ExamGecko
Ask Question

PCCSE: Prisma Certified Cloud Security Engineer

Exam Questions:
260
 Learners
  2.370
Last Updated
April - 2025
Language
English
7 Quizzes
PDF | VPLUS
This study guide should help you understand what to expect on the exam and includes a summary of the topics the exam might cover and links to additional resources. The information and materials in this document should help you focus your studies as you prepare for the exam.

Related questions

Which two statements are true about the differences between build and run config policies? (Choose two.)

Run and Network policies belong to the configuration policy set.
Run and Network policies belong to the configuration policy set.
Build and Audit Events policies belong to the configuration policy set.
Build and Audit Events policies belong to the configuration policy set.
Run policies monitor resources, and check for potential issues after these cloud resources are deployed.
Run policies monitor resources, and check for potential issues after these cloud resources are deployed.
Build policies enable you to check for security misconfigurations in the IaC templates and ensure that these issues do not get into production.
Build policies enable you to check for security misconfigurations in the IaC templates and ensure that these issues do not get into production.
Run policies monitor network activities in your environment, and check for potential issues during runtime.
Run policies monitor network activities in your environment, and check for potential issues during runtime.
Suggested answer: C, D
Explanation:

In the context of Prisma Cloud, Build and Run policies serve distinct purposes in securing cloud environments. Build policies are designed to evaluate Infrastructure as Code (IaC) templates before deployment. These policies help identify and remediate security misconfigurations in the development phase, ensuring that vulnerabilities are addressed before the infrastructure is provisioned. This proactive approach enhances security by preventing misconfigurations from reaching production environments.

On the other hand, Run policies are applied to resources that are already deployed in the cloud. These policies continuously monitor the cloud environment, detecting and alerting on potential security issues that arise in the runtime. Run policies help maintain the security posture of cloud resources by identifying deviations from established security baselines and enabling quick remediation of identified issues.

Both Build and Run policies are integral to a comprehensive cloud security strategy, addressing security concerns at different stages of the cloud resource lifecycle---from development and deployment to ongoing operation.

asked 23/09/2024
William Hopson
35 questions

An administrator sees that a runtime audit has been generated for a host. The audit message is:

''Service postfix attempted to obtain capability SHELL by executing /bin/sh /usr/libexec/postfix/postfix- script.stop. Low severity audit, event is automatically added to the runtime model''

Which runtime host policy rule is the root cause for this runtime audit?

Custom rule with specific configuration for file integrity
Custom rule with specific configuration for file integrity
Custom rule with specific configuration for networking
Custom rule with specific configuration for networking
Default rule that alerts on capabilities
Default rule that alerts on capabilities
Default rule that alerts on suspicious runtime behavior
Default rule that alerts on suspicious runtime behavior
Suggested answer: D
Explanation:

For a runtime audit generated for a host with a message indicating a service attempting to obtain capability by executing a script, the root cause for this runtime audit is most likely related to D. Default rule that alerts on suspicious runtime behavior. This default rule is designed to flag unusual or potentially harmful activities that could indicate a security risk, prompting further investigation.

asked 23/09/2024
Martin Mannsbarth
38 questions

Which two statements explain differences between build and run config policies? (Choose two.)

Become a Premium Member for full access
  Unlock Premium Member

Which two information types cannot be seen in the data security dashboard? (Choose two).

Become a Premium Member for full access
  Unlock Premium Member

An administrator needs to detect and alert on any activities performed by a root account.

Which policy type should be used?

Become a Premium Member for full access
  Unlock Premium Member

You are an existing customer of Prisma Cloud Enterprise. You want to onboard a public cloud account and immediately see all of the alerts associated with this account based off ALL of your tenant's existing enabled policies. There is no requirement to send alerts from this account to a downstream application at this time.

Which option shows the steps required during the alert rule creation process to achieve this objective?

Become a Premium Member for full access
  Unlock Premium Member

Review this admission control policy:

match[{'msg': msg}] { input.request.operation == 'CREATE' input.request.kind.kind == 'Pod' input.request.resource.resource == 'pods'

input.request.object.spec.containers[_].securityContext.privileged msg := 'Privileged'

}

Which response to this policy will be achieved when the effect is set to ''block''?

Become a Premium Member for full access
  Unlock Premium Member

How are the following categorized?

Backdoor account access Hijacked processes Lateral movement

Port scanning

audits
audits
incidents
incidents
admission controllers
admission controllers
models
models
Suggested answer: B
Explanation:

The activities listed (Backdoor account access, Hijacked processes, Lateral movement, Port scanning) are categorized as incidents (option B). Incidents represent security events or patterns of activity that indicate potential security breaches or malicious behavior within the environment. Prisma Cloud identifies and classifies such activities as incidents to highlight significant security concerns that require investigation and potential remediation. This categorization helps security teams prioritize their response efforts, focusing on activities that pose a real threat to the integrity and security of the cloud environment. By distinguishing incidents from other types of security findings, Prisma Cloud enables more effective incident response and threat management processes.

asked 23/09/2024
Javier Portabales
44 questions

A Prisma Cloud Administrator onboarded an AWS cloud account with agentless scanning enabled successfully to Prisma Cloud. Which item requires deploying defenders to be able to inspect the risk on the onboarded AWS account?

Become a Premium Member for full access
  Unlock Premium Member

Which action must be taken to enable a user to interact programmatically with the Prisma Cloud APIs and for a nonhuman entity to be enabled for the access keys?

Become a Premium Member for full access
  Unlock Premium Member