Is this exam completely free?

ExamCademy offers a free preview for every exam, covering around 20% of the total questions. Full access to all questions is available for free by signing up for an account. Optional supporters unlock AstroTutor (AI tutor) and advanced study modes.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! ExamCademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our practice questions are community-created and moderator-reviewed to align with realistic exam objectives, style, and difficulty.

PCCSE by Palo Alto Networks - Page 1 | ExamCademy

Mode Selection

Question 1

Question 2

Question 3

An administrator sees that a runtime audit has been generated for a container.

The audit message is:

“/bin/ls launched and is explicitly blocked in the runtime rule. Full command: ls -latr”

Which protection in the runtime rule would cause this audit?

A Networking
B File systems
C Processes
D Container

Question 4

Which data security default policy is able to scan for vulnerabilities?

A Objects containing Vulnerabilities
B Objects containing Threats
C Objects containing Malware
D Objects containing Exploits

Question 5

Given the following audit event activity snippet:

Question 6

Which three fields are mandatory when authenticating the Prisma Cloud plugin in the IntelliJ application? (Choose three.)

A Secret Key
B Prisma Cloud API URL
C Tags
D Access Key
E Asset Name

Question 7

Which of the following are correct statements regarding the use of access keys? (Choose two.)

A Access keys must have an expiration date
B Up to two access keys can be active at any time
C System Admin can create access key for all users
D Access keys are used for API calls

Question 8

Given the following RQL:

Question 9

The development team is building pods to host a web front end, and they want to protect these pods with an application firewall.

Which type of policy should be created to protect this pod from Layer7 attacks?

A The development team should create a WAAS rule for the host where these pods will be running.
B The development team should create a WAAS rule targeted at all resources on the host.
C The development team should create a runtime policy with networking protections.
D The development team should create a WAAS rule targeted at the image name of the pods.

Question 10

A manager informs the SOC that one or more RDS instances have been compromised and the SOC needs to make sure production RDS instances are NOT publicly accessible.

Which action should the SOC take to follow security best practices?

A Enable “AWS S3 bucket is publicly accessible” policy and manually remediate each alert.
B Enable “AWS RDS database instance is publicly accessible” policy and for each alert, check that it is a production instance, and then manually remediate.
C Enable “AWS S3 bucket is publicly accessible” policy and add policy to an auto-remediation alert rule.
D Enable “AWS RDS database instance is publicly accessible” policy and add policy to an auto-remediation alert rule.

Question 11

An administrator wants to enforce a rate limit for users not being able to post five (5) .tar.gz files within five (5) seconds.

What does the administrator need to configure?

A A ban for DoS protection with an average rate of 5 and file extensions match on .tar.gz on WAAS
B A ban for DoS protection with a burst rate of 5 and file extensions match on .tar.gz on CNNF
C A ban for DoS protection with a burst rate of 5 and file extensions match on .tar gz on WAAS
D A ban for DoS protection with an average rate of 5 and file extensions match on .tar.gz on CNNF

Question 12

What is an automatically correlated set of individual events generated by the firewall and runtime sensors to identify unfolding attacks?

A policy
B incident
C audit
D anomaly

Question 13

A customer finds that an open alert from the previous day has been resolved. No auto-remediation was configured.
Which two reasons explain this change in alert status? (Choose two.)

A user manually changed the alert status.
B policy was changed.
C resource was deleted.
D alert was sent to an external integration.

Question 14

A customer wants to monitor the company’s AWS accounts via Prisma Cloud, but only needs the resource configuration to be monitored for now.

Which two pieces of information do you need to onboard this account? (Choose two.)

A Cloudtrail
B Subscription ID
C Active Directory ID
D External ID
E Role ARN

Question 15

An administrator for Prisma Cloud needs to obtain a graphical view to monitor all connections, including connections across hosts and connections to any configured network objects.

Which setting does the administrator enable or configure to accomplish this task?

A ADEM
B WAAS Analytics
C Telemetry
D Cloud Native Network Firewall
E Host Insight

Question 16

Which two fields are required to configure SSO in Prisma Cloud? (Choose two.)

A Prisma Cloud Access SAML URL
B Identity Provider Issuer
C Certificate
D Identity Provider Logout URL

Question 17

Which two IDE plugins are supported by Prisma Cloud as part of its DevOps Security? (Choose two.)

A BitBucket
B Visual Studio Code
C CircleCI
D IntelliJ

Question 18

Which two CI/CD plugins are supported by Prisma Cloud as part of its DevOps Security? (Choose two.)

A BitBucket
B Visual Studio Code
C CircleCI
D IntelliJ

Question 19

Given the following JSON query:

$.resource[*].aws_s3_bucket exists

Which tab is the correct place to add the JSON query when creating a Config policy?

A Details
B Compliance Standards
C Remediation
D Build Your Rule (Run tab)
E Build Your Rule (Build tab)

Question 20

Which two attributes of policies can be fetched using API? (Choose two.)

A policy label
B policy signature
C policy mode
D policy violation

Question 21

Which two options may be used to upgrade the Defenders with a Console v20.04 and Kubernetes deployment? (Choose two.)

A Run the provided curl | bash script from Console to remove Defenders, and then use Cloud Discovery to automatically redeploy Defenders.
B Remove Defenders DaemonSet, and then use Cloud Discovery to automatically redeploy the Defenders.
C Remove Defenders, and then deploy the new DaemonSet so Defenders do not have to automatically update on each deployment.
D Let Defenders automatically upgrade.

Question 22

DRAG DROP

Move the steps to the correct order to set up and execute a serverless scan using AWS DevOps.

Question 23

A customer has a requirement to scan serverless functions for vulnerabilities.

What is the correct option to configure scanning?

A Configure serverless radar from the Defend > Compliance > Cloud Platforms page.
B Embed serverless Defender into the function.
C Configure a function scan policy from the Defend > Vulnerabilities > Functions page.
D Use Lambda layers to deploy a Defender into the function.

Question 24

Which three steps are involved in onboarding an account for Data Security? (Choose three.)

A Create a read-only role with in-line policies
B Create a Cloudtrail with SNS Topic
C Enable Flow Logs
D Enter the RoleARN and SNSARN
E Create a S3 bucket

Question 25

An administrator has been tasked with a requirement by your DevSecOps team to write a script to continuously query programmatically the existing users, and the user’s associated permission levels, in a Prisma Cloud Enterprise tenant.

Which public documentation location should be reviewed to help determine the required attributes to carry out this step?

A Prisma Cloud Administrator’s Guide (Compute)
B Prisma Cloud API Reference
C Prisma Cloud Compute API Reference
D Prisma Cloud Enterprise Administrator’s Guide

Page 1 of 10 • Questions 1-25 of 247

1 2 3 4 5

→

Know a question that should be here? Contribute to this exam

Given a default deployment of Console, a customer needs to identify the alerted compliance checks that are set by default.
Where should the customer navigate in Console?

A Monitor > Compliance
B Defend > Compliance
C Manage > Compliance
D Custom > Compliance

A DevOps lead reviewed some system logs and notices some odd behavior that could be a data exfiltration attempt. The DevOps lead only has access to vulnerability data in Prisma Cloud Compute, so the DevOps lead passes this information to SecOps.
Which pages in Prisma Cloud Compute can the SecOps lead use to investigate the runtime aspects of this attack?

A The SecOps lead should investigate the attack using Vulnerability Explorer and Runtime Radar.
B The SecOps lead should use Incident Explorer and Compliance Explorer.
C The SecOps lead should use the Incident Explorer page and Monitor > Events > Container Audits.
D The SecOps lead should review the vulnerability scans in the CI/CD process to determine blame.

Which RQL will be triggered by the audit event?

A
B
C
D

Which audit event snippet is identified by the RQL?

A
B
C
D

PCCSEPreview