New Year Sale - Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70dumps

PCCSE Questions and Answers

Question # 6

A customer is interested in PCI requirements and needs to ensure that no privilege containers can start in the environment.

Which action needs to be set for “do not use privileged containers”?

A.

Prevent

B.

Alert

C.

Block

D.

Fail

Full Access
Question # 7

What are the two ways to scope a CI policy for image scanning? (Choose two.)

A.

container name

B.

image name

C.

hostname

D.

image labels

Full Access
Question # 8

Which ban for DoS protection will enforce a rate limit for users who are unable to post five (5) “. tar.gz" files within five (5) seconds?

A.

One with an average rate of 5 and file extensions match on “. tar.gz" on Web Application and API Security (WAAS)

B.

One with an average rate of 5 and file extensions match on “. tar.gz" on Cloud Native Network Firewall (CNNF)

C.

One with a burst rate of 5 and file extensions match on “. tar.gz" on Web Application and API Security (WAAS) *

D.

One with a burst rate of 5 and file extensions match on “. tar.gz" on Cloud Native Network Firewall (CNNF)

Full Access
Question # 9

Which three fields are mandatory when authenticating the Prisma Cloud plugin in the IntelliJ application? (Choose three.)

A.

Secret Key

B.

Prisma Cloud API URL

C.

Tags

D.

Access Key

E.

Asset Name

Full Access
Question # 10

What must be created in order to receive notifications about alerts generated when the operator is away from the Prisma Cloud Console?

A.

Alarm rule

B.

Notification rule

C.

Alert rule

D.

Offline alert

Full Access
Question # 11

An administrator has a requirement to ingest all Console and Defender logs to Splunk.

Which option will satisfy this requirement in Prisma Cloud Compute?

A.

Enable the API settings for logging.

B.

Enable the CSV export in the Console.

C.

Enable the syslog option in the Console

D.

Enable the Splunk option in the Console.

Full Access
Question # 12

What is an example of an outbound notification within Prisma Cloud?

A.

AWS Inspector

B.

Qualys

C.

Tenable

D.

PagerDuty

Full Access
Question # 13

Which RQL query type is invalid?

A.

Event

B.

IAM

C.

Incident

D.

Config

Full Access
Question # 14

Which statement is true about obtaining Console images for Prisma Cloud Compute Edition?

A.

To retrieve Prisma Cloud Console images using basic auth:

1.Access registry.paloaltonetworks.com, and authenticate using ‘docker login’.

2.Retrieve the Prisma Cloud Console images using ‘docker pull’.

B.

To retrieve Prisma Cloud Console images using basic auth:

1.Access registry.twistlock.com, and authenticate using ‘docker login’.

2.Retrieve the Prisma Cloud Console images using ‘docker pull’.

C.

To retrieve Prisma Cloud Console images using URL auth:

1.Access registry-url-auth.twistlock.com, and authenticate using the user certificate.

2.Retrieve the Prisma Cloud Console images using ‘docker pull’.

D.

To retrieve Prisma Cloud Console images using URL auth:

1.Access registry-auth.twistlock.com, and authenticate using the user certificate.

2.Retrieve the Prisma Cloud Console images using ‘docker pull’.

Full Access
Question # 15

Which field is required during the creation of a custom config query?

A.

resource status

B.

api.name

C.

finding.type

D.

cloud.type

Full Access
Question # 16

In WAAS Access control file upload controls, which three file types are supported out of the box? (Choose three.)

A.

Text

B.

Images

C.

Audio

D.

Documents

E.

Journal

Full Access
Question # 17

Which statement is true regarding CloudFormation templates?

A.

Scan support does not currently exist for nested references, macros, or intrinsic functions.

B.

A single template or a zip archive of template files cannot be scanned with a single API request.

C.

Request-Header-Field ‘cloudformation-version’ is required to request a scan.

D.

Scan support is provided for JSON, HTML and YAML formats.

Full Access
Question # 18

Prisma Cloud supports which three external systems that allow the import of vulnerabilities and provide additional context on risks in the cloud? (Choose three.)

A.

Splunk

B.

Qualys

C.

Amazon Inspector

D.

Amazon GuardDuty

E.

ServiceNow

Full Access
Question # 19

Which statement applies to Adoption Advisor?

A.

It helps adopt security capabilities at a fixed pace regardless of the organization's needs.

B.

It only provides guidance during the deploy phase of the application lifecycle.

C.

It is only available for organizations that have completed the cloud adoption journey.

D.

It includes security capabilities from subscriptions for CSPM, CWP, CCS, OEM, and Data Security.

Full Access
Question # 20

Which three actions are available for the container image scanning compliance rule? (Choose three.)

A.

Allow

B.

Snooze

C.

Block

D.

Ignore

E.

Alert

Full Access
Question # 21

Which method should be used to authenticate to Prisma Cloud Enterprise programmatically?

A.

single sign-on

B.

SAML

C.

basic authentication

D.

access key

Full Access
Question # 22

Which three elements are part of SSH Events in Host Observations? (Choose three.)

A.

Startup process

B.

User

C.

System calls

D.

Process path

E.

Command

Full Access
Question # 23

Which two CI/CD plugins are supported by Prisma Cloud as part of its DevOps Security? (Choose two.).

A.

BitBucket

B.

Visual Studio Code

C.

CircleCI

D.

IntelliJ

Full Access
Question # 24

In Azure, what permissions need to be added to Management Groups to allow Prisma Cloud to calculate net effective permissions?

A.

Microsoft.Management/managementGroups/descendants/read

B.

Microsoft.Management/managementGroups/descendants/calculate

C.

PaloAltoNetworks.PrismaCloud/managementGroups/descendants/read

D.

PaloAltoNetworks.PrismaCloud/managementGroups/

Full Access
Question # 25

Which data security default policy is able to scan for vulnerabilities?

A.

Objects containing Vulnerabilities

B.

Objects containing Threats

C.

Objects containing Malware

D.

Objects containing Exploits

Full Access
Question # 26

When would a policy apply if the policy is set under Defend > Vulnerability > Images > Deployed?

A.

when a serverless repository is scanned

B.

when a Container is started form an Image

C.

when the Image is built and when a Container is started form an Image

D.

when the Image is built

Full Access
Question # 27

Which role does Prisma Cloud play when configuring SSO?

A.

JIT

B.

Service provider

C.

SAML

D.

Identity provider issuer

Full Access
Question # 28

How often do Defenders share logs with Console?

A.

Every 10 minutes

B.

Every 30 minutes

C.

Every 1 hour

D.

Real time

Full Access
Question # 29

What happens when a role is deleted in Prisma Cloud?

A.

The access key associated with that role is automatically deleted.

B.

Any integrations that use the access key to make calls to Prisma Cloud will stop working.

C.

The users associated with that role will be deleted.

D.

Any user who uses that key will be deleted.

Full Access
Question # 30

A customer has a requirement to automatically protect all Lambda functions with runtime protection. What is the process to automatically protect all the Lambda functions?

A.

Configure a function scan policy from the Defend/Vulnerabilities/Functions page.

B.

Configure serverless radar from the Defend/Compliance/Cloud Platforms page.

C.

Configure a manually embedded Lambda Defender.

D.

Configure a serverless auto-protect rule for the functions.

Full Access
Question # 31

What is the function of the external ID when onboarding a new Amazon Web Services (AWS) account in Prisma Cloud?

A.

It is a unique identifier needed only when Monitor & Protect mode is selected.

B.

It is the resource name for the Prisma Cloud Role.

C.

It is a UUID that establishes a trust relationship between the Prisma Cloud account and the AWS account in order to extract data.

D.

It is the default name of the PrismaCloudApp stack.

Full Access
Question # 32

Which alert deposition severity must be chosen to generate low and high severity alerts in the Anomaly settings when user wants to report on an unknown browser and OS, impossible time travel, or both due to account hijacking attempts?

A.

High

B.

Aggressive

C.

Moderate

D.

Conservative

Full Access
Question # 33

Match the correct scanning mode for each given operation.

(Select your answer from the pull-down list. Answers may be used more than once or not at all.)

Full Access
Question # 34

An S3 bucket within AWS has generated an alert by violating the Prisma Cloud Default policy “AWS S3 buckets are accessible to public”. The policy definition follows:

config where cloud.type = 'aws' AND api.name='aws-s3api-get-bucket-acl' AND json.rule="((((acl.grants[? (@.grantee=='AllUsers')] size > 0) or policyStatus.isPublic is true) and publicAccessBlockConfiguration does not exist) or ((acl.grants[?(@.grantee=='AllUsers')] size > 0) and publicAccessBlockConfiguration.ignorePublicAcis is false) or (policyStatus.isPublic is true and publicAccessBlockConfiguration.restrictPublicBuckets is false)) and websiteConfiguration does not exist"

Why did this alert get generated?

A.

an event within the cloud account

B.

network traffic to the S3 bucket

C.

configuration of the S3 bucket

D.

anomalous behaviors

Full Access
Question # 35

Under which tactic is “Exploit Public-Facing Application” categorized in the ATT&CK framework?

A.

Defense Evasion

B.

Initial Access

C.

Execution

D.

Privilege Escalation

Full Access
Question # 36

The exclamation mark on the resource explorer page would represent?

A.

resource has been deleted

B.

the resource was modified recently

C.

resource has alerts

D.

resource has compliance violation

Full Access
Question # 37

A security team is deploying Cloud Native Application Firewall (CNAF) on a containerized web application. The application is running an NGINX container. The container is listening on port 8080 and is mapped to host port 80.

Which port should the team specify in the CNAF rule to protect the application?

A.

443

B.

80

C.

8080

D.

8888

Full Access
Question # 38

An administrator has been tasked with a requirement by your DevSecOps team to write a script to continuously query programmatically the existing users, and the user’s associated permission levels, in a Prisma Cloud Enterprise tenant.

Which public documentation location should be reviewed to help determine the required attributes to carry out this step?

A.

Prisma Cloud Administrator’s Guide (Compute)

B.

Prisma Cloud API Reference

C.

Prisma Cloud Compute API Reference

D.

Prisma Cloud Enterprise Administrator’s Guide

Full Access
Question # 39

When configuring SSO how many IdP providers can be enabled for all the cloud accounts monitored by Prisma Cloud?

A.

2

B.

4

C.

1

D.

3

Full Access
Question # 40

The compliance team needs to associate Prisma Cloud policies with compliance frameworks. Which option should the team select to perform this task?

A.

Custom Compliance

B.

Policies

C.

Compliance

D.

Alert Rules

Full Access
Question # 41

A customer has Defenders connected to Prisma Cloud Enterprise. The Defenders are deployed as a DaemonSet in OpenShift.

How should the administrator get a report of vulnerabilities on hosts?

A.

Navigate to Monitor > Vulnerabilities > CVE Viewer

B.

Navigate to Defend > Vulnerabilities > VM Images

C.

Navigate to Defend > Vulnerabilities > Hosts

D.

Navigate to Monitor > Vulnerabilities > Hosts

Full Access
Question # 42

What factor is not used in calculating the net effective permissions for a resource in AWS?

A.

AWS 1AM policy

B.

Permission boundaries

C.

IPTables firewall rule

D.

AWS service control policies (SCPs)

Full Access
Question # 43

Prisma Cloud Compute has been installed on Onebox. After Prisma Cloud Console has been accessed. Defender is disconnected and keeps returning the error "No console connectivity" in the logs.

What could be causing the disconnection between Console and Defender in this scenario?

A.

Port 8083 is not open for Console and Defender communication.

B.

The license key provided to the Console is invalid.

C.

Port 8084 is not open for Console and Defender communication.

D.

Onebox script installed an older version of the Defender.

Full Access
Question # 44

Which two options may be used to upgrade the Defenders with a Console v20.04 and Kubernetes deployment? (Choose two.)

A.

Run the provided curl | bash script from Console to remove Defenders, and then use Cloud Discovery to automatically redeploy Defenders.

B.

Remove Defenders DaemonSet, and then use Cloud Discovery to automatically redeploy the Defenders.

C.

Remove Defenders, and then deploy the new DaemonSet so Defenders do not have to automatically update on each deployment.

D.

Let Defenders automatically upgrade.

Full Access
Question # 45

An administrator of Prisma Cloud wants to enable role-based access control for Docker engine.

Which configuration step is needed first to accomplish this task?

A.

Configure Docker’s authentication sequence to first use an identity provider and then Console.

B.

Set Defender’s listener type to TCP.

C.

Set Docker’s listener type to TCP.

D.

Configure Defender’s authentication sequence to first use an identity provider and then Console.

Full Access
Question # 46

Which two fields are required to configure SSO in Prisma Cloud? (Choose two.)

A.

Prisma Cloud Access SAML URL

B.

Identity Provider Issuer

C.

Certificate

D.

Identity Provider Logout URL

Full Access
Question # 47

What is required for Prisma Cloud to successfully execute auto-remediation commands?

A.

Read access to the cloud platform

B.

Write access to the cloud platform

C.

Access to the cloud platform only for Azure

D.

Prisma Cloud requires no access to the cloud platform

Full Access
Question # 48

Which statement accurately characterizes SSO Integration on Prisma Cloud?

A.

Prisma Cloud supports IdP initiated SSO, and its SAML endpoint supports the POST and GET methods.

B.

Okta, Azure Active Directory, PingID, and others are supported via SAML.

C.

An administrator can configure different Identity Providers (IdP) for all the cloud accounts that Prisma Cloud monitors.

D.

An administrator who needs to access the Prisma Cloud API can use SSO after configuration.

Full Access
Question # 49

In which Console menu would an administrator verify whether a custom compliance check is failing or passing?

A.

Monitor > Compliance

B.

Container Security > Compliance

C.

Defend > Compliance

D.

Custom > Compliance

Full Access
Question # 50

Which two statements explain differences between build and run config policies? (Choose two.)

A.

Run and Network policies belong to the configuration policy set.

B.

Build policies allow checking for security misconfigurations in the IaC templates and ensure these issues do not get into production.

C.

Run policies monitor network activities in the environment and check for potential issues during runtime.

D.

Run policies monitor resources and check for potential issues after these cloud resources are deployed.

Full Access
Question # 51

Taking which action will automatically enable all severity levels?

A.

Navigate to Settings > Enterprise Settings and enable all severity levels in the alarm center.

B.

Navigate to Policies > Settings and enable all severity levels in the alarm center.

C.

Navigate to Settings > Enterprise Settings and ensure all severity levels are checked under "auto-enable default policies.

D.

Navigate to Policies > Settings and ensure all severity levels are checked under "auto-enable default policies.

Full Access
Question # 52

During the Learning phase of the Container Runtime Model, Prisma Cloud enters a “dry run” period for how many hours?

A.

4

B.

48

C.

1

D.

24

Full Access
Question # 53

Which command should be used in the Prisma Cloud twistcli tool to scan the nginx:latest image for vulnerabilities and compliance issues?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 54

The Compute Console has recently been upgraded, and the administrator plans to delay upgrading the Defenders and the Twistcli tool until some of the team’s resources have been rescaled. The Console is currently one major release ahead.

What will happen as a result of the Console upgrade?

A.

Defenders will disconnect, and Twistcli will stop working.

B.

Defenders will disconnect, and Twistcli will remain working.

C.

Both Defenders and Twistcli will remain working.

D.

Defenders will remain connected, and Twistcli will stop working.

Full Access
Question # 55

An administrator has deployed Console into a Kubernetes cluster running in AWS. The administrator also has configured a load balancer in TCP passthrough mode to listen on the same ports as the default Prisma Compute Console configuration.

In the build pipeline, the administrator wants twistcli to talk to Console over HTTPS. Which port will twistcli need to use to access the Prisma Compute APIs?

A.

8084

B.

443

C.

8083

D.

8081

Full Access
Question # 56

Which two services require external notifications to be enabled for policy violations in the Prisma Cloud environment? (Choose two.)

A.

Splunk

B.

QROC

C.

SQS

D.

Email

Full Access
Question # 57

Which two integrations enable ingesting host findings to generate alerts? (Choose two.)

A.

Splunk

B.

Tenable

C.

JIRA

D.

Qualys

Full Access
Question # 58

Put the steps of integrating Okta with Prisma Cloud in the right order in relation to CIEM or SSO okra integration.

Full Access
Question # 59

Given the following JSON query:

$.resource[*].aws_s3_bucket exists

Which tab is the correct place to add the JSON query when creating a Config policy?

A.

Details

B.

Compliance Standards

C.

Remediation

D.

Build Your Rule (Run tab)

E.

Build Your Rule (Build tab)

Full Access
Question # 60

What is the order of steps to create a custom network policy?

(Drag the steps into the correct order of occurrence, from the first step to the last.)

Full Access
Question # 61

An administrator for Prisma Cloud needs to obtain a graphical view to monitor all connections, including connections across hosts and connections to any configured network objects.

Which setting does the administrator enable or configure to accomplish this task?

A.

ADEM

B.

WAAS Analytics

C.

Telemetry

D.

Cloud Native Network Firewall

E.

Host Insight

Full Access
Question # 62

Which API calls can scan an image named myimage: latest with twistcli and then retrieve the results from Console?

A.

$ twistcli images scan \

--address \

--user \

--password \

--verbose \

myimage: latest

B.

$ twistcli images scan \

--address \

--user \

--password \

--details \

myimage: latest

C.

$ twistcli images scan \

--address \

--user \

--password \

myimage: latest

D.

$ twistcli images scan \

--address \

--user \

--password \

--console \

myimage: latest

Full Access
Question # 63

What will happen when a Prisma Cloud Administrator has configured agentless scanning in an environment that also has Host and Container Defenders deployed?

A.

Agentless scan will automatically be disabled, so Defender scans are the only scans occurring.

B.

Agentless scans do not conflict with Defender scans, so both will run.

C.

Defender scans will automatically be disabled, so agentless scans are the only scans occurring.

D.

Both agentless and Defender scans will be disabled and an error message will be received.

Full Access
Question # 64

The security auditors need to ensure that given compliance checks are being run on the host. Which option is a valid host compliance policy?

A.

Ensure functions are not overly permissive.

B.

Ensure host devices are not directly exposed to containers.

C.

Ensure images are created with a non-root user.

D.

Ensure compliant Docker daemon configuration.

Full Access
Question # 65

Which three types of buckets exposure are available in the Data Security module? (Choose three.)

A.

Public

B.

Private

C.

International

D.

Differential

E.

Conditional

Full Access
Question # 66

The security team wants to target a CNAF policy for specific running Containers. How should the administrator scope the policy to target the Containers?

A.

scope the policy to Image names.

B.

scope the policy to namespaces.

C.

scope the policy to Defender names.

D.

scope the policy to Host names.

Full Access
Question # 67

A customer finds that an open alert from the previous day has been resolved. No auto-remediation was configured.

Which two reasons explain this change in alert status? (Choose two.)

A.

user manually changed the alert status.

B.

policy was changed.

C.

resource was deleted.

D.

alert was sent to an external integration.

Full Access
Question # 68

Console is running in a Kubernetes cluster, and Defenders need to be deployed on nodes within this cluster.

How should the Defenders in Kubernetes be deployed using the default Console service name?

A.

From the deployment page in Console, choose "twistlock-console" for Console identifier, generate DaemonSet file, and apply DaemonSet to the twistlock namespace.

B.

From the deployment page, configure the cloud credential in Console and allow cloud discovery to auto-protect the Kubernetes nodes.

C.

From the deployment page in Console, choose "twistlock-console" for Console identifier and run the "curl | bash" script on the master Kubernetes node.

D.

From the deployment page in Console, choose "pod name" for Console identifier, generate DaemonSet file, and apply the DaemonSet to twistlock namespace.

Full Access
Question # 69

A Prisma Cloud administrator is onboarding a single GCP project to Prisma Cloud. Which two steps can be performed by the Terraform script? (Choose two.)

A.

enable flow logs for Prisma Cloud.

B.

create the Prisma Cloud role.

C.

enable the required APIs for Prisma Cloud.

D.

publish the flow log to a storage bucket.

Full Access
Question # 70

A customer has a development environment with 50 connected Defenders. A maintenance window is set for Monday to upgrade 30 stand-alone Defenders in the development environment, but there is no maintenance window available until Sunday to upgrade the remaining 20 stand-alone Defenders.

Which recommended action manages this situation?

A.

Go to Manage > Defender > Manage, then click Defenders, and use the Scheduler to choose which Defenders will be automatically upgraded during the maintenance window.

B.

Find a maintenance window that is suitable to upgrade all stand-alone Defenders in the development environment.

C.

Upgrade a subset of the Defenders by clicking the individual Actions > Upgrade button in the row that corresponds to the Defender that should be upgraded during the maintenance window.

D.

Open a support case with Palo Alto Networks to arrange an automatic upgrade.

Full Access
Question # 71

Which order of steps map a policy to a custom compliance standard?

(Drag the steps into the correct order of occurrence, from the first step to the last.)

Full Access
Question # 72

While writing a custom RQL with array objects in the investigate page, which type of auto-suggestion a user can leverage?

A.

Auto-sugestion for array objects that are useful for comparing between arrays

B.

Auto-suggestion is not available for array objects

C.

Auto-suggestion for array objects that are useful for categorization of resource parameters

D.

Auto-suggestion for array objects that are useful for comparing between array elements

Full Access
Question # 73

Given the following RQL:

event from cloud.audit_logs where operation IN (‘CreateCryptoKey’, ‘DestroyCryptoKeyVersion’, ‘v1.compute.disks.createSnapshot’)

Which audit event snippet is identified?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 74

What is the correct method for ensuring key-sensitive data related to SSNs and credit card numbers cannot be viewed in Dashboard > Data view during investigations?

A.

Go to Settings > Data > Snippet Masking and select Full Mask.

B.

Go to Settings > Data > Data Patterns, search for SSN Pattern, edit it, and modify the proximity keywords.

C.

Go to Settings > Cloud Accounts > Edit Cloud Account > Assign Account Group and select a group with limited permissions.

D.

Go to Policies > Data > Clone > Modify Objects containing Financial Information publicly exposed and change the file exposure to Private.

Full Access
Question # 75

Which alerts are fixed by enablement of automated remediation?

A.

All applicable open alerts regardless of when they were generated, with alert status updated to "resolved"

B.

Only the open alerts that were generated before the enablement of remediation, with alert status updated to "resolved"

C.

All applicable open alerts regardless of when they were generated, with alert status updated to "dismissed"

D.

Only the open alerts that were generated after the enablement of remediation, with alert status updated to "resolved"

Full Access
Question # 76

An administrator has added a Cloud account on Prisma Cloud and then deleted it.

What will happen if the deleted account is added back on Prisma Cloud within a 24-hour period?

A.

No alerts will be displayed.

B.

Existing alerts will be displayed again.

C.

New alerts will be generated.

D.

Existing alerts will be marked as resolved.

Full Access
Question # 77

Which policy type provides information about connections from suspicious IPs in a customer database?

A.

Anomaly

B.

Threat detection

C.

Network

D.

AutoFocus

Full Access
Question # 78

Which report includes an executive summary and a list of policy violations, including a page with details for each policy?

A.

Compliance Standard

B.

Business Unit

C.

Cloud Security Assessment

D.

Detailed

Full Access