Palo Alto PCCET Exam Dumps & Practice Test Questions
Question 1:
Which of the following protocols operates at the Application Layer (Layer 7) of the OSI model within the TCP/IP protocol suite?
A. UDP
B. MAC
C. SNMP
D. NFS
Answer: C
Explanation:
In the OSI model, the Application Layer (Layer 7) is responsible for enabling communication between software applications and providing services for application processes. This layer directly interacts with end-user applications and provides services such as file transfer, email, and remote login. Within the TCP/IP protocol suite, various protocols operate at the Application Layer to facilitate specific types of communication.
Breakdown of the Protocols:
A. UDP (User Datagram Protocol):
Incorrect. UDP operates at the Transport Layer (Layer 4) of the OSI model.
It is a connectionless protocol, meaning it doesn't establish a connection before sending data, and it doesn't guarantee delivery or ordering of packets.
UDP is used for applications where speed is more critical than reliability, such as video streaming, gaming, and VoIP.
B. MAC (Media Access Control):
Incorrect. The MAC protocol operates at the Data Link Layer (Layer 2), not the Application Layer.
It defines how devices on a network gain access to the shared medium (like Ethernet or Wi-Fi) and is responsible for framing data for transmission over physical media.
MAC addresses are used to identify devices on a local network.
C. SNMP (Simple Network Management Protocol):
Correct. SNMP operates at the Application Layer (Layer 7) of the OSI model.
It is used for managing devices on a network, such as routers, switches, printers, and servers.
SNMP allows network administrators to monitor and control networked devices, as well as collect performance data.
It works by exchanging management information between network devices and a central monitoring system.
D. NFS (Network File System):
Incorrect. NFS operates at the Application Layer (Layer 7) as well. While this seems like it might be the correct answer, SNMP is the more directly relevant answer for monitoring and managing network devices.
NFS allows file systems to be shared across a network, enabling devices to access files remotely as though they were on a local disk.
Explanation of the Application Layer:
The Application Layer is the topmost layer of the OSI model. It is closest to the end user and facilitates communication between different applications over a network. Protocols at this layer provide services such as:
File transfer (e.g., FTP)
Email (e.g., SMTP)
Web browsing (e.g., HTTP)
Remote access (e.g., SSH)
Network management (e.g., SNMP)
SNMP is specifically designed for network management and is commonly used for monitoring and configuring network devices such as switches, routers, and servers. This protocol allows administrators to query devices for status information, modify configurations, and troubleshoot issues remotely.
SNMP (Simple Network Management Protocol) is the correct answer because it operates at the Application Layer (Layer 7), which is responsible for managing communication between applications over a network.
The other options, UDP, MAC, and NFS, operate at different layers of the OSI model, and therefore do not fit the description of protocols that operate at Layer 7.
Therefore, the correct answer is C.
Question 2:
In a data breach at Anthem, where sensitive Personally Identifiable Information (PII) was exposed, what type of vulnerability was responsible for the breach?
A. A contractor’s system accessed through the intranet
B. An unpatched security vulnerability was exploited
C. Unauthorized access using a third-party vendor's password
D. A phishing attack that obtained a database administrator's password
Answer: B
Explanation:
The Anthem data breach, which took place in 2015, was a significant cybersecurity incident where hackers gained unauthorized access to the personal data of nearly 79 million individuals, including names, birthdates, Social Security numbers, and other sensitive Personally Identifiable Information (PII). This breach has been one of the largest data breaches involving health insurance companies in the U.S. at the time. Understanding the type of vulnerability responsible for the breach is crucial to preventing similar incidents.
The Anthem Data Breach and the Vulnerability:
After an investigation, it was revealed that the breach occurred due to an unpatched security vulnerability that was exploited by attackers. Here’s how the breach unfolded:
Exploitation of Unpatched Software Vulnerabilities:
The attackers gained access to Anthem’s network by exploiting an unpatched vulnerability in the software that was used within the organization.
This vulnerability was not addressed in time, allowing attackers to access the system and extract a massive amount of sensitive data.
The lack of proper patch management and updates allowed the attackers to exploit known weaknesses in the system.
No evidence of insider involvement:
Contrary to what some might think, the breach was not caused by insider threats such as unauthorized access by contractors or employees.
While contractors may have been part of the environment, the primary cause was not related to accessing systems through intranet connections or employee credentials.
No phishing attack or stolen passwords:
There was no clear evidence that the breach was a result of phishing attacks leading to the theft of administrator passwords. The attack seems to have exploited a system vulnerability rather than gaining credentials through social engineering.
While phishing is a common method used in many data breaches, it was not the direct cause of the Anthem breach.
Evaluating the Options:
A. A contractor’s system accessed through the intranet
Incorrect. While third-party contractors may have access to the network, the breach was not due to access via the intranet. The vulnerability was related to unpatched software, not contractor systems.
B. An unpatched security vulnerability was exploited
Correct. The breach occurred because attackers exploited an unpatched security vulnerability within Anthem's network. This allowed them to access and exfiltrate sensitive data, affecting millions of people.
C. Unauthorized access using a third-party vendor's password
Incorrect. Although third-party vendors may have access to certain parts of a network, the breach was not directly caused by the use of a third-party password. The attackers exploited a system vulnerability, not credentials.
D. A phishing attack that obtained a database administrator's password
Incorrect. While phishing attacks are common in data breaches, this was not the cause of the Anthem breach. The attackers did not gain access via a phishing attack leading to the theft of an administrator's password.
Key Takeaways:
The Anthem breach is a significant reminder of the importance of patch management. Unpatched software vulnerabilities continue to be a major vector for cyberattacks, making it essential for organizations to keep systems up to date with security patches and updates to reduce the risk of similar breaches.
The correct answer is B, as the breach was caused by an unpatched security vulnerability that was exploited by attackers to access sensitive PII data.
Question 3:
Which metric does the Routing Information Protocol (RIP) use to determine the most efficient route for traffic?
A. Shortest Path
B. Hop Count
C. Split Horizon
D. Path Vector
Answer: B
Explanation:
The Routing Information Protocol (RIP) is one of the oldest and most widely used distance-vector routing protocols. It uses a hop count metric to determine the best path for routing traffic within an autonomous system (AS). The number of hops represents the number of routers a packet must pass through to reach its destination. A hop is defined as one router or hop in the network path.
How RIP Works with Hop Count:
RIP uses a simple hop count as its routing metric, where each hop between routers in the path is assigned a value of 1. The path with the fewest hops is considered the best and chosen as the destination route.
Maximum hop count: RIP has a maximum hop count of 15. Any destination with a hop count greater than 15 is considered unreachable, which limits the size of the network that RIP can effectively route.
Routing decisions: RIP routers periodically exchange routing tables with their neighbors. These tables contain a list of routes and the number of hops required to reach each destination. RIP chooses the route with the lowest hop count to reach a given destination.
Limitations of hop count: While RIP is simple to configure, the use of hop count as the sole metric makes it unsuitable for larger networks, as it doesn't account for factors like bandwidth, delay, or network load, which could impact the quality of the route.
Evaluating the Options:
A. Shortest Path
Incorrect. While RIP does aim to find the shortest path, it does so in terms of hop count, not in terms of the actual network cost, which would include factors like bandwidth or latency. The shortest path could be interpreted in various ways, but RIP strictly uses hop count as the metric.
B. Hop Count
Correct. RIP uses hop count as its metric to determine the most efficient route. The lower the hop count, the better the route, as long as the hop count does not exceed the maximum value of 15 hops.
C. Split Horizon
Incorrect. Split horizon is a technique used in RIP to prevent routing loops. It dictates that a router will not advertise a route back to the router from which it learned it. However, it is not a metric for determining the best route, but rather a method to prevent errors and loops in the routing process.
D. Path Vector
Incorrect. A path vector is used by routing protocols like BGP (Border Gateway Protocol), not RIP. BGP uses path vectors to represent the full path of routing information across the network, incorporating policies and attributes beyond just hop count.
RIP's choice of hop count as a metric is both its strength (due to simplicity) and its limitation (as it does not consider factors like bandwidth or network latency). The correct answer is B because RIP directly uses hop count to determine the best route for traffic.
The correct answer is B.
Question 4:
Why is securing East-West traffic crucial in a private cloud environment?
A. All network traffic is potential threat material, so it’s important to protect the entire network
B. East-West traffic often includes session-based data
C. East-West traffic carries a higher likelihood of containing malicious threats
D. East-West traffic primarily uses IPv6, which is less secure than IPv4
Answer: C
Explanation:
In a private cloud environment, East-West traffic refers to the data transmitted between devices or systems within the same data center or cloud environment. This type of traffic typically occurs between servers, applications, or services and plays a vital role in the internal workings of an organization’s infrastructure.
While North-South traffic refers to traffic that flows in and out of the data center (usually from external clients or users), East-West traffic occurs internally within the network. Securing this type of traffic is increasingly important, as it can be an attack vector for malicious actors once they gain access to the network. Here’s why securing East-West traffic is crucial:
Why Securing East-West Traffic is Important:
Internal Threats and Lateral Movement:
Once an attacker gains access to an internal system, they often attempt to move laterally across the network, seeking out valuable assets. East-West traffic can carry a higher risk of being targeted by attackers because it moves within the data center and can easily be leveraged for lateral movement if not properly secured. This is especially dangerous because internal systems are typically trusted and may lack the same level of scrutiny as external-facing systems.Malicious Activity Across Internal Systems:
East-West traffic may involve sensitive operations, such as database queries, file transfers, or authentication data. If malicious actors are able to intercept or manipulate this traffic, it can compromise a variety of systems and data that could be far more valuable than external-facing applications. This is why encrypting and monitoring East-West traffic is critical to prevent such threats from spreading.Session-based Data:
Some of the most sensitive types of data flowing through East-West traffic include session data. For example, the traffic between internal systems during user authentication, or data exchanges between microservices, could reveal sensitive details about the state of an ongoing session or service interaction. This makes the traffic a potential target for attacks like session hijacking or data exfiltration.
Evaluating the Options:
A. All network traffic is potential threat material, so it’s important to protect the entire network
Incorrect. While it's true that all traffic can be vulnerable, this answer is too general and doesn't directly address the specific risks associated with East-West traffic. Securing internal traffic is vital, but there are specific reasons why East-West traffic poses a unique threat, such as lateral movement within the network.
B. East-West traffic often includes session-based data
Partially correct. While session-based data could be part of East-West traffic, this is not the primary reason East-West traffic must be secured. The main concern is that East-West traffic is more likely to be exploited by attackers already inside the network, as they attempt to move laterally and target critical internal resources.
C. East-West traffic carries a higher likelihood of containing malicious threats
Correct. Once an attacker gains access to an internal system, they are most likely to exploit East-West traffic to spread malicious activity across the network. This lateral movement can lead to the compromise of other internal systems and sensitive data. Since East-West traffic often carries vital operational data within the data center, it’s essential to secure it to prevent malicious actors from exploiting it.
D. East-West traffic primarily uses IPv6, which is less secure than IPv4
Incorrect. While IPv6 introduces unique challenges, it is not a fundamental reason why East-West traffic needs securing. The security concern lies more in the internal threats and the potential for lateral movement within the network, not necessarily the use of IPv6 or IPv4.
Key Takeaways:
Securing East-West traffic is particularly crucial because it is a key vector for lateral movement by attackers who have already infiltrated the network. This traffic often involves sensitive data or operations between internal systems, making it a prime target for exploitation. Without proper security controls (such as segmentation, monitoring, and encryption), attackers can move freely within the network, potentially compromising valuable assets
The correct answer is C, as East-West traffic poses a higher likelihood of carrying malicious threats due to lateral movement within the internal network.
Question 5:
Which feature of IPsec enables direct internet access from a device, bypassing the VPN tunnel?
A. Split tunneling
B. Diffie-Hellman groups
C. Authentication Header (AH)
D. IKE Security Association
Answer: A
Explanation:
IPsec (Internet Protocol Security) is a suite of protocols used to secure internet protocol (IP) communications by authenticating and encrypting each IP packet within a communication session. One important feature that allows users to configure how traffic is routed through a VPN tunnel is split tunneling. Here's why split tunneling is the correct answer:
What is Split Tunneling?
Split tunneling refers to the ability to configure a VPN such that only certain traffic is sent through the secure VPN tunnel, while other traffic is routed directly to the internet, bypassing the VPN tunnel. This allows devices or users to access both secure network resources (through the VPN) and public internet resources (directly) simultaneously. For instance, if you are connected to a corporate VPN but want to access public websites without routing that traffic through the corporate network, split tunneling allows you to do so.
Example Use Case: A user connected to a corporate VPN can access internal company resources (like file servers or intranet) through the tunnel, while using their regular internet connection for browsing the web or accessing cloud services, without the web traffic being routed through the VPN.
Evaluating the Options:
A. Split Tunneling
Correct. Split tunneling is the feature that allows a device to have direct internet access, bypassing the VPN tunnel for specific types of traffic. It gives flexibility to users by allowing them to route internet-bound traffic directly, while still keeping their private network traffic secure through the VPN.
B. Diffie-Hellman groups
Incorrect. Diffie-Hellman is a cryptographic algorithm used to securely exchange keys between two parties over an insecure channel. It is part of the key exchange process in IPsec but does not enable bypassing the VPN tunnel or allow direct internet access. Diffie-Hellman helps establish secure communication but is not related to traffic routing or split tunneling.
C. Authentication Header (AH)
Incorrect. AH is part of the IPsec protocol suite that provides packet-level authentication but does not encrypt data. AH ensures that the data has not been tampered with during transmission but does not deal with routing decisions or bypassing the VPN tunnel. It is focused on ensuring integrity and authenticity, not traffic routing.
D. IKE Security Association
Incorrect. The IKE (Internet Key Exchange) Security Association (SA) is part of the process of establishing and maintaining secure communication between two IPsec peers. While it is necessary to establish the VPN tunnel, it does not provide functionality to bypass the VPN tunnel or allow direct internet access. IKE is involved in key exchange and the negotiation of parameters for the VPN connection.
The correct answer is A, split tunneling, as it is the feature in IPsec that enables direct internet access from a device while bypassing the VPN tunnel for certain types of traffic. This gives users the flexibility to access both secure private resources and public internet resources simultaneously without compromising security for the sensitive data being transmitted through the VPN tunnel.
Question 6:
Which category of attackers seeks to recruit individuals to a specific ideology, provide them with training, and spread fear or chaos over the internet?
A. Cybercriminals
B. State-sponsored groups
C. Hacktivists
D. Cyberterrorists
Answer: D
Explanation:
The category of attackers that seeks to recruit individuals to a specific ideology, provide them with training, and spread fear or chaos over the internet are known as cyberterrorists. These individuals or groups engage in cyber activities with the intention of causing fear, chaos, or harm to populations or governments in order to promote or further their ideological, political, or religious beliefs.
Cyberterrorism involves the use of cyber attacks to cause damage or disruption, which can be anything from damaging critical infrastructure to creating public fear or panic. Often, cyberterrorists seek to spread their ideology through targeted attacks and recruitment, using the internet to amplify their influence and reach. The goal is typically to induce widespread fear or to disrupt the functioning of essential systems, which could range from government operations to healthcare or utilities.
Evaluating the Options:
A. Cybercriminals
Incorrect. Cybercriminals are primarily motivated by financial gain. They engage in illegal activities like identity theft, fraud, or data breaches for profit. While they may cause harm, their actions are driven by monetary incentives rather than ideology, training, or political motivations. Cybercriminals don't typically spread fear or chaos with the intention of promoting a specific ideology.
B. State-sponsored groups
Incorrect. While state-sponsored groups can engage in cyber activities for political or military purposes (such as espionage, surveillance, or sabotage), they do not specifically focus on recruiting individuals to an ideology or spreading fear and chaos in the same way cyberterrorists do. State-sponsored groups might target critical infrastructure, but their motivations are often strategic rather than ideological.
C. Hacktivists
Incorrect. Hacktivists are individuals or groups who use hacking to promote political or social causes, often targeting websites or online platforms to protest or raise awareness about certain issues. While their goals may be related to spreading a specific ideology, they typically focus on activism rather than spreading fear or chaos. Hacktivists aim to raise awareness, not necessarily to recruit individuals or engage in destructive actions aimed at causing panic.
D. Cyberterrorists
Correct. Cyberterrorists use the internet and digital tools to promote ideological goals through fear, chaos, and disruption. They may recruit others to their cause, provide training, and engage in activities designed to intimidate, cause harm, or spread fear. Their motives go beyond simple activism and involve using cyber means to terrorize populations or governments, often with a goal of achieving political, religious, or ideological objectives.
The correct answer is D, cyberterrorists, as they specifically aim to recruit individuals to their ideology, train them, and spread fear or chaos through cyber means to advance their goals. They use the internet as a tool to further their agenda, often causing disruptions and instilling fear.
Question 7:
Which two statements describe the characteristics of a Type 1 hypervisor? (Select two)
A. It is designed to be resilient against cyberattacks
B. It operates without any known vulnerabilities
C. It runs as an application within an operating system
D. It supports multiple virtual machines (VMs) running on a single physical server
Answer: A, D
Explanation:
A Type 1 hypervisor, also known as a bare-metal hypervisor, is a virtualization technology that runs directly on the physical hardware (without the need for an underlying operating system). It provides a platform for running multiple virtual machines (VMs), each of which can run its own operating system and applications independently. This type of hypervisor is known for being efficient and secure, as it operates with direct control over the physical hardware.
Let’s evaluate the characteristics of a Type 1 hypervisor based on the provided options:
Correct Statements:
A. It is designed to be resilient against cyberattacks
Correct. Type 1 hypervisors are generally considered more secure than Type 2 hypervisors (which run within an operating system) because they have a smaller attack surface and operate directly on the hardware. These hypervisors typically offer stronger security features, such as isolated VMs and direct access to hardware, making them less vulnerable to certain types of cyberattacks.
D. It supports multiple virtual machines (VMs) running on a single physical server
Correct. A Type 1 hypervisor is specifically designed to support multiple VMs running on a single physical server. This is the fundamental characteristic of any hypervisor — to create and manage virtual machines. A Type 1 hypervisor allocates hardware resources directly to each VM, ensuring efficient resource utilization and management of virtual environments.
Incorrect Statements:
B. It operates without any known vulnerabilities
Incorrect. While Type 1 hypervisors are generally more secure, no software is entirely free from vulnerabilities. Like any technology, Type 1 hypervisors can have security vulnerabilities that may be exploited by attackers. However, they tend to be more resilient than Type 2 hypervisors due to their direct interaction with hardware and minimal dependency on an operating system.
C. It runs as an application within an operating system
Incorrect. A Type 1 hypervisor does not run as an application within an operating system. It runs directly on the physical hardware (bare metal), which distinguishes it from a Type 2 hypervisor, which operates as an application within an existing host operating system. By running directly on the hardware, Type 1 hypervisors can provide better performance, security, and efficiency.
The correct answers are A and D.
A: Type 1 hypervisors are designed to be resilient against cyberattacks due to their direct hardware interface and minimal attack surface.
D: They support multiple VMs running on a single physical server, a fundamental feature of hypervisors in general.
Question 8:
When using a Software-as-a-Service (SaaS) application, which aspect of security is the customer's responsibility?
A. Physical security
B. Platform security
C. Data security
D. Infrastructure security
Answer: C
Explanation:
In a Software-as-a-Service (SaaS) model, the provider hosts and manages the application, infrastructure, and most of the underlying platform security, while the customer is responsible for certain aspects, particularly data-related security. Understanding the shared responsibility model for security in cloud computing is critical to knowing which security aspects the customer is responsible for.
Let's break down the responsibility for each of the security aspects in the SaaS model:
Evaluating the Options:
A. Physical security
Incorrect. In the SaaS model, the provider is responsible for the physical security of the data centers where the infrastructure is hosted. This includes the security of the hardware, the buildings, and the physical access controls. The customer does not have to worry about securing the physical infrastructure.
B. Platform security
Incorrect. The platform security, such as ensuring the underlying operating systems, middleware, and networking layers are secure, is generally the responsibility of the service provider in a SaaS model. The provider handles the security of the environment where the application runs.
C. Data security
Correct. In the SaaS model, data security is primarily the responsibility of the customer. This includes ensuring the confidentiality, integrity, and availability of their data. Customers must implement proper access controls, encryption, and data protection mechanisms to secure their data within the application. For example, the customer might manage user authentication and access permissions, while also ensuring that any sensitive data is encrypted.
D. Infrastructure security
Incorrect. Infrastructure security refers to securing the physical hardware, networking, and server systems that run the SaaS application. This is the responsibility of the service provider, not the customer. The provider takes care of the security of the underlying infrastructure, including network firewalls, server hardening, and ensuring overall resilience.
The correct answer is C, data security, as it is the customer's responsibility to ensure their data within the SaaS application is secure. While the provider manages the infrastructure and platform security, the customer needs to handle aspects such as user access control, encryption, and data privacy.
Question 9:
Which subscription service from Palo Alto Networks combines both static and dynamic analysis to detect unknown malware, zero-day vulnerabilities, and advanced persistent threats (APTs) in a scalable virtual environment?
A. DNS Security
B. URL Filtering
C. WildFire
D. Threat Prevention
Answer: C
Explanation:
The correct answer is C, WildFire, a subscription service from Palo Alto Networks that combines both static and dynamic analysis techniques to detect unknown malware, zero-day vulnerabilities, and advanced persistent threats (APTs) in a scalable virtual environment.
Let's break down why WildFire is the correct choice and explore the other options for context:
WildFire:
WildFire is Palo Alto Networks' advanced threat detection service. It combines static analysis, which looks at the code and structure of files to identify potential threats, with dynamic analysis, where the system executes files in a virtual environment to observe their behavior in real-time. This dual approach allows WildFire to identify unknown malware, zero-day vulnerabilities, and advanced persistent threats (APTs) that may not be detected by traditional signature-based methods.
WildFire is designed to provide scalable threat detection for enterprises, as it can analyze large volumes of files in a cloud-based or virtualized environment and provide real-time updates to prevent malware from affecting the network.
Evaluating the Other Options:
A. DNS Security
Incorrect. DNS Security from Palo Alto Networks focuses on blocking malicious domains and preventing threats like domain name system (DNS) tunneling, phishing attacks, and botnets. While useful for preventing malicious traffic at the DNS level, it doesn't combine static and dynamic analysis for detecting unknown malware or APTs.
B. URL Filtering
Incorrect. URL Filtering is a Palo Alto Networks security feature that helps prevent users from accessing malicious or inappropriate websites. It works by categorizing URLs and applying policies to block access based on pre-defined rules. However, it does not combine static and dynamic analysis for detecting unknown malware or APTs.
D. Threat Prevention
Incorrect. Threat Prevention is a broader category that includes multiple security features aimed at protecting against known threats such as viruses, malware, and spyware. While Threat Prevention can block threats using signatures and other techniques, it does not focus specifically on the static and dynamic analysis of unknown threats in the way WildFire does.
The correct answer is C, WildFire, because it combines both static and dynamic analysis to identify unknown malware, zero-day vulnerabilities, and advanced persistent threats (APTs) in a scalable virtual environment, making it ideal for advanced threat detection.
Question 10:
Which of the following best describes a Distributed Denial of Service (DDoS) attack?
A. An attack that uses a single system to overwhelm a target
B. A method of stealing sensitive data from a target system
C. An attack where multiple systems flood a target with traffic to disrupt service
D. A social engineering tactic that exploits human error to gain unauthorized access
Answer: C
Explanation:
A Distributed Denial of Service (DDoS) attack is a type of cyberattack where multiple systems are used to flood a target with a massive amount of traffic, effectively overwhelming its resources and making the target system or network unavailable to legitimate users. The key characteristic of a DDoS attack is its distributed nature, where the attack is not carried out by a single system but by multiple systems, often spread across various locations. These systems are typically compromised devices, forming what is known as a botnet, which is used to direct traffic towards the target in a coordinated manner.
Let’s break down the answer choices:
Correct Answer:
C. An attack where multiple systems flood a target with traffic to disrupt service
Correct. This is the accurate definition of a DDoS attack. In a DDoS attack, multiple systems (often thousands of compromised devices in a botnet) are used to generate a huge volume of traffic, which overwhelms the target system or network, causing a denial of service. This prevents legitimate users from accessing the targeted services or resources, disrupting normal operations.
Incorrect Answers:
A. An attack that uses a single system to overwhelm a target
Incorrect. This describes a DoS (Denial of Service) attack, not a DDoS. A DoS attack uses a single system to flood a target with traffic and cause a disruption, whereas a DDoS attack involves multiple systems.
B. A method of stealing sensitive data from a target system
Incorrect. This describes data theft or hacking, not a DDoS attack. While DDoS attacks can cause significant disruption, they do not typically aim to steal data; instead, their goal is to overwhelm the target's resources and make it inaccessible.
D. A social engineering tactic that exploits human error to gain unauthorized access
Incorrect. This describes a social engineering attack, such as phishing or pretexting, which exploits human behavior and error to gain access to sensitive information. It is unrelated to DDoS attacks, which focus on overwhelming a system with traffic rather than exploiting human vulnerabilities.
The correct answer is C, as it best describes a Distributed Denial of Service (DDoS) attack, which is characterized by multiple systems flooding a target with excessive traffic to disrupt its services.
