must prevent employees from uploading sensitive financial documents to personal cloud storage accounts. Which two Palo Alto Networks Cloud-Delivered Security Services (CDSS) should be enabled and configured on the NGFW to enforce this policy? (Select TWO)