What is the behavior of Defenders when the Console is unreachable during upgrades?

Defenders continue to alert and enforce using the policies and settings most recently cached before upgrading the Console.

Defenders continue to alert, but not enforce, using the policies and settings most recently cached before upgrading the Console.

Defenders will fail closed until the web-socket can be re-established.

Defenders will fail open until the web-socket can be re-established.

Defenders continue to alert and enforce using the policies and settings most recently cached before upgrading the Console.

Which option shows the steps to install the Console in a Kubernetes Cluster?

Download and extract release tarball Generate YAML for Console Deploy Console YAML using kubectl

Download the Console and Defender image Generate YAML for Defender Deploy Defender YAML using kubectl

Download and extract release tarball Generate YAML for Console Deploy Console YAML using kubectl

Download the Console and Defender image Download YAML for Defender from the document site Deploy Defender YAML using kubectl

Download and extract release tarball Download the YAML for Console Deploy Console YAML using kubectl

A customer has a requirement to automatically protect all Lambda functions with runtime protection. What is the process to automatically protect all the Lambda functions?

Configure a serverless auto-protect rule for the functions.

Configure a function scan policy from the Defend/Vulnerabilities/Functions page.

Configure serverless radar from the Defend/Compliance/Cloud Platforms page.

Configure a manually embedded Lambda Defender.

Configure a serverless auto-protect rule for the functions.

Which statement accurately characterizes SSO Integration on Prisma Cloud?

Okta, Azure Active Directory, PingID, and others are supported via SAML.

Prisma Cloud supports IdP initiated SSO, and its SAML endpoint supports the POST and GET methods.

Okta, Azure Active Directory, PingID, and others are supported via SAML.

An administrator can configure different Identity Providers (IdP) for all the cloud accounts that Prisma Cloud monitors.

An administrator who needs to access the Prisma Cloud API can use SSO after configuration.

What are two ways to scan container images in Jenkins pipelines? (Choose two.)

Prisma Cloud Visual Studio Code plugin with Jenkins integration

A customer wants to harden its environment from misconfiguration.Prisma Cloud Compute Compliance enforcement for hosts covers which three options? (Choose three.)

Docker daemon configuration files

A customer has Defenders connected to Prisma Cloud Enterprise. The Defenders are deployed as a DaemonSet in OpenShift.How should the administrator get a report of vulnerabilities on hosts?

Navigate to Monitor > Vulnerabilities > Hosts

Navigate to Monitor > Vulnerabilities > CVE Viewer

Navigate to Defend > Vulnerabilities > VM Images

Navigate to Defend > Vulnerabilities > Hosts

Navigate to Monitor > Vulnerabilities > Hosts

You have onboarded a public cloud account into Prisma Cloud Enterprise. Configuration Resource ingestion is visible in the Asset Inventory for the onboarded account, but no alerts are being generated for the configuration assets in the account.Config policies are enabled in the Prisma Cloud Enterprise tenant, with those policies associated to existing alert rules. ROL statements on the investigate matching those policies return config resource results successfully.Why are no alerts being generated?

The public cloud account is not associated with an alert rule.

The public cloud account is not associated with an alert notification.

The public cloud account does not have audit trail ingestion enabled.

The public cloud account does not access to configuration resources.

The public cloud account is not associated with an alert rule.

The security team wants to target a CNAF policy for specific running Containers. How should the administrator scope the policy to target the Containers?

scope the policy to Image names.

scope the policy to namespaces.

scope the policy to Defender names.

scope the policy to Host names.

An administrator has access to a Prisma Cloud Enterprise.What are the steps to deploy a single container Defender on an ec2 node?

Execute the curl | bash script on the ec2 node.

Pull the Defender image to the ec2 node, copy and execute the curl | bash script, and start the Defender to ensure it is running.

Execute the curl | bash script on the ec2 node.

Configure the cloud credential in the console and allow cloud discovery to auto-protect the ec2 node.

Generate DaemonSet file and apply DaemonSet to the twistlock namespace.

A customer is deploying Defenders to a Fargate environment. It wants to understand the vulnerabilities in the image it is deploying.How should the customer automate vulnerability scanning for images deployed to Fargate?

Set up a vulnerability scanner on the registry

Embed a Fargate Defender to automatically scan for vulnerabilities

Designate a Fargate Defender to serve a dedicated image scanner

Use Cloud Compliance to identify misconfigured AWS accounts

Which container image scan is constructed correctly?

twistcli images scan --address https://us-west1.cloud.twistlock.com/us-3-123456789 myimage/latest

twistcli images scan --docker-address https://us-west1.cloud.twistlock.com/us-3-123456789 myimage/ latest

twistcli images scan --address https://us-west1.cloud.twistlock.com/us-3-123456789 myimage/latest

twistcli images scan --address https://us-west1.cloud.twistlock.com/us-3-123456789 --container myimage/ latest

twistcli images scan --address https://us-west1.cloud.twistlock.com/us-3-123456789 --container myimage/ latest --details

Which two processes ensure that builds can function after a Console upgrade? (Choose two.)

updating any build environments that have twistcli included to use the latest version

configuring build pipelines to download twistcli at the start of each build

allowing Jenkins to automatically update the plugin

updating any build environments that have twistcli included to use the latest version

configuring build pipelines to download twistcli at the start of each build

creating a new policy that allows older versions of twistcli to connect the Console

Which action would be applicable after enabling anomalous compute provisioning?

It detects potential creation of an unauthorized network of compute instances either accidentally or for cryptojacking.

It detects the activity caused by the spambot.

It detects unusual server port activity or unusual protocol activity from a client within or outside the cloud environment.

It detects potential creation of an unauthorized network of compute instances with AutoFocus.

It detects potential creation of an unauthorized network of compute instances either accidentally or for cryptojacking.

What is the function of the external ID when onboarding a new Amazon Web Services (AWS) account in Prisma Cloud?

It is a UUID that establishes a trust relationship between the Prisma Cloud account and the AWS account in order to extract data.

It is a unique identifier needed only when Monitor & Protect mode is selected.

It is the resource name for the Prisma Cloud Role.

It is a UUID that establishes a trust relationship between the Prisma Cloud account and the AWS account in order to extract data.

It is the default name of the PrismaCloudApp stack.

Which IAM Azure RQL query would correctly generate an output to view users who have sufficient permissions to create security groups within Azure AD and create applications?

config from cloud.resource where api.name = 'azure-active-directory-authorization-policy' AND json.rule = defaultUserRolePermissions.allowedToCreateSecurityGroups is true and defaultUserRolePermissions.allowedToCreateApps is true

config where api.name = 'azure-active-directory-authorization-policy' AND json.rule = defaultUserRolePermissions.allowedToCreateSecurityGroups is true and defaultUserRolePermissions.allowedToCreateApps is true

config from cloud.resource where api.name = 'azure-active-directory-authorization-policy' AND json.rule = defaultUserRolePermissions exists

config from network where api.name = 'azure-active-directory-authorization-policy' AND json.rule = defaultUserRolePermissions.allowedToCreateSecurityGroups is false and defaultUserRolePermissions.allowedToCreateApps is true

config from cloud.resource where api.name = 'azure-active-directory-authorization-policy' AND json.rule = defaultUserRolePermissions.allowedToCreateSecurityGroups is true and defaultUserRolePermissions.allowedToCreateApps is true

Which two actions are required in order to use the automated method within Amazon Web Services (AWS) Cloud to streamline the process of using remediation in the identity and access management (IAM) module? (Choose two.)

Install boto3 & requests library.

Configure IAM AWS remediation script.

Install boto3 & requests library.

Configure IAM Azure remediation script.

Integrate with Azure Service Bus.

Configure IAM AWS remediation script.

Review this admission control policy:match[{'msg': msg}] { input.request.operation == 'CREATE' input.request.kind.kind == 'Pod' input.request.resource.resource == 'pods'input.request.object.spec.containers[_].securityContext.privileged msg := 'Privileged'}Which response to this policy will be achieved when the effect is set to ''block''?

The policy will block the creation of a privileged pod.

The policy will block all pods on a Privileged host.

The policy will replace Defender with a privileged Defender.

The policy will alert only the administrator when a privileged pod is created.

The policy will block the creation of a privileged pod.

Per security requirements, an administrator needs to provide a list of people who are receiving e-mails for Prisma Cloud alerts.Where can the administrator locate this list of e-mail recipients?

Set Alert Notification section within an Alert Rule.

Target section within an Alert Rule.

Notification Template section within Alerts.

Set Alert Notification section within an Alert Rule.

A customer wants to scan a serverless function as part of a build process. Which twistcli command can be used to scan serverless functions?

twiscli serverless scan <SERVERLESS_FUNCTION.ZIP>

twistcli function scan <SERVERLESS_FUNCTION.ZIP>

twistcli scan serverless <SERVERLESS_FUNCTION.ZIP>

twistcli serverless AWS <SERVERLESS_FUNCTION.ZIP>

twiscli serverless scan <SERVERLESS_FUNCTION.ZIP>

A customer has a development environment with 50 connected Defenders. A maintenance window is set for Monday to upgrade 30 stand-alone Defenders in the development environment, but there is no maintenance window available until Sunday to upgrade the remaining 20 stand-alone Defenders.Which recommended action manages this situation?

Upgrade a subset of the Defenders by clicking the individual Actions > Upgrade button in the row that corresponds to the Defender that should be upgraded during the maintenance window.

Go to Manage > Defender > Manage, then click Defenders, and use the Scheduler to choose which Defenders will be automatically upgraded during the maintenance window.

Find a maintenance window that is suitable to upgrade all stand-alone Defenders in the development environment.

Upgrade a subset of the Defenders by clicking the individual Actions > Upgrade button in the row that corresponds to the Defender that should be upgraded during the maintenance window.

Open a support case with Palo Alto Networks to arrange an automatic upgrade.

A security team has been asked to create a custom policy.Which two methods can the team use to accomplish this goal? (Choose two.)

disable an out-of-the-box policy

edit the query in the out-of-the-box policy

The security auditors need to ensure that given compliance checks are being run on the host. Which option is a valid host compliance policy?

Ensure compliant Docker daemon configuration.

Ensure functions are not overly permissive.

Ensure host devices are not directly exposed to containers.

Ensure images are created with a non-root user.

Ensure compliant Docker daemon configuration.

A customer has a large environment that needs to upgrade Console without upgrading all Defenders at one time.What are two prerequisites prior to performing a rolling upgrade of Defenders? (Choose two.)

manual installation of the latest twistcli tool prior to the rolling upgrade

an existing Console at version n-1

manual installation of the latest twistcli tool prior to the rolling upgrade

all Defenders set in read-only mode before execution of the rolling upgrade

a second location where you can install the Console

additional workload licenses are required to perform the rolling upgrade

an existing Console at version n-1

An administrator sees that a runtime audit has been generated for a Container. The audit message is ''DNS resolution of suspicious name wikipedia.com. type A''.Why would this message appear as an audit?

The DNS was not learned as part of the Container model or added to the DNS allow list.

This is a DNS known to be a source of malware.

The process calling out to this domain was not part of the Container model.

The Layer7 firewall detected this as anomalous behavior.

Which three options are selectable in a CI policy for image scanning with Jenkins or twistcli? (Choose three.)

Scope - Scans run on a particular host

Apply rule only when vendor fixes are available

Scope - Scans run on a particular host

Apply rule only when vendor fixes are available

Palo Alto Networks PCCSE Practice Test 2 - Free Online Exam Prep & Questions

Question 1 / 40

The Unusual protocol activity (Internal) network anomaly is generating too many alerts. An administrator has been asked to tune it to the option that will generate the least number of events without disabling it entirely.

Which strategy should the administrator use to achieve this goal?

Disable the policy

Set the Alert Disposition to Conservative

Change the Training Threshold to Low

Set Alert Disposition to Aggressive

Comment (0)

Palo Alto Networks PCCSE Practice Test 2

Question

Palo Alto Networks PCCSE Practice Tests

Practice Tests