Pre-Summer Sale - Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dpt65

PSE-PrismaCloud Questions and Answers

Question # 6

Which three methods can provide application-level security for a web server instance on Amazon Web Services? (Choose three.)

A.

Traps

B.

Prisma SaaS

C.

Amazon Web Services WAF

D.

VM-Series firewalls

E.

Security Groups

Full Access
Question # 7

What is a permanent public IP called on Amazon Web Services?

A.

Reserved IP

B.

PIP

C.

EIP

D.

Floating IP

Full Access
Question # 8

Which Amazon Web Services security service can provide host vulnerability information to Prisma Public Cloud?

A.

Shield

B.

Inspector

C.

GuardDuty

D.

Amazon Web Services WAF

Full Access
Question # 9

Which RQL string monitors all traffic from the Internet and Suspicious IPs destined for your Amazon Web Services databases''

A.

network where source.publicnetwork IN ('Suspicious IPs') and dest.resource IN (resource where role IN ('AWS RDS', 'Database'))

B.

network where source.publicnetwork IN ('Suspicious IPs', 'Internet IPs') and dest.resource IN (resource where role IN ('LDAP'))

C.

network where dest.resource IN (resource where role = 'Database'}

D.

network where source.publicnetwork IN ('Suspicious IPs', 'Internet IPs') and dest resource IN (resource where role IN ('AWS RDS'. 'Database'))

Full Access
Question # 10

Match the logging service with its cloud provider.

Full Access
Question # 11

Which pillar of the Prisma Cloud platform allows cloud entitlements to be quickly audited and secured?

A.

Cloud Security Posture Management

B.

Cloud Identity Security

C.

Cloud Network Security

D.

Cloud Code Security

Full Access
Question # 12

Which Prisma Public Cloud policy alerts administrators to unusual user activity?

A.

Anomaly

B.

Audit Event

C.

Network

D.

Configuration

Full Access
Question # 13

Which statement applies to vulnerability management policies?

A.

Host and serverless rules support blocking, whereas container rules do not.

B.

Rules explain the necessary actions when vulnerabilities are found in the resources of a customer environment.

C.

Policies for containers, hosts, and serverless functions are not separate.

D.

Rules are evaluated in an undefined order.

Full Access
Question # 14

What are two benefits of Cloud Security Posture Management (CSPM) over other solutions? (Choose two.)

A.

guaranteed proof of concept (POC) extensions beyond 30 days

B.

native integration of network, endpoint, and cloud data to stop attacks

C.

elimination of blind spots

D.

proactive addressing of risks

Full Access
Question # 15

Which Google Cloud Platform project shares its VPC networks with other projects?

A.

Service project

B.

Host project

C.

Admin project

D.

Subscribing project

Full Access
Question # 16

Which subcommand invokes the scan for images built with Jenkins in an OpenShift environment?

A.

> twistcli project scan

B.

> twistcli scar, projects

C.

> twistcli hosts scan

D.

> twistcli scar, hosts

Full Access
Question # 17

Which Amazon Web Services (AWS) service supplies information for Prisma Cloud "event where" Resource Query Language (RQL) queries?

A.

GuardDuty

B.

CloudTrail Audit Logs

C.

Activity Logs

D.

Inspector

Full Access
Question # 18

Which change represents a VM-Series NGFW license transfer?

A.

VM-100 BYOL on Microsoft Azure to VM-100 BYOL on Amazon Web Services

B.

VM-300 BYOL on Microsoft Azure to VM-300 PAY6 on Amazon Web Services

C.

VM-100 BYOL on Microsoft Azure to VM-300 BYOL on Microsoft Azure

D.

VM-100 BYOL on Microsoft Azure to VM-300 PAYG on Amazon Web Services

Full Access
Question # 19

How can you modify a range of dates default policy in Prisma Public Cloud?

A.

Override the value and commit the configuration.

B.

Clone the existing policy and change the value.

C.

Manually create the RQL statement.

D.

Click the Gear icon next to the policy name to open the Edit Policy dialog

Full Access
Question # 20

All Amazon Regional Database Service (RDS)-deployed resources and the regions in which they are deployed can be identified by prisma Cloud using which two methods? (Choose two.)

A.

Configure an Inventory report from the "Alerts" tab.

B.

Write an RQL query from the "Investigate" tab.

C.

Open the Asset dashboard, filter on Amazon Web Services, and click "Amazon RDS" resources.

D.

Generate a compliance report from the Compliance dashboard.

Full Access
Question # 21

Which option is defined by the creation and change of public cloud services managed in a repeatable and predictable fashion?

A.

platform as a service

B.

infrastructure as a service

C.

software as code

D.

infrastructure as code

Full Access
Question # 22

What subcommand invokes the Prisma Cloud Compute (PCC) edition image scanner?

A.

> twistcli images scan

B.

> twistcli project scan

C.

> twistcli scan projects

D.

> twistcli scan images

Full Access
Question # 23

Which RQL string using network query attributes returns all traffic destined for Internet or for Suspicious IPs that also exceeds 1GB?

A.

network where publicnetwork = ('Internet IPs', 'Suspicious IPs') AND bytes > 1000000000

B.

network where dest publicnetwork IN ('Internet IPs', 'Suspicious IPs') AND bytes > 1000000000

C.

show traffic where destination.network = ('Internet IPs', 'Suspicious IPs') AND bytes > 1000000000

D.

network where bytes > 1GB and destination = 'Internet IPs' OR 'Suspicious IPs'

Full Access
Question # 24

Which two template formats are supported by the Prisma Cloud infrastructure as code (laC) scan service? (Choose two.)

A.

ARM

B.

XML

C.

YAML

D.

JSON

Full Access
Question # 25

Which three features are not supported by VM-Series NGFWs on Azure Stack? (Choose three.)

A.

Azure Application Insight

B.

Resource Group

C.

Azure Security Center

D.

Bootstrapping

E.

ARM Template

Full Access
Question # 26

What are the two options to dynamically register tags used by Dynamic Address Groups that are referenced in policy? (Choose two.)

A.

VM Monitoring

B.

External Dynamic List

C.

CFT Template

D.

XML API

Full Access
Question # 27

What are two ways to initially deploy a VM-Series NGFW in Microsoft Azure? (Choose two.)

A.

through ARM Templates in the GitHub Repository

B.

through Solution Templates in the Azure Marketplace

C.

through Expedition in the Customer Success Portal

D.

through Iron Skillets in the GitHub Repository

Full Access
Question # 28

A Prisma Cloud Administrator has been asked to create a custom policy which notifies the InfoSec team each time a configuration mange is made to a Security group.

Which type of Resource Query Language (RQL) query would be used in this policy?

A.

audit from

B.

network from

C.

event from

D.

config from

Full Access
Question # 29

What occurs with the command twistcli when scanning images?

A.

If options are listed after the image name; they will be ignored.

B.

If option "--user" is used, it is mandatory to use option "--password.

C.

If option "--address" is unspecified, all images are scanned.

D.

Option "--output-file" cannot be used in conjunction with option "--details."

Full Access
Question # 30

Amazon Web Services WAF can be enabled on which two resources?(Choose two.)

A.

AWS CDN

B.

AWS NAT Gateway

C.

AWS ALB

D.

AWS NLB

Full Access
Question # 31

Which two deployment methods are supported for Prisma Cloud Compute (PCC) container Defenders? (Choose two.)

A.

Azure SQL database instances

B.

Google Kubernetes Engine

C.

Oracle Functions service

D.

Kubernetes DaemonSet

Full Access
Question # 32

can you create a custom compliance standard in Prisma Public Cloud?

A.

Generate a new Compliance Report.

B.

Create compliance framework in a spreadsheet then import into Prisma Public Cloud.

C.

From Compliance tab, clone a default framework and customize.

D.

From Compliance tab > Compliance Standards, click "Add New."

Full Access
Question # 33

A customer has just launched a Palo Alto Networks VM-Series NGFW into an Amazon Web Services VPC to protect a cloud hosted application. They are experiencing unpredictable results and have identified that the interfaces on the firewall are in the incorrect order

Which PAN-OS CLI command resolves this issue?

A.

set system setting mgmt-interface-swap enable yes

B.

set mgmt-interface settings swap yes

C.

set mgmt-interface swap yes

D.

set system setting mgmt-interface swap yes

Full Access
Question # 34

Where can rules be configured and viewed to configure trusted images?

A.

Monitor > Compliance > Trusted Images

B.

Monitor > Compliance > Images

C.

Defend > Compliance > Trusted Images

D.

Defend > Compliance > Images

Full Access