Weekend Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70special

Examstrust Logo
examstrust mcafee
  1. Home
  2. Paloalto Networks
  3. PSE-Prisma Cloud Professional
  4. PSE-PrismaCloud - PSE Palo Alto Networks System Engineer Professional - Prisma Cloud

Paloalto Networks PSE-PrismaCloud PSE Palo Alto Networks System Engineer Professional - Prisma Cloud Exam Practice Test

Page: 1 / 12
Total 115 questions
Get PSE-PrismaCloud Full Access Download PSE-PrismaCloud PDF

PSE Palo Alto Networks System Engineer Professional - Prisma Cloud Questions and Answers

Testing Engine

  • Product Type: Testing Engine
$37.5  $124.99
Add to Cart

PDF + Testing Engine

  • Product Type: PDF + Testing Engine
$52.5  $174.99
Add to Cart

PDF Study Guide

  • Product Type: PDF Study Guide
$33  $109.99
Add to Cart
Question 1

How is license utilization displayed within the Prisma Public Cloud interface?

Options:

A.

navigate to the CLI and run show license command

B.

navigate to General > Licensing

C.

navigate to Dashboard > Asset Inventory

D.

navigate to Settings (via the gear icon) > Licensing

Question 2

Which statement is specific for Prisma Cloud when integrating into cloud environments?

Options:

A.

An AutoFocus license is included in Prisma Cloud.

B.

For multi-cloud environment licenses are required for the number of Prisma Cloud instances.

C.

Can be natively integrated into Prisma Access.

D.

No agents or proxies are required.

Question 3

Which two template formats are supported by the Prisma Cloud infrastructure as code (laC) scan service? (Choose two.)

Options:

A.

ARM

B.

XML

C.

YAML

D.

JSON

Question 4

What is the scope of the Amazon Web Services 1AM Service?

Options:

A.

global

B.

regional

C.

VPC

D.

zonal

Question 5

Which three methods can provide application-level security for a web server instance on Amazon Web Services? (Choose three.)

Options:

A.

Traps

B.

Prisma SaaS

C.

Amazon Web Services WAF

D.

VM-Series firewalls

E.

Security Groups

Question 6

Which three services can Google Cloud Security Scanner assess? (Choose three.)

Options:

A.

Google Kubernetes Engine

B.

BigQuery

C.

Compute Engine

D.

App Engine

E.

Google Virtual Private Cloud

Question 7

Which two valid effects are used to deal with images within a rule for trusted images? (Choose two.)

Options:

A.

Deny

B.

Alert

C.

Block

D.

Ignore

Question 8

Which two deployment methods are supported for Prisma Cloud Compute (PCC) container Defenders? (Choose two.)

Options:

A.

Azure SQL database instances

B.

Google Kubernetes Engine

C.

Oracle Functions service

D.

Kubernetes DaemonSet

Question 9

Which three features are not supported by VM-Series NGFWs on Azure Stack? (Choose three.)

Options:

A.

Azure Application Insight

B.

Resource Group

C.

Azure Security Center

D.

Bootstrapping

E.

ARM Template

Question 10

Where can rules be configured and viewed to configure trusted images?

Options:

A.

Monitor > Compliance > Trusted Images

B.

Monitor > Compliance > Images

C.

Defend > Compliance > Trusted Images

D.

Defend > Compliance > Images

Question 11

Which regulatory framework in Prisma Public Cloud measures compliance with EU data privacy regulations in Amazon Web Services workloads?

Options:

A.

GDPR

B.

EU Data Protection Directive 95/46/EC

C.

ISO 27001

D.

Payment Card Industry 3.0

Question 12

Under which operating systems (OSs) is twistcli supported?

Options:

A.

Linux, macOS, and Windows

B.

Windows only

C.

Linux and Windows

D.

Linux, macOS, PAN-OS, and Windows

Question 13

Which Amazon Web Services security service can provide host vulnerability information to Prisma Public Cloud?

Options:

A.

Shield

B.

Inspector

C.

GuardDuty

D.

Amazon Web Services WAF

Question 14

Which Resource Query Language (RQL) query returns a list of all TERMINATED Google Compute Engine (GCE) instances?

Options:

A.

Config from.cloud.resource where api.name = „gcloud-compute-instance-list" and json.rule = status == TERMINATED

B.

Config from.cloud.resource where api.name = „gcloud-compute-instance-list" and json.rule = TERMINATED

C.

Config from.cloud.resource where api.name = „gcloud-compute-instance-list" and json.rule = status contains TERMINATED

D.

Config from.cloud.resource where api.name = „gcloud-compute-instance-list" and json.rule = is TERMINATED

Question 15

What is the default capacity license of a VM-Series NGFW being deployed from the Google Cloud Platform Marketplace?

Options:

A.

VM-GCP

B.

VM-100

C.

VM-500

D.

VM-300

Question 16

Which statement applies to optimization of registry scans with version pattern matching?

Options:

A.

It requires Linux images to rely on optimizing registry scans due to various Linux elements.

B.

It is only necessary in registries with tens of thousands of repositories and millions of images.

C.

It is best practice to always optimize registry scans for faster results.

D.

It is rarely successful in the Windows Operating System (OS).

Question 17

What is a permanent public IP called on Amazon Web Services?

Options:

A.

Reserved IP

B.

PIP

C.

EIP

D.

Floating IP

Question 18

Which statement reflects the default vulnerability management policy?

Options:

A.

Policy rule order has little impact on optimization.

B.

Prisma Cloud scans images in all containers immediately upon policy activation.

C.

The default vulnerability policy rule has an alert threshold to critical.

D.

Prisma Cloud ships all vulnerability policy with a default alert for containers, hosts, and serverless functions.

Question 19

What is Prisma Public Cloud licensing based on?

Options:

A.

number of alerts generated

B.

number of accounts onboarded

C.

number of monitored workloads

D.

volume of flow logs consumed

Question 20

Which two resource types are included in the Prisma Cloud Enterprise licensing count? (Choose two.)

Options:

A.

Elastic Compute Cloud (EC2) instances

B.

Network Address Translation (NAT) gateways

C.

CloudFront distributions

D.

Security groups

Question 21

Which two actions are appropriate when configuring Prisma Cloud to scan a registry? (Choose two.)

Options:

A.

Allow Prisma Cloud to automatically optimize registry scans with version pattern matching.

B.

Allow Prisma Cloud to automatically distribute the scan job across a pool of available Defenders.

C.

Explicitly specify the Defender to do the job.

D.

Explicitly specify the predefined version pattern-matching algorithm.

Question 22

Which two cloud-native providers are supported by Prisma Cloud? (Choose two.)

Options:

A.

DigitalOcean

B.

Azure

C.

IBM Cloud

D.

Oracle Cloud

Question 23

Which Resource Query Language (RQL) query searches for all Relational Database Service (RDS) instances that have a public IP address?

Options:

A.

config from cloud.resource where api.name = 'aws-rds-describe-db-instances' AND json.rule = storageEncrypted is false

B.

event from cloud.audit_logs where api.name = 'aws-rds-describe-db-instances' AND json.rule = publiclyAccessible is true

C.

config from cloud.resource where api.name = 'aws-rds-describe-db-instances' AND json.rule = publiclyAccessible is true

D.

config from cloud.resource where api.name = 'aws-ec2-describe-instances' AND json.rule = publiclyAccessible is true

Question 24

How can all alerts related to "Amazon RDS" be quickly identified within the Prisma Cloud dashboard?

Options:

A.

Generate a Center for Internet Security (CIS) compliance report and search for "Amazon RDS" policy violations.

B.

View the alert data on the "Asset Inventory" dashboard and filter on "Amazon RDS.

C.

Within the "Alerts" tab. filter on "Amazon RDS" as a service.

D.

Create a custom Resource Query Language (RQL) configuration report.

Question 25

What does Infrastructure as Code (laC) collect to enable automation?

Options:

A.

modern representation formats that describe and deploy infrastructure

B.

orchestrated workflows to enable cross-functional teams to deploy infrastructure

C.

images to easily replicate and manage infrastructure

D.

infrastructure monitoring tool sets

Question 26

All Amazon Regional Database Service (RDS)-deployed resources and the regions in which they are deployed can be identified by prisma Cloud using which two methods? (Choose two.)

Options:

A.

Configure an Inventory report from the "Alerts" tab.

B.

Write an RQL query from the "Investigate" tab.

C.

Open the Asset dashboard, filter on Amazon Web Services, and click "Amazon RDS" resources.

D.

Generate a compliance report from the Compliance dashboard.

Question 27

Which Amazon Web Services (AWS) service supplies information for Prisma Cloud "event where" Resource Query Language (RQL) queries?

Options:

A.

GuardDuty

B.

CloudTrail Audit Logs

C.

Activity Logs

D.

Inspector

Question 28

How can you use Prisma Public Cloud to identify Amazon EC2 instances that have been tagged as "Private?

Options:

A.

Create an RQL config query to identify resources with the tag "Private."

B.

Create an RQL network query to identify traffic from resources tagged "Private."

C.

Open the Asset Dashboard, filter on tags: and choose "Private."

D.

Generate a CIS compliance report and review the "Asset Summary."

Question 29

Which type of Resource Query Language (RQL) query is used to create a custom policy that looks for untagged resources?

Options:

A.

config

B.

alert

C.

event

D.

data

Question 30

Which two templates are supported by Cloud Code Security scan service? (Choose two.)

Options:

A.

Azure Resource Manager (ARM)

B.

Hyper Text Markup Language (HTML)

C.

GitHub

D.

Terraform

Question 31

In which two ways can Prisma Cloud Compute (PCC) edition be installed? (Choose two.)

Options:

A.

self-managed in a customer's own container platform

B.

self-contained hardware appliance

C.

as a stand-alone Windows application

D.

Cloud-hosted as part of a Prisma Cloud Enterprise tenant from Palo Alto Networks

Question 32

When protecting against attempts to exploit client-side and server-side vulnerabilities, what is the Palo Alto Networks best practice when using NGFW Vulnerability Protection Profiles?

Options:

A.

Use the default Vulnerability Protection Profile to protect clients from all known critical, high, and medium-severity threats

B.

Clone the predefined Strict Profile, with packet capture settings disabled

C.

Use the default Vulnerability Protection Profile to protect servers from all known critical, high, and medium-severity threats

D.

Clone the predefined Strict Profile, with packet capture settings enabled

Question 33

What are the asset severity levels within Prisma Cloud asset inventory?

Options:

A.

Low, Medium, and High

B.

Low, Medium, High, and Critical

C.

Informational, Low, Medium, and High

D.

Low, Medium, High, Severe, and Critical

Question 34

How can a range of dates in the Prisma Cloud default policy be modified?

Options:

A.

Clone the existing policy and change the value.

B.

Click the gear icon next to the policy name to open the "Edit Policy" dialog.

C.

Manually create the Resource Query Language (RQL) statement.

D.

Override the value and commit the configuration.

Load More PSE-PrismaCloud Questions
Page: 1 / 12
Total 115 questions
Get PSE-PrismaCloud Full Access Download PSE-PrismaCloud PDF