ExamGecko
Search Search Login
Home Home / Palo Alto Networks / PCCSE

Palo Alto Networks PCCSE Practice Test - Questions Answers, Page 4

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which three types of runtime rules can be created? (Choose three.)
DRAG DROP What is the order of steps in a Jenkins pipeline scan? (Drag the steps into the correct order of occurrence, from the first step to the last.)
DRAG DROP Match the correct scanning mode for each given operation. (Select your answer from the pull-down list. Answers may be used more than once or not at all.)
Which type of query is used for scanning Infrastructure as Code (laC) templates?
Where can a user submit an external new feature request?
Which two variables must be modified to achieve automatic remediation for identity and access management (IAM) alerts in Azure cloud? (Choose two.)
A customer has a requirement to restrict any container from resolving the name www.evil-url.com . How should the administrator configure Prisma Cloud Compute to satisfy this requirement?
A Prisma Cloud administrator is onboarding a single GCP project to Prisma Cloud. Which two steps can be performed by the Terraform script? (Choose two.)
DRAG DROP You wish to create a custom policy with build and run subtypes. Match the query types for each example. (Select your answer from the pull-down list. Answers may be used more than once or not at all.)
What should be used to associate Prisma Cloud policies with compliance frameworks?

Question 31

Report
Export
Collapse

A customer has Prisma Cloud Enterprise and host Defenders deployed.

What are two options that allow an administrator to upgrade Defenders? (Choose two.)

A.
with auto-upgrade, the host Defender will auto-upgrade.
A.
with auto-upgrade, the host Defender will auto-upgrade.
Answers
B.
auto deploy the Lambda Defender.
B.
auto deploy the Lambda Defender.
Answers
C.
click the update button in the web-interface.
C.
click the update button in the web-interface.
Answers
D.
generate a new DaemonSet file.
D.
generate a new DaemonSet file.
Answers
Suggested answer: A, C

Explanation:

https://docs.paloaltonetworks.com/prisma/prisma-cloud/20-09/prisma-cloud-compute-edition-admin/upgrade/upgrade_process

Question 32

Report
Export
Collapse

Which intensity setting for anomaly alerts is used for the measurement of 100 events over 30 days?

A.
High
A.
High
Answers
B.
Medium
B.
Medium
Answers
C.
Low
C.
Low
Answers
D.
Very High
D.
Very High
Answers
Suggested answer: B

Explanation:

In the context of setting anomaly alert intensities in Prisma Cloud, an intensity setting of 'Medium' could be used for the measurement of 100 events over 30 days. This setting indicates a moderate level of anomaly detection sensitivity, which is suitable for environments where there is a need to balance between detecting potential security issues and minimizing false positives.

https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/manage-prisma-cloud-administrators/define-prisma-cloud-enterprise-settings

Question 33

Report
Export
Collapse

Given this information:

The Console is located at https://prisma-console.mydomain.local The username is: cluster

The password is: password123

The image to scan is: myimage:latest

Which twistcli command should be used to scan a Container for vulnerabilities and display the details about each vulnerability?

A.
twistcli images scan --console-address https://prisma-console.mydomain.local -u cluster -p password123 -- details myimage:latest
A.
twistcli images scan --console-address https://prisma-console.mydomain.local -u cluster -p password123 -- details myimage:latest
Answers
B.
twistcli images scan --console-address prisma-console.mydomain.local -u cluster -p password123 -- vulnerability-details myimage:latest
B.
twistcli images scan --console-address prisma-console.mydomain.local -u cluster -p password123 -- vulnerability-details myimage:latest
Answers
C.
twistcli images scan --address prisma-console.mydomain.local -u cluster -p password123 --vulnerability- details myimage:latest
C.
twistcli images scan --address prisma-console.mydomain.local -u cluster -p password123 --vulnerability- details myimage:latest
Answers
D.
twistcli images scan --address https://prisma-console.mydomain.local -u cluster -p password123 --details myimage:latest
D.
twistcli images scan --address https://prisma-console.mydomain.local -u cluster -p password123 --details myimage:latest
Answers
Suggested answer: D

Explanation:

https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/tools/twistcli_scan_images

Question 34

Report
Export
Collapse

The development team wants to block Cross Site Scripting attacks from pods in its environment. How should the team construct the CNAF policy to protect against this attack?

A.
create a Host CNAF policy, targeted at a specific resource, check the box for XSS attack protection, and set the action to ''prevent''.
A.
create a Host CNAF policy, targeted at a specific resource, check the box for XSS attack protection, and set the action to ''prevent''.
Answers
B.
create a Container CNAF policy, targeted at a specific resource, check the box for XSS attack protection, and set the action to alert.
B.
create a Container CNAF policy, targeted at a specific resource, check the box for XSS attack protection, and set the action to alert.
Answers
C.
create a Container CNAF policy, targeted at a specific resource, check the box for XSS protection, and set the action to prevent.
C.
create a Container CNAF policy, targeted at a specific resource, check the box for XSS protection, and set the action to prevent.
Answers
D.
create a Container CNAF policy, targeted at a specific resource, and they should set ''Explicitly allowed inbound IP sources'' to the IP address of the pod.
D.
create a Container CNAF policy, targeted at a specific resource, and they should set ''Explicitly allowed inbound IP sources'' to the IP address of the pod.
Answers
Suggested answer: C

Explanation:

To protect pods in an environment from Cross-Site Scripting (XSS) attacks, the development team should create a Container Cloud Native Application Firewall (CNAF) policy. This policy should be targeted at the specific resource (e.g., a particular pod or set of pods), with the option for XSS protection checked, and the action set to 'prevent.' This configuration ensures that any XSS attacks directed at the targeted containers are effectively blocked.

Question 35

Report
Export
Collapse

The Prisma Cloud administrator has configured a new policy.

Which steps should be used to assign this policy to a compliance standard?

A.
Edit the policy, go to step 3 (Compliance Standards), click + at the bottom, select the compliance standard, fill in the other boxes, and then click Confirm.
A.
Edit the policy, go to step 3 (Compliance Standards), click + at the bottom, select the compliance standard, fill in the other boxes, and then click Confirm.
Answers
B.
Create the Compliance Standard from Compliance tab, and then select Add to Policy.
B.
Create the Compliance Standard from Compliance tab, and then select Add to Policy.
Answers
C.
Open the Compliance Standards section of the policy, and then save.
C.
Open the Compliance Standards section of the policy, and then save.
Answers
D.
Custom policies cannot be added to existing standards.
D.
Custom policies cannot be added to existing standards.
Answers
Suggested answer: A

Explanation:

To assign a new policy to a compliance standard in Prisma Cloud, the administrator needs to edit the policy and navigate to the step where compliance standards are managed. By clicking the '+' button, the administrator can add the policy to a specific compliance standard, provide necessary details, and confirm the assignment. This integrates the custom policy into the chosen compliance standard, ensuring that compliance checks include the newly defined policy criteria.

Question 36

Report
Export
Collapse

An administrator wants to install the Defenders to a Kubernetes cluster. This cluster is running the console on the default service endpoint and will be exporting to YAML.

Console Address: $CONSOLE_ADDRESS Websocket Address: $WEBSOCKET_ADDRESS User: $ADMIN_USER

Which command generates the YAML file for Defender install?

A.
<PLATFORM>/twistcli defender \ --address $CONSOLE_ADDRESS \ --user $ADMIN_USER \ --cluster-address $CONSOLE_ADDRESS
A.
<PLATFORM>/twistcli defender \ --address $CONSOLE_ADDRESS \ --user $ADMIN_USER \ --cluster-address $CONSOLE_ADDRESS
Answers
B.
<PLATFORM>/twistcli defender export kubernetes \ --address $WEBSOCKET_ADDRESS \ --user $ADMIN_USER \ --cluster-address $CONSOLE_ADDRESS
B.
<PLATFORM>/twistcli defender export kubernetes \ --address $WEBSOCKET_ADDRESS \ --user $ADMIN_USER \ --cluster-address $CONSOLE_ADDRESS
Answers
C.
<PLATFORM>/twistcli defender YAML kubernetes \ --address $CONSOLE_ADDRESS \ --user $ADMIN_USER \ --cluster-address $WEBSOCKET_ADDRESS
C.
<PLATFORM>/twistcli defender YAML kubernetes \ --address $CONSOLE_ADDRESS \ --user $ADMIN_USER \ --cluster-address $WEBSOCKET_ADDRESS
Answers
D.
<PLATFORM>/twistcli defender export kubernetes \ --address $CONSOLE_ADDRESS \ --user $ADMIN_USER \ --cluster-address $WEBSOCKET_ADDRESS
D.
<PLATFORM>/twistcli defender export kubernetes \ --address $CONSOLE_ADDRESS \ --user $ADMIN_USER \ --cluster-address $WEBSOCKET_ADDRESS
Answers
Suggested answer: D

Explanation:

The correct command to generate the YAML file for Defender install in a Kubernetes cluster, considering the console and websocket addresses, as well as the admin user, would typically involve specifying the addresses and user details. The option D seems most aligned with standard practices for such commands, where you export the Defender configuration for Kubernetes, specifying the console and websocket addresses along with the user details.

Question 37

Report
Export
Collapse

Which options show the steps required after upgrade of Console?

A.
Uninstall Defenders Upgrade Jenkins Plugin Upgrade twistcli where applicable Allow the Console to redeploy the Defender
A.
Uninstall Defenders Upgrade Jenkins Plugin Upgrade twistcli where applicable Allow the Console to redeploy the Defender
Answers
B.
Update the Console image in the Twistlock hosted registry Update the Defender image in the Twistlock hosted registry Uninstall Defenders
B.
Update the Console image in the Twistlock hosted registry Update the Defender image in the Twistlock hosted registry Uninstall Defenders
Answers
C.
Upgrade Defenders Upgrade Jenkins Plugin Upgrade twistcli where applicable
C.
Upgrade Defenders Upgrade Jenkins Plugin Upgrade twistcli where applicable
Answers
D.
Update the Console image in the Twistlock hosted registry Update the Defender image in the Twistlock hosted registry Redeploy Console
D.
Update the Console image in the Twistlock hosted registry Update the Defender image in the Twistlock hosted registry Redeploy Console
Answers
Suggested answer: C

Explanation:

After the Console has been upgraded, check and upgrade any of the Defenders that have reached the end of their support lifecycle (Defenders are backward compatible for N-2 releases). The Defender release image is built from the UBI8-minimal base image and on upgrade it is a full container image upgrade, which means that the old Defender container is replaced with a new container. Then, upgrade all other Prisma Cloud components, such as the Jenkins plugin. https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/upgrade/upgrade_process_saas

Question 38

Report
Export
Collapse

An organization wants to be notified immediately to any ''High Severity'' alerts for the account group ''Clinical Trials'' via Slack.

Which option shows the steps the organization can use to achieve this goal?

A.
1. Configure Slack Integration 2. Create an alert rule and select ''Clinical Trials'' as the account group 3. Under the ''Select Policies'' tab, filter on severity and select ''High'' 4. Under the Set Alert Notification tab, choose Slack and populate the channel 5. Set Frequency to ''As it Happens''
A.
1. Configure Slack Integration 2. Create an alert rule and select ''Clinical Trials'' as the account group 3. Under the ''Select Policies'' tab, filter on severity and select ''High'' 4. Under the Set Alert Notification tab, choose Slack and populate the channel 5. Set Frequency to ''As it Happens''
Answers
B.
1. Create an alert rule and select ''Clinical Trials'' as the account group 2. Under the ''Select Policies'' tab, filter on severity and select ''High'' 3. Under the Set Alert Notification tab, choose Slack and populate the channel 4. Set Frequency to ''As it Happens'' 5. Set up the Slack Integration to complete the configuration
B.
1. Create an alert rule and select ''Clinical Trials'' as the account group 2. Under the ''Select Policies'' tab, filter on severity and select ''High'' 3. Under the Set Alert Notification tab, choose Slack and populate the channel 4. Set Frequency to ''As it Happens'' 5. Set up the Slack Integration to complete the configuration
Answers
C.
1. Configure Slack Integration 2. Create an alert rule 3. Under the ''Select Policies'' tab, filter on severity and select ''High'' 4. Under the Set Alert Notification tab, choose Slack and populate the channel 5. Set Frequency to ''As it Happens''
C.
1. Configure Slack Integration 2. Create an alert rule 3. Under the ''Select Policies'' tab, filter on severity and select ''High'' 4. Under the Set Alert Notification tab, choose Slack and populate the channel 5. Set Frequency to ''As it Happens''
Answers
D.
1. Under the ''Select Policies'' tab, filter on severity and select ''High'' 2. Under the Set Alert Notification tab, choose Slack and populate the channel 3. Set Frequency to ''As it Happens'' 4. Configure Slack Integration 5. Create an Alert rule
D.
1. Under the ''Select Policies'' tab, filter on severity and select ''High'' 2. Under the Set Alert Notification tab, choose Slack and populate the channel 3. Set Frequency to ''As it Happens'' 4. Configure Slack Integration 5. Create an Alert rule
Answers
Suggested answer: A

Explanation:

To achieve immediate notification for 'High Severity' alerts for a specific account group via Slack, the steps outlined in option A provide a comprehensive and effective approach. Firstly, configuring the Slack Integration establishes the necessary communication channel between Prisma Cloud and the Slack workspace. Creating an alert rule with the specified account group and severity filters ensures that only relevant alerts trigger notifications. Selecting Slack as the notification channel and setting the frequency to 'As it Happens' ensures real-time alerting for critical issues. This method leverages Prisma Cloud's alerting capabilities and Slack's real-time messaging platform to promptly notify the security team, enabling swift action to mitigate risks. This approach is in line with Prisma Cloud's flexible and configurable alerting system, designed to integrate with various external platforms for efficient incident response.

Question 39

Report
Export
Collapse

A business unit has acquired a company that has a very large AWS account footprint. The plan is to immediately start onboarding the new company's AWS accounts into Prisma Cloud Enterprise tenant immediately. The current company is currently not using AWS Organizations and will require each account to be onboarded individually.

The business unit has decided to cover the scope of this action and determined that a script should be written to onboard each of these accounts with general settings to gain immediate posture visibility across the accounts.

Which API endpoint will specifically add these accounts into the Prisma Cloud Enterprise tenant?

A.
https://api.prismacloud.io/cloud/
A.
https://api.prismacloud.io/cloud/
Answers
B.
https://api.prismacloud.io/account/aws
B.
https://api.prismacloud.io/account/aws
Answers
C.
https://api.prismacloud.io/cloud/aws
C.
https://api.prismacloud.io/cloud/aws
Answers
D.
https://api.prismacloud.io/accountgroup/aws
D.
https://api.prismacloud.io/accountgroup/aws
Answers
Suggested answer: C

Explanation:

To add AWS accounts to the Prisma Cloud Enterprise tenant, the correct API endpoint is option C: https://api.prismacloud.io/cloud/aws. This endpoint is specifically designed for integrating cloud accounts with Prisma Cloud, enabling centralized visibility and security posture management across multiple cloud environments. By using this API endpoint, each AWS account can be individually onboarded to the Prisma Cloud platform, allowing for immediate posture visibility and consistent security policy enforcement across the newly acquired company's extensive AWS footprint. This process aligns with Prisma Cloud's capabilities for multi-cloud security and compliance management, ensuring that the onboarding of cloud accounts is both efficient and aligned with the platform's best practices for cloud security.

Question 40

Report
Export
Collapse

A security team has a requirement to ensure the environment is scanned for vulnerabilities. What are three options for configuring vulnerability policies? (Choose three.)

A.
individual actions based on package type
A.
individual actions based on package type
Answers
B.
output verbosity for blocked requests
B.
output verbosity for blocked requests
Answers
C.
apply policy only when vendor fix is available
C.
apply policy only when vendor fix is available
Answers
D.
individual grace periods for each severity level
D.
individual grace periods for each severity level
Answers
E.
customize message on blocked requests
E.
customize message on blocked requests
Answers
Suggested answer: A, C, D

Explanation:

https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/vulnerability_management/vuln_management_rules

Configuring vulnerability policies within Prisma Cloud involves several options that cater to different aspects of vulnerability management and policy enforcement. Options A, C, and D are valid configurations for vulnerability policies:

A . Individual actions based on package type allow for tailored responses to vulnerabilities found in specific types of software packages, enabling more granular control over the remediation process.

C . Applying policies only when a vendor fix is available helps prioritize the remediation of vulnerabilities for which a patch or update has been released by the software vendor, ensuring efficient use of resources in addressing the most actionable security issues.

D . Setting individual grace periods for each severity level allows organizations to define different time frames for addressing vulnerabilities based on their severity, enabling a prioritized and risk-based approach to vulnerability management.

These configurations support a comprehensive vulnerability management strategy by allowing customization and prioritization based on the nature of the vulnerability, the availability of fixes, and the risk level associated with each vulnerability.

Total 260 questions
Go to page: of 26
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms