ExamGecko
Search Search Login
Home Home / Palo Alto Networks / PCCSE

Palo Alto Networks PCCSE Practice Test - Questions Answers, Page 10

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which three types of runtime rules can be created? (Choose three.)
DRAG DROP What is the order of steps in a Jenkins pipeline scan? (Drag the steps into the correct order of occurrence, from the first step to the last.)
DRAG DROP Match the correct scanning mode for each given operation. (Select your answer from the pull-down list. Answers may be used more than once or not at all.)
Which type of query is used for scanning Infrastructure as Code (laC) templates?
Where can a user submit an external new feature request?
What should be used to associate Prisma Cloud policies with compliance frameworks?
Which two variables must be modified to achieve automatic remediation for identity and access management (IAM) alerts in Azure cloud? (Choose two.)
A customer has a requirement to restrict any container from resolving the name www.evil-url.com . How should the administrator configure Prisma Cloud Compute to satisfy this requirement?
A Prisma Cloud administrator is onboarding a single GCP project to Prisma Cloud. Which two steps can be performed by the Terraform script? (Choose two.)
DRAG DROP You wish to create a custom policy with build and run subtypes. Match the query types for each example. (Select your answer from the pull-down list. Answers may be used more than once or not at all.)

Question 91

Report
Export
Collapse

A customer has a requirement to restrict any container from resolving the name www.evil-url.com.

How should the administrator configure Prisma Cloud Compute to satisfy this requirement?

A.
Choose ''copy into rule'' for any Container, set www.evil-url.com as a blocklisted DNS name in the Container policy and set the policy effect to alert.
A.
Choose ''copy into rule'' for any Container, set www.evil-url.com as a blocklisted DNS name in the Container policy and set the policy effect to alert.
Answers
B.
Set www.evil-url.com as a blocklisted DNS name in the default Container runtime policy, and set the effect to block.
B.
Set www.evil-url.com as a blocklisted DNS name in the default Container runtime policy, and set the effect to block.
Answers
C.
Choose ''copy into rule'' for any Container, set www.evil-url.com as a blocklisted DNS name, and set the effect to prevent.
C.
Choose ''copy into rule'' for any Container, set www.evil-url.com as a blocklisted DNS name, and set the effect to prevent.
Answers
D.
Set www.evil-url.com as a blocklisted DNS name in the default Container policy and set the effect to prevent.
D.
Set www.evil-url.com as a blocklisted DNS name in the default Container policy and set the effect to prevent.
Answers
Suggested answer: D

Explanation:

To restrict any container from resolving the name www.evil-url.com, the administrator should set www.evil-url.com as a blocklisted DNS name in the default Container policy and set the effect to prevent. This configuration in Prisma Cloud, or similar CSPM tools, ensures that any attempt to resolve the specified blocklisted DNS name within any container will be prevented, thus enhancing security by proactively blocking potential communication with known malicious domains.

Reference to this feature can be found in the documentation of CSPM tools that offer runtime protection for containers. These tools allow administrators to define security policies that can include DNS-based controls to prevent containers from accessing known malicious or undesirable URLs, thereby preventing potential data exfiltration, malware communication, or other security threats

Question 92

Report
Export
Collapse

Which API calls can scan an image named myimage: latest with twistcli and then retrieve the results from Console?

A.
$ twistcli images scan \ --address \ --user \ --password \ --verbose \ myimage: latest
A.
$ twistcli images scan \ --address \ --user \ --password \ --verbose \ myimage: latest
Answers
B.
$ twistcli images scan \ --address \ --user \ --password \ --details \ myimage: latest
B.
$ twistcli images scan \ --address \ --user \ --password \ --details \ myimage: latest
Answers
C.
$ twistcli images scan \ --address \ --user \ --password \ myimage: latest
C.
$ twistcli images scan \ --address \ --user \ --password \ myimage: latest
Answers
D.
$ twistcli images scan \ --address \ --user \ --password \ --console \ myimage: latest
D.
$ twistcli images scan \ --address \ --user \ --password \ --console \ myimage: latest
Answers
Suggested answer: B

Explanation:

You can have twistcli generate a detailed report for each scan. The following procedure shows you how to scan an image with twistcli, and then retrieve the results from Console.

https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/tools/twistcli_scan_images

Question 93

Report
Export
Collapse

Given the following RQL:

event from cloud.audit_logs where operation IN ('CreateCryptoKey', 'DestroyCryptoKeyVersion', 'v1.compute.disks.createSnapshot')

Which audit event snippet is identified?

A)

B)

C)

D)

A.
Option A
A.
Option A
Answers
B.
Option B
B.
Option B
Answers
C.
Option C
C.
Option C
Answers
D.
Option D
D.
Option D
Answers
Suggested answer: C

Explanation:

The given RQL (Resource Query Language) query is looking for specific audit events related to cryptographic key actions and snapshot creation. The snippet that matches this query is Option C, which contains the statement indicating permissions that allow any action ('Action': '*') and the reference to the version date '2012-10-17' that corresponds to the policy within the audit log.

This can be cross-referenced with cloud provider documentation, such as AWS CloudTrail or Google Cloud Audit Logs, which record user activities and API usage. The RQL provided would be used in a CSPM tool to query these audit logs for the specified events.

Question 94

Report
Export
Collapse

Which two of the following are required to be entered on the IdP side when setting up SSO in Prisma Cloud? (Choose two.)

A.
Username
A.
Username
Answers
B.
SSO Certificate
B.
SSO Certificate
Answers
C.
Assertion Consumer Service (ACS) URL
C.
Assertion Consumer Service (ACS) URL
Answers
D.
SP (Service Provider) Entity ID
D.
SP (Service Provider) Entity ID
Answers
Suggested answer: C, D

Explanation:

When setting up Single Sign-On (SSO) in Prisma Cloud on the Identity Provider (IdP) side, it is essential to configure the Assertion Consumer Service (ACS) URL and the Service Provider (SP) Entity ID. The ACS URL is the endpoint to which the IdP will send the SAML assertion, and the SP Entity ID is a unique identifier for the service provider that often resembles a URL but does not necessarily point to a location. These elements are crucial for establishing the trust relationship between the IdP and the service provider, enabling secure user authentication and authorization.

Question 95

Report
Export
Collapse

An administrator sees that a runtime audit has been generated for a container.

The audit message is:

''/bin/ls launched and is explicitly blocked in the runtime rule. Full command: ls -latr''

Which protection in the runtime rule would cause this audit?

A.
Networking
A.
Networking
Answers
B.
File systems
B.
File systems
Answers
C.
Processes
C.
Processes
Answers
D.
Container
D.
Container
Answers
Suggested answer: C

Explanation:

The protection in the runtime rule that would cause the audit message indicating '/bin/ls launched and is explicitly blocked in the runtime rule' is related to 'Processes'. In container security, a runtime rule set to monitor and restrict processes can block specific executables or commands from running within a container. If the rule is triggered, it indicates that a process that is explicitly denied by the policy attempted to execute, which in this case is the 'ls' command.

https://docs.paloaltonetworks.com/prisma/prisma-cloud/22-12/prisma-cloud-compute-edition-admin/runtime_defense/runtime_audits

Question 96

Report
Export
Collapse

Which data security default policy is able to scan for vulnerabilities?

A.
Objects containing Vulnerabilities
A.
Objects containing Vulnerabilities
Answers
B.
Objects containing Threats
B.
Objects containing Threats
Answers
C.
Objects containing Malware
C.
Objects containing Malware
Answers
D.
Objects containing Exploits
D.
Objects containing Exploits
Answers
Suggested answer: C

Explanation:

The data security default policy capable of scanning for vulnerabilities is 'Objects containing Malware'. In cloud security, malware scanning is an essential feature of CSPM tools that allows for the identification of malicious software within objects stored in the cloud. A policy that scans for objects containing malware ensures that any files or code bases in the cloud environment are examined for potential threats, protecting the cloud resources from being compromised.

Question 97

Report
Export
Collapse

Which three fields are mandatory when authenticating the Prisma Cloud plugin in the IntelliJ application? (Choose three.)

A.
Secret Key
A.
Secret Key
Answers
B.
Prisma Cloud API URL
B.
Prisma Cloud API URL
Answers
C.
Tags
C.
Tags
Answers
D.
Access Key
D.
Access Key
Answers
E.
Asset Name
E.
Asset Name
Answers
Suggested answer: A, B, D

Explanation:

When authenticating the Prisma Cloud plugin in the IntelliJ application, the mandatory fields are the Secret Key, Prisma Cloud API URL, and Access Key. These credentials are required to securely authenticate and enable the plugin to communicate with the Prisma Cloud API, ensuring that the plugin can perform its intended functions within the development environment.

Question 98

Report
Export
Collapse

Which of the following are correct statements regarding the use of access keys? (Choose two.)

A.
Access keys must have an expiration date
A.
Access keys must have an expiration date
Answers
B.
Up to two access keys can be active at any time
B.
Up to two access keys can be active at any time
Answers
C.
System Admin can create access key for all users
C.
System Admin can create access key for all users
Answers
D.
Access keys are used for API calls
D.
Access keys are used for API calls
Answers
Suggested answer: B, D

Explanation:

Regarding the use of access keys, it is correct that up to two access keys can be active at any time for a single IAM user in AWS, and access keys are used for programmatic API calls to AWS services. This allows for rotation of keys without immediate invalidation of the old key and ensures secure access to AWS services via APIs.

Question 99

Report
Export
Collapse

The development team is building pods to host a web front end, and they want to protect these pods with an application firewall.

Which type of policy should be created to protect this pod from Layer7 attacks?

A.
The development team should create a WAAS rule for the host where these pods will be running.
A.
The development team should create a WAAS rule for the host where these pods will be running.
Answers
B.
The development team should create a WAAS rule targeted at all resources on the host.
B.
The development team should create a WAAS rule targeted at all resources on the host.
Answers
C.
The development team should create a runtime policy with networking protections.
C.
The development team should create a runtime policy with networking protections.
Answers
D.
The development team should create a WAAS rule targeted at the image name of the pods.
D.
The development team should create a WAAS rule targeted at the image name of the pods.
Answers
Suggested answer: D

Explanation:

To protect the pods hosting a web front end from Layer 7 attacks, the development team should create a Web Application and API Security (WAAS) rule targeted at the image name of the pods. This approach allows the policy to specifically protect the applications running within the pods against sophisticated attacks that target the application layer.

https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/waas/deploy_waas

Question 100

Report
Export
Collapse

A manager informs the SOC that one or more RDS instances have been compromised and the SOC needs to make sure production RDS instances are NOT publicly accessible.

Which action should the SOC take to follow security best practices?

A.
Enable ''AWS S3 bucket is publicly accessible'' policy and manually remediate each alert.
A.
Enable ''AWS S3 bucket is publicly accessible'' policy and manually remediate each alert.
Answers
B.
Enable ''AWS RDS database instance is publicly accessible'' policy and for each alert, check that it is a production instance, and then manually remediate.
B.
Enable ''AWS RDS database instance is publicly accessible'' policy and for each alert, check that it is a production instance, and then manually remediate.
Answers
C.
Enable ''AWS S3 bucket is publicly accessible'' policy and add policy to an auto-remediation alert rule.
C.
Enable ''AWS S3 bucket is publicly accessible'' policy and add policy to an auto-remediation alert rule.
Answers
D.
Enable ''AWS RDS database instance is publicly accessible'' policy and add policy to an auto-remediation alert rule.
D.
Enable ''AWS RDS database instance is publicly accessible'' policy and add policy to an auto-remediation alert rule.
Answers
Suggested answer: B

Explanation:

Following best practices, the Security Operations Center (SOC) should enable a policy that checks for publicly accessible AWS RDS database instances and then manually remediate each instance confirmed to be part of the production environment. This approach ensures that only those resources that should not be publicly accessible are modified, avoiding unintended access restrictions on non-production instances.

Total 260 questions
Go to page: of 26
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms