ExamGecko
Ask Question

Palo Alto Networks PCCSE Practice Test - Questions Answers, Page 10

Question list
Search

List of questions

Search

Related questions











Question 91

Report
Export
Collapse

A customer has a requirement to restrict any container from resolving the name www.evil-url.com.

How should the administrator configure Prisma Cloud Compute to satisfy this requirement?

Choose ''copy into rule'' for any Container, set www.evil-url.com as a blocklisted DNS name in the Container policy and set the policy effect to alert.
Choose ''copy into rule'' for any Container, set www.evil-url.com as a blocklisted DNS name in the Container policy and set the policy effect to alert.
Set www.evil-url.com as a blocklisted DNS name in the default Container runtime policy, and set the effect to block.
Set www.evil-url.com as a blocklisted DNS name in the default Container runtime policy, and set the effect to block.
Choose ''copy into rule'' for any Container, set www.evil-url.com as a blocklisted DNS name, and set the effect to prevent.
Choose ''copy into rule'' for any Container, set www.evil-url.com as a blocklisted DNS name, and set the effect to prevent.
Set www.evil-url.com as a blocklisted DNS name in the default Container policy and set the effect to prevent.
Set www.evil-url.com as a blocklisted DNS name in the default Container policy and set the effect to prevent.
Suggested answer: D

Explanation:

To restrict any container from resolving the name www.evil-url.com, the administrator should set www.evil-url.com as a blocklisted DNS name in the default Container policy and set the effect to prevent. This configuration in Prisma Cloud, or similar CSPM tools, ensures that any attempt to resolve the specified blocklisted DNS name within any container will be prevented, thus enhancing security by proactively blocking potential communication with known malicious domains.

Reference to this feature can be found in the documentation of CSPM tools that offer runtime protection for containers. These tools allow administrators to define security policies that can include DNS-based controls to prevent containers from accessing known malicious or undesirable URLs, thereby preventing potential data exfiltration, malware communication, or other security threats

asked 23/09/2024
Robert Rek
46 questions

Question 92

Report
Export
Collapse

Which API calls can scan an image named myimage: latest with twistcli and then retrieve the results from Console?

$ twistcli images scan \ --address \ --user \ --password \ --verbose \ myimage: latest
$ twistcli images scan \ --address \ --user \ --password \ --verbose \ myimage: latest
$ twistcli images scan \ --address \ --user \ --password \ --details \ myimage: latest
$ twistcli images scan \ --address \ --user \ --password \ --details \ myimage: latest
$ twistcli images scan \ --address \ --user \ --password \ myimage: latest
$ twistcli images scan \ --address \ --user \ --password \ myimage: latest
$ twistcli images scan \ --address \ --user \ --password \ --console \ myimage: latest
$ twistcli images scan \ --address \ --user \ --password \ --console \ myimage: latest
Suggested answer: B

Explanation:

You can have twistcli generate a detailed report for each scan. The following procedure shows you how to scan an image with twistcli, and then retrieve the results from Console.

https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/tools/twistcli_scan_images

asked 23/09/2024
AXEL AXELOPOULOS
41 questions

Question 93

Report
Export
Collapse

Given the following RQL:

event from cloud.audit_logs where operation IN ('CreateCryptoKey', 'DestroyCryptoKeyVersion', 'v1.compute.disks.createSnapshot')

Which audit event snippet is identified?

A)

Palo Alto Networks PCCSE image Question 93 53557 09232024001133000000

B)

Palo Alto Networks PCCSE image Question 93 53557 09232024001133000000

C)

Palo Alto Networks PCCSE image Question 93 53557 09232024001133000000

D)

Palo Alto Networks PCCSE image Question 93 53557 09232024001133000000

Option A
Option A
Option B
Option B
Option C
Option C
Option D
Option D
Suggested answer: C

Explanation:

The given RQL (Resource Query Language) query is looking for specific audit events related to cryptographic key actions and snapshot creation. The snippet that matches this query is Option C, which contains the statement indicating permissions that allow any action ('Action': '*') and the reference to the version date '2012-10-17' that corresponds to the policy within the audit log.

This can be cross-referenced with cloud provider documentation, such as AWS CloudTrail or Google Cloud Audit Logs, which record user activities and API usage. The RQL provided would be used in a CSPM tool to query these audit logs for the specified events.

asked 23/09/2024
Laura Reyero
38 questions

Question 94

Report
Export
Collapse

Which two of the following are required to be entered on the IdP side when setting up SSO in Prisma Cloud? (Choose two.)

Username
Username
SSO Certificate
SSO Certificate
Assertion Consumer Service (ACS) URL
Assertion Consumer Service (ACS) URL
SP (Service Provider) Entity ID
SP (Service Provider) Entity ID
Suggested answer: C, D

Explanation:

When setting up Single Sign-On (SSO) in Prisma Cloud on the Identity Provider (IdP) side, it is essential to configure the Assertion Consumer Service (ACS) URL and the Service Provider (SP) Entity ID. The ACS URL is the endpoint to which the IdP will send the SAML assertion, and the SP Entity ID is a unique identifier for the service provider that often resembles a URL but does not necessarily point to a location. These elements are crucial for establishing the trust relationship between the IdP and the service provider, enabling secure user authentication and authorization.

asked 23/09/2024
Pavol Adamcin
35 questions

Question 95

Report
Export
Collapse

An administrator sees that a runtime audit has been generated for a container.

The audit message is:

''/bin/ls launched and is explicitly blocked in the runtime rule. Full command: ls -latr''

Which protection in the runtime rule would cause this audit?

Networking
Networking
File systems
File systems
Processes
Processes
Container
Container
Suggested answer: C

Explanation:

The protection in the runtime rule that would cause the audit message indicating '/bin/ls launched and is explicitly blocked in the runtime rule' is related to 'Processes'. In container security, a runtime rule set to monitor and restrict processes can block specific executables or commands from running within a container. If the rule is triggered, it indicates that a process that is explicitly denied by the policy attempted to execute, which in this case is the 'ls' command.

https://docs.paloaltonetworks.com/prisma/prisma-cloud/22-12/prisma-cloud-compute-edition-admin/runtime_defense/runtime_audits

asked 23/09/2024
Friedrich Spies
29 questions

Question 96

Report
Export
Collapse

Which data security default policy is able to scan for vulnerabilities?

Objects containing Vulnerabilities
Objects containing Vulnerabilities
Objects containing Threats
Objects containing Threats
Objects containing Malware
Objects containing Malware
Objects containing Exploits
Objects containing Exploits
Suggested answer: C

Explanation:

The data security default policy capable of scanning for vulnerabilities is 'Objects containing Malware'. In cloud security, malware scanning is an essential feature of CSPM tools that allows for the identification of malicious software within objects stored in the cloud. A policy that scans for objects containing malware ensures that any files or code bases in the cloud environment are examined for potential threats, protecting the cloud resources from being compromised.

asked 23/09/2024
Antoine CHEA
26 questions

Question 97

Report
Export
Collapse

Which three fields are mandatory when authenticating the Prisma Cloud plugin in the IntelliJ application? (Choose three.)

Secret Key
Secret Key
Prisma Cloud API URL
Prisma Cloud API URL
Tags
Tags
Access Key
Access Key
Asset Name
Asset Name
Suggested answer: A, B, D

Explanation:

When authenticating the Prisma Cloud plugin in the IntelliJ application, the mandatory fields are the Secret Key, Prisma Cloud API URL, and Access Key. These credentials are required to securely authenticate and enable the plugin to communicate with the Prisma Cloud API, ensuring that the plugin can perform its intended functions within the development environment.

asked 23/09/2024
Ella Parkum
40 questions

Question 98

Report
Export
Collapse

Which of the following are correct statements regarding the use of access keys? (Choose two.)

Access keys must have an expiration date
Access keys must have an expiration date
Up to two access keys can be active at any time
Up to two access keys can be active at any time
System Admin can create access key for all users
System Admin can create access key for all users
Access keys are used for API calls
Access keys are used for API calls
Suggested answer: B, D

Explanation:

Regarding the use of access keys, it is correct that up to two access keys can be active at any time for a single IAM user in AWS, and access keys are used for programmatic API calls to AWS services. This allows for rotation of keys without immediate invalidation of the old key and ensures secure access to AWS services via APIs.

asked 23/09/2024
Karol Ligęza
28 questions

Question 99

Report
Export
Collapse

The development team is building pods to host a web front end, and they want to protect these pods with an application firewall.

Which type of policy should be created to protect this pod from Layer7 attacks?

The development team should create a WAAS rule for the host where these pods will be running.
The development team should create a WAAS rule for the host where these pods will be running.
The development team should create a WAAS rule targeted at all resources on the host.
The development team should create a WAAS rule targeted at all resources on the host.
The development team should create a runtime policy with networking protections.
The development team should create a runtime policy with networking protections.
The development team should create a WAAS rule targeted at the image name of the pods.
The development team should create a WAAS rule targeted at the image name of the pods.
Suggested answer: D

Explanation:

To protect the pods hosting a web front end from Layer 7 attacks, the development team should create a Web Application and API Security (WAAS) rule targeted at the image name of the pods. This approach allows the policy to specifically protect the applications running within the pods against sophisticated attacks that target the application layer.

https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/waas/deploy_waas

asked 23/09/2024
test fdf
47 questions

Question 100

Report
Export
Collapse

A manager informs the SOC that one or more RDS instances have been compromised and the SOC needs to make sure production RDS instances are NOT publicly accessible.

Which action should the SOC take to follow security best practices?

Enable ''AWS S3 bucket is publicly accessible'' policy and manually remediate each alert.
Enable ''AWS S3 bucket is publicly accessible'' policy and manually remediate each alert.
Enable ''AWS RDS database instance is publicly accessible'' policy and for each alert, check that it is a production instance, and then manually remediate.
Enable ''AWS RDS database instance is publicly accessible'' policy and for each alert, check that it is a production instance, and then manually remediate.
Enable ''AWS S3 bucket is publicly accessible'' policy and add policy to an auto-remediation alert rule.
Enable ''AWS S3 bucket is publicly accessible'' policy and add policy to an auto-remediation alert rule.
Enable ''AWS RDS database instance is publicly accessible'' policy and add policy to an auto-remediation alert rule.
Enable ''AWS RDS database instance is publicly accessible'' policy and add policy to an auto-remediation alert rule.
Suggested answer: B

Explanation:

Following best practices, the Security Operations Center (SOC) should enable a policy that checks for publicly accessible AWS RDS database instances and then manually remediate each instance confirmed to be part of the production environment. This approach ensures that only those resources that should not be publicly accessible are modified, avoiding unintended access restrictions on non-production instances.

asked 23/09/2024
Peter Keijer
36 questions
Total 260 questions
Go to page: of 26