PCCSE
Free trial
Verified
Question 1
Given a default deployment of Console, a customer needs to identify the alerted compliance checks that are set by default.
Where should the customer navigate in Console?
- A: Monitor > Compliance
- B: Defend > Compliance
- C: Manage > Compliance
- D: Custom > Compliance
Question 2
A DevOps lead reviewed some system logs and notices some odd behavior that could be a data exfiltration attempt. The DevOps lead only has access to vulnerability data in Prisma Cloud Compute, so the DevOps lead passes this information to SecOps.
Which pages in Prisma Cloud Compute can the SecOps lead use to investigate the runtime aspects of this attack?
- A: The SecOps lead should investigate the attack using Vulnerability Explorer and Runtime Radar.
- B: The SecOps lead should use Incident Explorer and Compliance Explorer.
- C: The SecOps lead should use the Incident Explorer page and Monitor > Events > Container Audits.
- D: The SecOps lead should review the vulnerability scans in the CI/CD process to determine blame.
Question 3
An administrator sees that a runtime audit has been generated for a container.
The audit message is:
“/bin/ls launched and is explicitly blocked in the runtime rule. Full command: ls -latr”
Which protection in the runtime rule would cause this audit?
- A: Networking
- B: File systems
- C: Processes
- D: Container
Question 4
Which data security default policy is able to scan for vulnerabilities?
- A: Objects containing Vulnerabilities
- B: Objects containing Threats
- C: Objects containing Malware
- D: Objects containing Exploits
Question 5
Given the following audit event activity snippet:
Which RQL will be triggered by the audit event?
- A:
- B:
- C:
- D:
Question 6
Which three fields are mandatory when authenticating the Prisma Cloud plugin in the IntelliJ application? (Choose three.)
- A: Secret Key
- B: Prisma Cloud API URL
- C: Tags
- D: Access Key
- E: Asset Name
Question 7
Which of the following are correct statements regarding the use of access keys? (Choose two.)
- A: Access keys must have an expiration date
- B: Up to two access keys can be active at any time
- C: System Admin can create access key for all users
- D: Access keys are used for API calls
Question 8
Given the following RQL:
Which audit event snippet is identified by the RQL?
- A:
- B:
- C:
- D:
Question 9
The development team is building pods to host a web front end, and they want to protect these pods with an application firewall.
Which type of policy should be created to protect this pod from Layer7 attacks?
- A: The development team should create a WAAS rule for the host where these pods will be running.
- B: The development team should create a WAAS rule targeted at all resources on the host.
- C: The development team should create a runtime policy with networking protections.
- D: The development team should create a WAAS rule targeted at the image name of the pods.
Question 10
A manager informs the SOC that one or more RDS instances have been compromised and the SOC needs to make sure production RDS instances are NOT publicly accessible.
Which action should the SOC take to follow security best practices?
- A: Enable “AWS S3 bucket is publicly accessible” policy and manually remediate each alert.
- B: Enable “AWS RDS database instance is publicly accessible” policy and for each alert, check that it is a production instance, and then manually remediate.
- C: Enable “AWS S3 bucket is publicly accessible” policy and add policy to an auto-remediation alert rule.
- D: Enable “AWS RDS database instance is publicly accessible” policy and add policy to an auto-remediation alert rule.
Question 11
An administrator wants to enforce a rate limit for users not being able to post five (5) .tar.gz files within five (5) seconds.
What does the administrator need to configure?
- A: A ban for DoS protection with an average rate of 5 and file extensions match on .tar.gz on WAAS
- B: A ban for DoS protection with a burst rate of 5 and file extensions match on .tar.gz on CNNF
- C: A ban for DoS protection with a burst rate of 5 and file extensions match on .tar gz on WAAS
- D: A ban for DoS protection with an average rate of 5 and file extensions match on .tar.gz on CNNF
Question 12
What is an automatically correlated set of individual events generated by the firewall and runtime sensors to identify unfolding attacks?
- A: policy
- B: incident
- C: audit
- D: anomaly
Question 13
A customer finds that an open alert from the previous day has been resolved. No auto-remediation was configured.
Which two reasons explain this change in alert status? (Choose two.)
- A: user manually changed the alert status.
- B: policy was changed.
- C: resource was deleted.
- D: alert was sent to an external integration.
Question 14
A customer wants to monitor the company’s AWS accounts via Prisma Cloud, but only needs the resource configuration to be monitored for now.
Which two pieces of information do you need to onboard this account? (Choose two.)
- A: Cloudtrail
- B: Subscription ID
- C: Active Directory ID
- D: External ID
- E: Role ARN
Question 15
An administrator for Prisma Cloud needs to obtain a graphical view to monitor all connections, including connections across hosts and connections to any configured network objects.
Which setting does the administrator enable or configure to accomplish this task?
- A: ADEM
- B: WAAS Analytics
- C: Telemetry
- D: Cloud Native Network Firewall
- E: Host Insight
Question 16
Which two fields are required to configure SSO in Prisma Cloud? (Choose two.)
- A: Prisma Cloud Access SAML URL
- B: Identity Provider Issuer
- C: Certificate
- D: Identity Provider Logout URL
Question 17
Which two IDE plugins are supported by Prisma Cloud as part of its DevOps Security? (Choose two.)
- A: BitBucket
- B: Visual Studio Code
- C: CircleCI
- D: IntelliJ
Question 18
Which two CI/CD plugins are supported by Prisma Cloud as part of its DevOps Security? (Choose two.)
- A: BitBucket
- B: Visual Studio Code
- C: CircleCI
- D: IntelliJ
Question 19
Given the following JSON query:
$.resource[*].aws_s3_bucket exists
Which tab is the correct place to add the JSON query when creating a Config policy?
- A: Details
- B: Compliance Standards
- C: Remediation
- D: Build Your Rule (Run tab)
- E: Build Your Rule (Build tab)
Question 20
Which two attributes of policies can be fetched using API? (Choose two.)
- A: policy label
- B: policy signature
- C: policy mode
- D: policy violation
Question 21
Which two options may be used to upgrade the Defenders with a Console v20.04 and Kubernetes deployment? (Choose two.)
- A: Run the provided curl | bash script from Console to remove Defenders, and then use Cloud Discovery to automatically redeploy Defenders.
- B: Remove Defenders DaemonSet, and then use Cloud Discovery to automatically redeploy the Defenders.
- C: Remove Defenders, and then deploy the new DaemonSet so Defenders do not have to automatically update on each deployment.
- D: Let Defenders automatically upgrade.
Question 22
DRAG DROP
Move the steps to the correct order to set up and execute a serverless scan using AWS DevOps.
Question 23
A customer has a requirement to scan serverless functions for vulnerabilities.
What is the correct option to configure scanning?
- A: Configure serverless radar from the Defend > Compliance > Cloud Platforms page.
- B: Embed serverless Defender into the function.
- C: Configure a function scan policy from the Defend > Vulnerabilities > Functions page.
- D: Use Lambda layers to deploy a Defender into the function.
Question 24
Which three steps are involved in onboarding an account for Data Security? (Choose three.)
- A: Create a read-only role with in-line policies
- B: Create a Cloudtrail with SNS Topic
- C: Enable Flow Logs
- D: Enter the RoleARN and SNSARN
- E: Create a S3 bucket
Question 25
An administrator has been tasked with a requirement by your DevSecOps team to write a script to continuously query programmatically the existing users, and the user’s associated permission levels, in a Prisma Cloud Enterprise tenant.
Which public documentation location should be reviewed to help determine the required attributes to carry out this step?
- A: Prisma Cloud Administrator’s Guide (Compute)
- B: Prisma Cloud API Reference
- C: Prisma Cloud Compute API Reference
- D: Prisma Cloud Enterprise Administrator’s Guide
Free preview mode
Enjoy the free questions and consider upgrading to gain full access!