PCCSE: Prisma Certified Cloud Security Engineer


Related questions
Which two statements are true about the differences between build and run config policies? (Choose two.)
In the context of Prisma Cloud, Build and Run policies serve distinct purposes in securing cloud environments. Build policies are designed to evaluate Infrastructure as Code (IaC) templates before deployment. These policies help identify and remediate security misconfigurations in the development phase, ensuring that vulnerabilities are addressed before the infrastructure is provisioned. This proactive approach enhances security by preventing misconfigurations from reaching production environments.
On the other hand, Run policies are applied to resources that are already deployed in the cloud. These policies continuously monitor the cloud environment, detecting and alerting on potential security issues that arise in the runtime. Run policies help maintain the security posture of cloud resources by identifying deviations from established security baselines and enabling quick remediation of identified issues.
Both Build and Run policies are integral to a comprehensive cloud security strategy, addressing security concerns at different stages of the cloud resource lifecycle---from development and deployment to ongoing operation.
An administrator sees that a runtime audit has been generated for a host. The audit message is:
''Service postfix attempted to obtain capability SHELL by executing /bin/sh /usr/libexec/postfix/postfix- script.stop. Low severity audit, event is automatically added to the runtime model''
Which runtime host policy rule is the root cause for this runtime audit?
For a runtime audit generated for a host with a message indicating a service attempting to obtain capability by executing a script, the root cause for this runtime audit is most likely related to D. Default rule that alerts on suspicious runtime behavior. This default rule is designed to flag unusual or potentially harmful activities that could indicate a security risk, prompting further investigation.
Which two statements explain differences between build and run config policies? (Choose two.)
Which two information types cannot be seen in the data security dashboard? (Choose two).
An administrator needs to detect and alert on any activities performed by a root account.
Which policy type should be used?
You are an existing customer of Prisma Cloud Enterprise. You want to onboard a public cloud account and immediately see all of the alerts associated with this account based off ALL of your tenant's existing enabled policies. There is no requirement to send alerts from this account to a downstream application at this time.
Which option shows the steps required during the alert rule creation process to achieve this objective?
Review this admission control policy:
match[{'msg': msg}] { input.request.operation == 'CREATE' input.request.kind.kind == 'Pod' input.request.resource.resource == 'pods'
input.request.object.spec.containers[_].securityContext.privileged msg := 'Privileged'
}
Which response to this policy will be achieved when the effect is set to ''block''?
How are the following categorized?
Backdoor account access Hijacked processes Lateral movement
Port scanning
The activities listed (Backdoor account access, Hijacked processes, Lateral movement, Port scanning) are categorized as incidents (option B). Incidents represent security events or patterns of activity that indicate potential security breaches or malicious behavior within the environment. Prisma Cloud identifies and classifies such activities as incidents to highlight significant security concerns that require investigation and potential remediation. This categorization helps security teams prioritize their response efforts, focusing on activities that pose a real threat to the integrity and security of the cloud environment. By distinguishing incidents from other types of security findings, Prisma Cloud enables more effective incident response and threat management processes.
A Prisma Cloud Administrator onboarded an AWS cloud account with agentless scanning enabled successfully to Prisma Cloud. Which item requires deploying defenders to be able to inspect the risk on the onboarded AWS account?
Which action must be taken to enable a user to interact programmatically with the Prisma Cloud APIs and for a nonhuman entity to be enabled for the access keys?
Question