ExamGecko
Search Search Login
Home Home / Palo Alto Networks / PCCSE

Palo Alto Networks PCCSE Practice Test - Questions Answers, Page 2

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

DRAG DROP What is the order of steps in a Jenkins pipeline scan? (Drag the steps into the correct order of occurrence, from the first step to the last.)
Where can a user submit an external new feature request?
Which three types of runtime rules can be created? (Choose three.)
Which two variables must be modified to achieve automatic remediation for identity and access management (IAM) alerts in Azure cloud? (Choose two.)
A customer has a requirement to restrict any container from resolving the name www.evil-url.com . How should the administrator configure Prisma Cloud Compute to satisfy this requirement?
DRAG DROP Match the correct scanning mode for each given operation. (Select your answer from the pull-down list. Answers may be used more than once or not at all.)
Which type of query is used for scanning Infrastructure as Code (laC) templates?
What should be used to associate Prisma Cloud policies with compliance frameworks?
A Prisma Cloud administrator is onboarding a single GCP project to Prisma Cloud. Which two steps can be performed by the Terraform script? (Choose two.)
DRAG DROP You wish to create a custom policy with build and run subtypes. Match the query types for each example. (Select your answer from the pull-down list. Answers may be used more than once or not at all.)

Question 11

Report
Export
Collapse

Which statement is true about obtaining Console images for Prisma Cloud Compute Edition?

A.
To retrieve Prisma Cloud Console images using basic auth: 1. Access registry.paloaltonetworks.com, and authenticate using 'docker login'. 2. Retrieve the Prisma Cloud Console images using 'docker pull'.
A.
To retrieve Prisma Cloud Console images using basic auth: 1. Access registry.paloaltonetworks.com, and authenticate using 'docker login'. 2. Retrieve the Prisma Cloud Console images using 'docker pull'.
Answers
B.
To retrieve Prisma Cloud Console images using basic auth: 1. Access registry.twistlock.com, and authenticate using 'docker login'. 2. Retrieve the Prisma Cloud Console images using 'docker pull'.
B.
To retrieve Prisma Cloud Console images using basic auth: 1. Access registry.twistlock.com, and authenticate using 'docker login'. 2. Retrieve the Prisma Cloud Console images using 'docker pull'.
Answers
C.
To retrieve Prisma Cloud Console images using URL auth: 1. Access registry-url-auth.twistlock.com, and authenticate using the user certificate. 2. Retrieve the Prisma Cloud Console images using 'docker pull'.
C.
To retrieve Prisma Cloud Console images using URL auth: 1. Access registry-url-auth.twistlock.com, and authenticate using the user certificate. 2. Retrieve the Prisma Cloud Console images using 'docker pull'.
Answers
D.
To retrieve Prisma Cloud Console images using URL auth: 1. Access registry-auth.twistlock.com, and authenticate using the user certificate. 2. Retrieve the Prisma Cloud Console images using 'docker pull'.
D.
To retrieve Prisma Cloud Console images using URL auth: 1. Access registry-auth.twistlock.com, and authenticate using the user certificate. 2. Retrieve the Prisma Cloud Console images using 'docker pull'.
Answers
Suggested answer: B

Explanation:

Retrieving Prisma Cloud Console images involves accessing a specific registry provided by Palo Alto Networks and authenticating using basic authentication with 'docker login'. Once authenticated, the user can pull the Prisma Cloud Console images using the 'docker pull' command. This process is part of the initial setup for deploying Prisma Cloud Console in an environment, allowing users to obtain the necessary images to run the Console, which serves as the central management interface for Prisma Cloud. The detailed steps, including the specific registry URL and authentication method, are typically provided in the Prisma Cloud documentation, ensuring that users have the information needed to successfully retrieve and deploy Console images.

Question 12

Report
Export
Collapse

Which two statements are true about the differences between build and run config policies? (Choose two.)

A.
Run and Network policies belong to the configuration policy set.
A.
Run and Network policies belong to the configuration policy set.
Answers
B.
Build and Audit Events policies belong to the configuration policy set.
B.
Build and Audit Events policies belong to the configuration policy set.
Answers
C.
Run policies monitor resources, and check for potential issues after these cloud resources are deployed.
C.
Run policies monitor resources, and check for potential issues after these cloud resources are deployed.
Answers
D.
Build policies enable you to check for security misconfigurations in the IaC templates and ensure that these issues do not get into production.
D.
Build policies enable you to check for security misconfigurations in the IaC templates and ensure that these issues do not get into production.
Answers
E.
Run policies monitor network activities in your environment, and check for potential issues during runtime.
E.
Run policies monitor network activities in your environment, and check for potential issues during runtime.
Answers
Suggested answer: C, D

Explanation:

In the context of Prisma Cloud, Build and Run policies serve distinct purposes in securing cloud environments. Build policies are designed to evaluate Infrastructure as Code (IaC) templates before deployment. These policies help identify and remediate security misconfigurations in the development phase, ensuring that vulnerabilities are addressed before the infrastructure is provisioned. This proactive approach enhances security by preventing misconfigurations from reaching production environments.

On the other hand, Run policies are applied to resources that are already deployed in the cloud. These policies continuously monitor the cloud environment, detecting and alerting on potential security issues that arise in the runtime. Run policies help maintain the security posture of cloud resources by identifying deviations from established security baselines and enabling quick remediation of identified issues.

Both Build and Run policies are integral to a comprehensive cloud security strategy, addressing security concerns at different stages of the cloud resource lifecycle---from development and deployment to ongoing operation.

Question 13

Report
Export
Collapse

A security team notices a number of anomalies under Monitor > Events. The incident response team works with the developers to determine that these anomalies are false positives.

What will be the effect if the security team chooses to Relearn on this image?

A.
The model is deleted, and Defender will relearn for 24 hours.
A.
The model is deleted, and Defender will relearn for 24 hours.
Answers
B.
The anomalies detected will automatically be added to the model.
B.
The anomalies detected will automatically be added to the model.
Answers
C.
The model is deleted and returns to the initial learning state.
C.
The model is deleted and returns to the initial learning state.
Answers
D.
The model is retained, and any new behavior observed during the new learning period will be added to the existing model.
D.
The model is retained, and any new behavior observed during the new learning period will be added to the existing model.
Answers
Suggested answer: D

Explanation:

In Prisma Cloud, when anomalies are detected and the security team chooses to Relearn on a specific image, the existing behavioral model for that image is not deleted. Instead, the system retains the model and enters a new learning period, during which it observes the behavior of the container based on the image. If new behaviors are observed during this period, they are added to the existing model, thereby refining and updating the model to reflect the current operational profile of the container. This approach allows for dynamic adaptation to changes in container behavior while preserving the valuable insights and patterns already established in the model. The Relearn function is part of Prisma Cloud's adaptive capabilities, enabling it to maintain accurate and up-to-date behavioral models that reflect the evolving nature of containerized applications.

Question 14

Report
Export
Collapse

A customer does not want alerts to be generated from network traffic that originates from trusted internal networks.

Which setting should you use to meet this customer's request?

A.
Trusted Login IP Addresses
A.
Trusted Login IP Addresses
Answers
B.
Anomaly Trusted List
B.
Anomaly Trusted List
Answers
C.
Trusted Alert IP Addresses
C.
Trusted Alert IP Addresses
Answers
D.
Enterprise Alert Disposition
D.
Enterprise Alert Disposition
Answers
Suggested answer: C

Explanation:

B --> Anomaly Trusted List---Exclude trusted IP addresses when conducting tests for PCI compliance or penetration testing on your network. Any addresses included in this list do not generate alerts against the Prisma Cloud Anomaly Policies that detect unusual network activity such as the policies that detect internal port scan and port sweep activity, which are enabled by default. C --> Trusted Alert IP Addresses---If you have internal networks that connect to your public cloud infrastructure, you can add these IP address ranges (or CIDR blocks) as trusted ... Prisma Cloud default network policies that look for internet exposed instances also do not generate alerts when the source IP address is included in the trusted IP address list and the account hijacking anomaly policy filters out activities from known IP addresses. Also, when you use RQL to query network traffic, you can filter out traffic from known networks that are included in the trusted IP address list.

For a customer who does not want alerts to be generated from network traffic originating from trusted internal networks, the appropriate setting is C. Trusted Alert IP Addresses. This setting allows for specifying certain IP addresses as trusted, meaning alerts will not be triggered by activities from these IPs, ensuring that internal network traffic is not flagged as potentially malicious.

Question 15

Report
Export
Collapse

A DevOps lead reviewed some system logs and notices some odd behavior that could be a data exfiltration attempt. The DevOps lead only has access to vulnerability data in Prisma Cloud Compute, so the DevOps lead passes this information to SecOps.

Which pages in Prisma Cloud Compute can the SecOps lead use to investigate the runtime aspects of this attack?

A.
The SecOps lead should investigate the attack using Vulnerability Explorer and Runtime Radar.
A.
The SecOps lead should investigate the attack using Vulnerability Explorer and Runtime Radar.
Answers
B.
The SecOps lead should use Incident Explorer and Compliance Explorer.
B.
The SecOps lead should use Incident Explorer and Compliance Explorer.
Answers
C.
The SecOps lead should use the Incident Explorer page and Monitor > Events > Container Audits.
C.
The SecOps lead should use the Incident Explorer page and Monitor > Events > Container Audits.
Answers
D.
The SecOps lead should review the vulnerability scans in the CI/CD process to determine blame.
D.
The SecOps lead should review the vulnerability scans in the CI/CD process to determine blame.
Answers
Suggested answer: C

Explanation:

To investigate the runtime aspects of a potential data exfiltration attempt, the SecOps lead in Prisma Cloud Compute should focus on areas that provide insights into runtime activity and potential threats. C. The SecOps lead should use the Incident Explorer page and Monitor > Events > Container Audits. These sections provide detailed information on security incidents and container-level activities, enabling a thorough investigation into the runtime behavior that might indicate a security issue.

Question 16

Report
Export
Collapse

A customer finds that an open alert from the previous day has been resolved. No auto-remediation was configured.

Which two reasons explain this change in alert status? (Choose two.)

A.
user manually changed the alert status.
A.
user manually changed the alert status.
Answers
B.
policy was changed.
B.
policy was changed.
Answers
C.
resource was deleted.
C.
resource was deleted.
Answers
D.
alert was sent to an external integration.
D.
alert was sent to an external integration.
Answers
Suggested answer: B, C

Explanation:

RESOURCE_DELETED Resource was deleted. USER_DISMISSED Alert was dismissed or snoozed by the Prisma Cloud administrator with role of System admin, Account Group Admin, or Account and Cloud Provisioning Admin. POLICY_UPDATED Policy was updated. This status indicates a change in the policy RQL that results in a resource not being in scope for the policy evaluation.

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000004OQ2CAM

Question 17

Report
Export
Collapse

Which three steps are involved in onboarding an account for Data Security? (Choose three.)

A.
Create a read-only role with in-line policies
A.
Create a read-only role with in-line policies
Answers
B.
Create a Cloudtrail with SNS Topic
B.
Create a Cloudtrail with SNS Topic
Answers
C.
Enable Flow Logs
C.
Enable Flow Logs
Answers
D.
Enter the RoleARN and SNSARN
D.
Enter the RoleARN and SNSARN
Answers
E.
Create a S3 bucket
E.
Create a S3 bucket
Answers
Suggested answer: B, D, E

Explanation:

Onboarding an account for Data Security involves several critical steps to ensure comprehensive coverage and effective monitoring. The steps involved include B. Create a Cloudtrail with SNS Topic to track and manage API calls and relevant notifications, D. Enter the RoleARN and SNSARN to provide necessary access and integration points for data security functions, and E. Create a S3 bucket which serves as a storage solution for logging and data capture essential for security analysis.

Question 18

Report
Export
Collapse

An administrator has deployed Console into a Kubernetes cluster running in AWS. The administrator also has configured a load balancer in TCP passthrough mode to listen on the same ports as the default Prisma Compute Console configuration.

In the build pipeline, the administrator wants twistcli to talk to Console over HTTPS. Which port will twistcli need to use to access the Prisma Compute APIs?

A.
8084
A.
8084
Answers
B.
443
B.
443
Answers
C.
8083
C.
8083
Answers
D.
8081
D.
8081
Answers
Suggested answer: C

Explanation:

By default Prisma Cloud listens on: 8083 HTTPS management port for access to Console. 8084 WSS port for Defender to Console communication.

https://docs.paloaltonetworks.com/prisma/prisma-cloud/19-11/prisma-cloud-compute-edition-admin/install/install_kubernetes

Question 19

Report
Export
Collapse

A customer is reviewing Container audits, and an audit has identified a cryptominer attack. Which three options could have generated this audit? (Choose three.)

A.
The value of the mined currency exceeds $100.
A.
The value of the mined currency exceeds $100.
Answers
B.
High CPU usage over time for the container is detected.
B.
High CPU usage over time for the container is detected.
Answers
C.
Common cryptominer process name was found.
C.
Common cryptominer process name was found.
Answers
D.
The mined currency is associated with a user token.
D.
The mined currency is associated with a user token.
Answers
E.
Common cryptominer port usage was found.
E.
Common cryptominer port usage was found.
Answers
Suggested answer: B, C, E

Explanation:

In the case of identifying a cryptominer attack through container audits, the options that could have generated this audit include B. High CPU usage over time for the container is detected, which is a common indicator of cryptomining activity as it consumes significant computational resources, C. Common cryptominer process name was found, which directly indicates the presence of cryptomining based on known malicious processes, and E. Common cryptominer port usage was found, suggesting cryptomining activity based on network behavior typical of such attacks.

Question 20

Report
Export
Collapse

Which step is included when configuring Kubernetes to use Prisma Cloud Compute as an admission controller?

A.
copy the Console address and set the config map for the default namespace.
A.
copy the Console address and set the config map for the default namespace.
Answers
B.
create a new namespace in Kubernetes called admission-controller.
B.
create a new namespace in Kubernetes called admission-controller.
Answers
C.
enable Kubernetes auditing from the Defend > Access > Kubernetes page in the Console.
C.
enable Kubernetes auditing from the Defend > Access > Kubernetes page in the Console.
Answers
D.
copy the admission controller configuration from the Console and apply it to Kubernetes.
D.
copy the admission controller configuration from the Console and apply it to Kubernetes.
Answers
Suggested answer: D

Explanation:

When configuring Kubernetes to use Prisma Cloud Compute as an admission controller, a crucial step involves D. copy the admission controller configuration from the Console and apply it to Kubernetes. This step is essential for integrating Prisma Cloud Compute's security controls directly into the Kubernetes admission process, enabling real-time security assessments and policy enforcement for new or modified resources within the cluster.

https://docs.paloaltonetworks.com/prisma/prisma-cloud/20-04/prisma-cloud-compute-edition-admin/access_control/open_policy_agent.html step 2

Total 260 questions
Go to page: of 26
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms