New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70special

Paloalto Networks PCCSE Prisma Certified Cloud Security Engineer Exam Practice Test

Page: 1 / 26
Total 260 questions

Prisma Certified Cloud Security Engineer Questions and Answers

Testing Engine

  • Product Type: Testing Engine
$37.5  $124.99

PDF Study Guide

  • Product Type: PDF Study Guide
$33  $109.99
Question 1

What is the order of steps to create a custom network policy?

(Drag the steps into the correct order of occurrence, from the first step to the last.)

Options:

Question 2

A Prisma Cloud Administrator needs to enable a Registry Scanning for a registry that stores Windows images. Which of the following statement is correct regarding this process?

Options:

A.

They can deploy any type of container defender to scan this registry.

B.

There are Windows host defenders deployed in your environment already.

C.

There are Windows host defenders deployed in your environment already. Therefore, they do not need to deploy any additional defenders.

D.

A defender is not required to configure this type of registry scan.

Question 3

An administrator has deployed Console into a Kubernetes cluster running in AWS. The administrator also has configured a load balancer in TCP passthrough mode to listen on the same ports as the default Prisma Compute Console configuration.

In the build pipeline, the administrator wants twistcli to talk to Console over HTTPS. Which port will twistcli need to use to access the Prisma Compute APIs?

Options:

A.

8084

B.

443

C.

8083

D.

8081

Question 4

An organization wants to be notified immediately to any “High Severity” alerts for the account group “Clinical Trials” via Slack.

Which option shows the steps the organization can use to achieve this goal?

Options:

A.

1. Configure Slack Integration

2.Create an alert rule and select “Clinical Trials” as the account group

3.Under the “Select Policies” tab, filter on severity and select “High”

4.Under the Set Alert Notification tab, choose Slack and populate the channel

5.Set Frequency to “As it Happens”

B.

1. Create an alert rule and select “Clinical Trials” as the account group

2.Under the “Select Policies” tab, filter on severity and select “High”

3.Under the Set Alert Notification tab, choose Slack and populate the channel

4.Set Frequency to “As it Happens”

5.Set up the Slack Integration to complete the configuration

C.

1. Configure Slack Integration

2.Create an alert rule

3.Under the “Select Policies” tab, filter on severity and select “High”

4.Under the Set Alert Notification tab, choose Slack and populate the channel

5.Set Frequency to “As it Happens”

D.

1. Under the “Select Policies” tab, filter on severity and select “High”

2.Under the Set Alert Notification tab, choose Slack and populate the channel

3.Set Frequency to “As it Happens”

4.Configure Slack Integration

5.Create an Alert rule

Question 5

How often do Defenders share logs with Console?

Options:

A.

Every 10 minutes

B.

Every 30 minutes

C.

Every 1 hour

D.

Real time

Question 6

Which role must be assigned to DevOps users who need access to deploy Container and Host Defenders in Compute?

Options:

A.

Cloud Provisioning Admin

B.

Build and Deploy Security

C.

System Admin

D.

Developer

Question 7

While writing a custom RQL with array objects in the investigate page, which type of auto-suggestion a user can leverage?

Options:

A.

Auto-sugestion for array objects that are useful for comparing between arrays

B.

Auto-suggestion is not available for array objects

C.

Auto-suggestion for array objects that are useful for categorization of resource parameters

D.

Auto-suggestion for array objects that are useful for comparing between array elements

Question 8

Which two offerings will scan container images in Jenkins pipelines? (Choose two.)

Options:

A.

Compute Azure DevOps plugin

B.

Prisma Cloud Visual Studio Code plugin with Jenkins integration

C.

Jenkins Docker plugin

D.

Twistcli

E.

Compute Jenkins plugin

Question 9

A manager informs the SOC that one or more RDS instances have been compromised and the SOC needs to make sure production RDS instances are NOT publicly accessible.

Which action should the SOC take to follow security best practices?

Options:

A.

Enable “AWS S3 bucket is publicly accessible” policy and manually remediate each alert.

B.

Enable “AWS RDS database instance is publicly accessible” policy and for each alert, check that it is a production instance, and then manually remediate.

C.

Enable “AWS S3 bucket is publicly accessible” policy and add policy to an auto-remediation alert rule.

D.

Enable “AWS RDS database instance is publicly accessible” policy and add policy to an auto-remediation alert rule.

Question 10

Which order of steps map a policy to a custom compliance standard?

(Drag the steps into the correct order of occurrence, from the first step to the last.)

Options:

Question 11

How is the scope of each rule determined in the Prisma Cloud Compute host runtime policy?

Options:

A.

By the collection assigned to that rule

B.

By the target workload

C.

By the order in which it is created

D.

By the type of network traffic it controls

Question 12

A customer wants to harden its environment from misconfiguration.

Prisma Cloud Compute Compliance enforcement for hosts covers which three options? (Choose three.)

Options:

A.

Docker daemon configuration files

B.

Docker daemon configuration

C.

Host cloud provider tags

D.

Host configuration

E.

Hosts without Defender agents

Question 13

Which serverless cloud provider is covered by the "overly permissive service access" compliance check?

Options:

A.

Alibaba

B.

Azure

C.

Amazon Web Services (AWS)

D.

Google Cloud Platform (GCP)

Question 14

Console is running in a Kubernetes cluster, and Defenders need to be deployed on nodes within this cluster.

How should the Defenders in Kubernetes be deployed using the default Console service name?

Options:

A.

From the deployment page in Console, choose "twistlock-console" for Console identifier, generate DaemonSet file, and apply DaemonSet to the twistlock namespace.

B.

From the deployment page, configure the cloud credential in Console and allow cloud discovery to auto-protect the Kubernetes nodes.

C.

From the deployment page in Console, choose "twistlock-console" for Console identifier and run the "curl | bash" script on the master Kubernetes node.

D.

From the deployment page in Console, choose "pod name" for Console identifier, generate DaemonSet file, and apply the DaemonSet to twistlock namespace.

Question 15

Which three Orchestrator types are supported when deploying Defender? (Choose three.)

Options:

A.

Red Hat OpenShift

B.

Amazon ECS

C.

Docker Swarm

D.

Azure ACS

E.

Kubernetes

Question 16

What is the primary purpose of Prisma Cloud Code Security?

Options:

A.

To provide a platform for developers to create custom security policies for applications

B.

To triage alerts and incidents in realtime during deployment

C.

To address cloud infrastructure misconfigurations in code before they become alerts or incidents

D.

To offer instant feedback on application performance issues and bottlenecks

Question 17

Which step should a SecOps engineer implement in order to create a network exposure policy that identifies instances accessible from any untrusted internet sources?

Options:

A.

In Policy Section-> Add Policy-> Config type -> Define Policy details Like Name,Severity-> Configure RQL query "config from network where source.network = UNTRUSTJNTERNET and dest.resource.type = 'Instance' and dest.cloud.type = 'AWS*" -> define compliance standard -> Define recommendation for remediation & save.

B.

In Policy Section-> Add Policy-> Network type -> Define Policy details Like Name.Severity-> Configure RQL query "network from vpc.flow_record where source.publicnetwork IN ('Suspicious IPs', 'Internet IPs') and dest.resource IN (resource where role IN ('Instance ))" -> define compliance standard -> Define recommendation for remediation & save.

C.

In Policy Section-> Add Policy-> Network type -> Define Policy details Like Name.Severity-> Configure RQL query "network from vpc.flow_record where source.publicnetwork IN ('Suspicious IPs', 'Internet IPs') and dest.resource IN (resource where role IN ( Instance ))" -> define compliance standard -> Define recommendation for remediation & save.

D.

In Policy Section-> Add Policy-> Network type -> Define Policy details Like Name.Severity-> Configure RQL query "config from network where source.network = UNTRUSTJNTERNET and dest.resource.type = 'Instance' and dest.cloud.type = 'AWS'" -> Define recommendation for remediation & save.

Question 18

An administrator has been tasked with creating a custom service that will download any existing compliance report from a Prisma Cloud Enterprise tenant.

In which order will the APIs be executed for this service?

(Drag the steps into the correct order of occurrence, from the first step to the last.)

Options:

Question 19

Which two variables must be modified to achieve automatic remediation for identity and access management (IAM) alerts in Azure cloud? (Choose two.)

Options:

A.

API_ENDPOINT

B.

SQS_QUEUE_NAME

C.

SB_QUEUE_KEY

D.

YOUR_ACCOUNT_NUMBER

Question 20

Which statement is true regarding CloudFormation templates?

Options:

A.

Scan support does not currently exist for nested references, macros, or intrinsic functions.

B.

A single template or a zip archive of template files cannot be scanned with a single API request.

C.

Request-Header-Field ‘cloudformation-version’ is required to request a scan.

D.

Scan support is provided for JSON, HTML and YAML formats.

Question 21

The Compute Console has recently been upgraded, and the administrator plans to delay upgrading the Defenders and the Twistcli tool until some of the team’s resources have been rescaled. The Console is currently one major release ahead.

What will happen as a result of the Console upgrade?

Options:

A.

Defenders will disconnect, and Twistcli will stop working.

B.

Defenders will disconnect, and Twistcli will remain working.

C.

Both Defenders and Twistcli will remain working.

D.

Defenders will remain connected, and Twistcli will stop working.

Question 22

The exclamation mark on the resource explorer page would represent?

Options:

A.

resource has been deleted

B.

the resource was modified recently

C.

resource has alerts

D.

resource has compliance violation

Question 23

A customer wants to monitor the company’s AWS accounts via Prisma Cloud, but only needs the resource configuration to be monitored for now.

Which two pieces of information do you need to onboard this account? (Choose two.)

Options:

A.

Cloudtrail

B.

Subscription ID

C.

Active Directory ID

D.

External ID

E.

Role ARN

Question 24

When an alert notification from the alarm center is deleted, how many hours will a similar alarm be suppressed by default?

Options:

A.

12

B.

8

C.

24

D.

4

Question 25

Which two services require external notifications to be enabled for policy violations in the Prisma Cloud environment? (Choose two.)

Options:

A.

Splunk

B.

QROC

C.

SQS

D.

Email

Question 26

An administrator has access to a Prisma Cloud Enterprise.

What are the steps to deploy a single container Defender on an ec2 node?

Options:

A.

Pull the Defender image to the ec2 node, copy and execute the curl | bash script, and start the Defender to ensure it is running.

B.

Execute the curl | bash script on the ec2 node.

C.

Configure the cloud credential in the console and allow cloud discovery to auto-protect the ec2 node.

D.

Generate DaemonSet file and apply DaemonSet to the twistlock namespace.

Question 27

A customer has a requirement to scan serverless functions for vulnerabilities.

What is the correct option to configure scanning?

Options:

A.

Configure serverless radar from the Defend > Compliance > Cloud Platforms page.

B.

Embed serverless Defender into the function.

C.

Configure a function scan policy from the Defend > Vulnerabilities > Functions page.

D.

Use Lambda layers to deploy a Defender into the function.

Question 28

Which of the following is not a supported external integration for receiving Prisma Cloud Code Security notifications?

Options:

A.

Splunk

B.

Cortex XSOAR

C.

Microsoft Teams

D.

ServiceNow

Question 29

Which options show the steps required after upgrade of Console?

Options:

A.

Uninstall Defenders Upgrade Jenkins Plugin

Upgrade twistcli where applicable

Allow the Console to redeploy the Defender

B.

Update the Console image in the Twistlock hosted registry Update the Defender image in the Twistlock hosted registry Uninstall Defenders

C.

Upgrade Defenders Upgrade Jenkins Plugin Upgrade twistcli where applicable

D.

Update the Console image in the Twistlock hosted registry Update the Defender image in the Twistlock hosted registry Redeploy Console

Question 30

Which ban for DoS protection will enforce a rate limit for users who are unable to post five (5) “. tar.gz" files within five (5) seconds?

Options:

A.

One with an average rate of 5 and file extensions match on “. tar.gz" on Web Application and API Security (WAAS)

B.

One with an average rate of 5 and file extensions match on “. tar.gz" on Cloud Native Network Firewall (CNNF)

C.

One with a burst rate of 5 and file extensions match on “. tar.gz" on Web Application and API Security (WAAS) *

D.

One with a burst rate of 5 and file extensions match on “. tar.gz" on Cloud Native Network Firewall (CNNF)

Question 31

A customer does not want alerts to be generated from network traffic that originates from trusted internal networks.

Which setting should you use to meet this customer’s request?

Options:

A.

Trusted Login IP Addresses

B.

Anomaly Trusted List

C.

Trusted Alert IP Addresses

D.

Enterprise Alert Disposition

Question 32

In WAAS Access control file upload controls, which three file types are supported out of the box? (Choose three.)

Options:

A.

Text

B.

Images

C.

Audio

D.

Documents

E.

Journal

Question 33

Which set of steps is the correct process for obtaining Console images for Prisma Cloud Compute Edition?

Options:

A.

To retrieve Prisma Cloud Console images using basic authentication:

1. Access registry.twistlock.com and authenticate using "docker login."

2. Retrieve the Prisma Cloud Console images using "docker pull."

B.

To retrieve Prisma Cloud Console images using URL authentication:

1. Access registry-url-auth.twistlock.com and authenticate using the user certificate.

2. Retrieve the Prisma Cloud Console images using "docker pull."

C.

To retrieve Prisma Cloud Console images using URL authentication:

1. Access registry-auth.twistlock.com and authenticate using the user certificate.

2. Retrieve the Prisma Cloud Console images using "docker pull."

D.

To retrieve Prisma Cloud Console images using basic authentication:

1. Access registry.paloaltonetworks.com and authenticate using "docker login."

2. Retrieve the Prisma Cloud Console images using "docker pull."

Question 34

A customer has a requirement to terminate any Container from image topSecret:latest when a process named ransomWare is executed.

How should the administrator configure Prisma Cloud Compute to satisfy this requirement?

Options:

A.

set the Container model to manual relearn and set the default runtime rule to block for process protection.

B.

set the Container model to relearn and set the default runtime rule to prevent for process protection.

C.

add a new runtime policy targeted at a specific Container name, add ransomWare process into the denied process list, and set the action to “prevent”.

D.

choose “copy into rule” for the Container, add a ransomWare process into the denied process list, and set the action to “block”.

Question 35

How many CLI remediation commands can be added in a custom policy sequence?

Options:

A.

2

B.

1

C.

4

D.

5

Question 36

Which three options for hardening a customer environment against misconfiguration are included in Prisma Cloud Compute compliance enforcement for hosts? (Choose three.)

Options:

A.

Serverless functions

B.

Docker daemon configuration

C.

Cloud provider tags

D.

Host configuration

E.

Hosts without Defender agents

Question 37

Which type of compliance check is available for rules under Defend > Compliance > Containers and Images > CI?

Options:

A.

Host

B.

Container

C.

Functions

D.

Image

Question 38

A customer wants to be notified about port scanning network activities in their environment. Which policy type detects this behavior?

Options:

A.

Network

B.

Port Scan

C.

Anomaly

D.

Config

Question 39

Anomaly policy uses which two logs to identify unusual network and user activity? (Choose two.)

Options:

A.

Network flow

B.

Audit

C.

Traffic

D.

Users

Question 40

You are an existing customer of Prisma Cloud Enterprise. You want to onboard a public cloud account and immediately see all of the alerts associated with this account based off ALL of your tenant’s existing enabled policies. There is no requirement to send alerts from this account to a downstream application at this time.

Which option shows the steps required during the alert rule creation process to achieve this objective?

Options:

A.

Ensure the public cloud account is assigned to an account group Assign the confirmed account group to alert rule

Select “select all policies” checkbox as part of the alert rule Confirm the alert rule

B.

Ensure the public cloud account is assigned to an account group Assign the confirmed account group to alert rule

Select one or more policies checkbox as part of the alert rule Confirm the alert rule

C.

Ensure the public cloud account is assigned to an account group Assign the confirmed account group to alert rule

Select one or more policies as part of the alert rule Add alert notifications

Confirm the alert rule

D.

Ensure the public cloud account is assigned to an account group Assign the confirmed account group to alert rule

Select “select all policies” checkbox as part of the alert rule Add alert notifications

Confirm the alert rule

Question 41

Which API calls can scan an image named myimage: latest with twistcli and then retrieve the results from Console?

Options:

A.

$ twistcli images scan \

--address \

--user \

--password \

--verbose \

myimage: latest

B.

$ twistcli images scan \

--address \

--user \

--password \

--details \

myimage: latest

C.

$ twistcli images scan \

--address \

--user \

--password \

myimage: latest

D.

$ twistcli images scan \

--address \

--user \

--password \

--console \

myimage: latest

Question 42

What is the behavior of Defenders when the Console is unreachable during upgrades?

Options:

A.

Defenders continue to alert, but not enforce, using the policies and settings most recently cached before upgrading the Console.

B.

Defenders will fail closed until the web-socket can be re-established.

C.

Defenders will fail open until the web-socket can be re-established.

D.

Defenders continue to alert and enforce using the policies and settings most recently cached before upgrading the Console.

Question 43

Which data security default policy is able to scan for vulnerabilities?

Options:

A.

Objects containing Vulnerabilities

B.

Objects containing Threats

C.

Objects containing Malware

D.

Objects containing Exploits

Question 44

What is the default namespace created by Defender DaemonSet during deployment?

Options:

A.

Redlock

B.

Defender

C.

Twistlock

D.

Default

Question 45

Which two filters are available in the SecOps dashboard? (Choose two.)

Options:

A.

Time range

B.

Account Groups

C.

Service Name

D.

Cloud Region

Question 46

Which method should be used to authenticate to Prisma Cloud Enterprise programmatically?

Options:

A.

single sign-on

B.

SAML

C.

basic authentication

D.

access key

Question 47

What are two alarm types that are registered after alarms are enabled? (Choose two.)

Options:

A.

Onboarded Cloud Accounts status

B.

Resource status

C.

Compute resources

D.

External integrations status

Question 48

Which two statements are true about the differences between build and run config policies? (Choose two.)

Options:

A.

Run and Network policies belong to the configuration policy set.

B.

Build and Audit Events policies belong to the configuration policy set.

C.

Run policies monitor resources, and check for potential issues after these cloud resources are deployed.

D.

Build policies enable you to check for security misconfigurations in the IaC templates and ensure that these issues do not get into production.

E.

Run policies monitor network activities in your environment, and check for potential issues during runtime.

Question 49

Which of the below actions would indicate – “The timestamp on the compliance dashboard?

Options:

A.

indicates the most recent data

B.

indicates the most recent alert generated

C.

indicates when the data was ingested

D.

indicates when the data was aggregated for the results displayed

Question 50

What are the two ways to scope a CI policy for image scanning? (Choose two.)

Options:

A.

container name

B.

image name

C.

hostname

D.

image labels

Question 51

Creation of a new custom compliance standard that is based on other individual custom compliance standards needs to be automated.

Assuming the necessary data from other standards has been collected, which API order should be used for this new compliance standard?

Options:

A.

1) https://api.prismacloud.io/compliance/add

2) https://api.prismacloud.io/compliance/requirementld/section

3) https://api.prismacloud.io/compliance/complianceld/requirement

B.

1) https://api.prismacloud.io/compliance

2) https://api.prismacloud.io/compliance/complianceld/requirement

3) https://api.prismacloud.io/compliance/requirementld/section

C.

1) https://api.prismacloud.io/compliance/add

2) https://api.prismacloud.io/compliance/complianceld/requirement

3) https://api.prismacloud.io/compliance/requirementld/section

D.

1) https://api.prismacloud.io/compliance

2) https://api.prismacloud.io/compliance/requirementld/section

3) https://api.prismacloud.io/compliance/complianceld/requirement

Question 52

Which of the following is a reason for alert dismissal?

Options:

A.

SNOOZED_AUTO_CLOSE

B.

ALERT_RULE_ADDED

C.

POLICY_UPDATED

D.

USER_DELETED

Question 53

Which two bot types are part of Web Application and API Security (WAAS) bot protection? (Choose two.)

Options:

A.

Chat bots

B.

User-defined bots

C.

Unknown bots

D.

Customer bots

Question 54

Given the following information, which twistcli command should be run if an administrator were to exec into a running container and scan it from within using an access token for authentication?

• Console is located at

• Token is: TOKEN_VALUE

• Report ID is: REPORTJD

• Container image running is: myimage:latest

Options:

A.

twistcli images scan --address https://prisma-console.mydomain.local —token TOKENVALUE —containerized —details myimage:latest

B.

twistcli images scan —console-address https://prisma-console.mydomain.local —auth-token MY_TOKEN —local-scan —details myimage:latest

C.

twistcli images scan —address https://prisma-console.mydomain.local —token TOKEN_VALUE —containerized --details REPORT_ID

D.

twistcli images scan --console-address https://prisma-console.mydomain.local --auth-token TOKEN_VALUE —containerized —vulnerability-details REPORT_ID

Question 55

Which command should be used in the Prisma Cloud twistcli tool to scan the nginx:latest image for vulnerabilities and compliance issues?

A)

B)

C)

D)

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 56

The Unusual protocol activity (Internal) network anomaly is generating too many alerts. An administrator has been asked to tune it to the option that will generate the least number of events without disabling it entirely.

Which strategy should the administrator use to achieve this goal?

Options:

A.

Disable the policy

B.

Set the Alert Disposition to Conservative

C.

Change the Training Threshold to Low

D.

Set Alert Disposition to Aggressive

Question 57

What are the subtypes of configuration policies in Prisma Cloud?

Options:

A.

Build and Deploy

B.

Monitor and Analyze

C.

Security and Compliance

D.

Build and Run

Question 58

Which three actions are available for the container image scanning compliance rule? (Choose three.)

Options:

A.

Allow

B.

Snooze

C.

Block

D.

Ignore

E.

Alert

Question 59

Which three options are selectable in a CI policy for image scanning with Jenkins or twistcli? (Choose three.)

Options:

A.

Scope - Scans run on a particular host

B.

Credential

C.

Apply rule only when vendor fixes are available

D.

Failure threshold

E.

Grace Period

Question 60

Which report includes an executive summary and a list of policy violations, including a page with details for each policy?

Options:

A.

Compliance Standard

B.

Business Unit

C.

Cloud Security Assessment

D.

Detailed

Question 61

Which type of query is used for scanning Infrastructure as Code (laC) templates?

Options:

A.

API

B.

XML

C.

JSON

D.

RQL

Question 62

Which three incident types will be reflected in the Incident Explorer section of Runtime Defense? (Choose three.)

Options:

A.

Crypto miners

B.

Brute Force

C.

Cross-Site Scripting

D.

Port Scanning

E.

SQL Injection

Question 63

An administrator has added a Cloud account on Prisma Cloud and then deleted it.

What will happen if the deleted account is added back on Prisma Cloud within a 24-hour period?

Options:

A.

No alerts will be displayed.

B.

Existing alerts will be displayed again.

C.

New alerts will be generated.

D.

Existing alerts will be marked as resolved.

Question 64

A container and image compliance rule has been configured by enabling all checks; however, upon review, the container's compliance view reveals only the entries in the image below.

What is the appropriate action to take next?

Options:

A.

Deploy defenders to scan complete container compliance.

B.

Wait until Prisma Cloud finishes the compliance scan and recheck.

C.

Change the rule options to list both failed and passed checks in the compliance rule edit window.

D.

Change the rule options to list only failed checks in the compliance rule edit window.

Question 65

Which two CI/CD plugins are supported by Prisma Cloud as part of its Code Security? (Choose two.)

Options:

A.

Checkov

B.

Visual Studio Code

C.

CircleCI

D.

IntelliJ

Question 66

In Prisma Cloud Software Release 22.06 (Kepler), which Registry type is added?

Options:

A.

Azure Container Registry

B.

Google Artifact Registry

C.

IBM Cloud Container Registry

D.

Sonatype Nexus

Question 67

Which step is included when configuring Kubernetes to use Prisma Cloud Compute as an admission controller?

Options:

A.

copy the Console address and set the config map for the default namespace.

B.

create a new namespace in Kubernetes called admission-controller.

C.

enable Kubernetes auditing from the Defend > Access > Kubernetes page in the Console.

D.

copy the admission controller configuration from the Console and apply it to Kubernetes.

Question 68

What is the order of steps in a Jenkins pipeline scan?

(Drag the steps into the correct order of occurrence, from the first step to the last.)

Options:

Question 69

What will happen when a Prisma Cloud Administrator has configured agentless scanning in an environment that also has Host and Container Defenders deployed?

Options:

A.

Agentless scan will automatically be disabled, so Defender scans are the only scans occurring.

B.

Agentless scans do not conflict with Defender scans, so both will run.

C.

Defender scans will automatically be disabled, so agentless scans are the only scans occurring.

D.

Both agentless and Defender scans will be disabled and an error message will be received.

Question 70

Which alert deposition severity must be chosen to generate low and high severity alerts in the Anomaly settings when user wants to report on an unknown browser and OS, impossible time travel, or both due to account hijacking attempts?

Options:

A.

High

B.

Aggressive

C.

Moderate

D.

Conservative

Question 71

A Prisma Cloud administrator is onboarding a single GCP project to Prisma Cloud. Which two steps can be performed by the Terraform script? (Choose two.)

Options:

A.

enable flow logs for Prisma Cloud.

B.

create the Prisma Cloud role.

C.

enable the required APIs for Prisma Cloud.

D.

publish the flow log to a storage bucket.

Question 72

In Azure, what permissions need to be added to Management Groups to allow Prisma Cloud to calculate net effective permissions?

Options:

A.

Microsoft.Management/managementGroups/descendants/read

B.

Microsoft.Management/managementGroups/descendants/calculate

C.

PaloAltoNetworks.PrismaCloud/managementGroups/descendants/read

D.

PaloAltoNetworks.PrismaCloud/managementGroups/

Question 73

Prisma Cloud supports which three external systems that allow the import of vulnerabilities and provide additional context on risks in the cloud? (Choose three.)

Options:

A.

Splunk

B.

Qualys

C.

Amazon Inspector

D.

Amazon GuardDuty

E.

ServiceNow

Question 74

A user from an organization is unable to log in to Prisma Cloud Console after having logged in the previous day.

Which area on the Console will provide input on this issue?

Options:

A.

SSO

B.

Audit Logs

C.

Users & Groups

D.

Access Control

Question 75

On which cloud service providers can new API release information for Prisma Cloud be received?

Options:

A.

AWS. Azure. GCP. Oracle, IBM

B.

AWS. Azure. GCP, IBM, Alibaba

C.

AWS. Azure. GCP. Oracle, Alibaba

D.

AWS. Azure. GCP, IBM

Question 76

What factor is not used in calculating the net effective permissions for a resource in AWS?

Options:

A.

AWS 1AM policy

B.

Permission boundaries

C.

IPTables firewall rule

D.

AWS service control policies (SCPs)

Question 77

Which two elements are included in the audit trail section of the asset detail view? (Choose two).

Options:

A.

Configuration changes

B.

Findings

C.

Overview

D.

Alert and vulnerability events

Question 78

A Prisma Cloud Administrator onboarded an AWS cloud account with agentless scanning enabled successfully to Prisma Cloud. Which item requires deploying defenders to be able to inspect the risk on the onboarded AWS account?

Options:

A.

Host compliances risks

B.

Container runtime risks

C.

Container vulnerability risks

D.

Host vulnerability risks

Page: 1 / 26
Total 260 questions