ExamGecko
Search Search Login
Home Home / Palo Alto Networks / PCCSE

Palo Alto Networks PCCSE Practice Test - Questions Answers, Page 6

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which three types of runtime rules can be created? (Choose three.)
DRAG DROP What is the order of steps in a Jenkins pipeline scan? (Drag the steps into the correct order of occurrence, from the first step to the last.)
DRAG DROP Match the correct scanning mode for each given operation. (Select your answer from the pull-down list. Answers may be used more than once or not at all.)
Which type of query is used for scanning Infrastructure as Code (laC) templates?
Where can a user submit an external new feature request?
What should be used to associate Prisma Cloud policies with compliance frameworks?
Which two variables must be modified to achieve automatic remediation for identity and access management (IAM) alerts in Azure cloud? (Choose two.)
A customer has a requirement to restrict any container from resolving the name www.evil-url.com . How should the administrator configure Prisma Cloud Compute to satisfy this requirement?
A Prisma Cloud administrator is onboarding a single GCP project to Prisma Cloud. Which two steps can be performed by the Terraform script? (Choose two.)
DRAG DROP You wish to create a custom policy with build and run subtypes. Match the query types for each example. (Select your answer from the pull-down list. Answers may be used more than once or not at all.)

Question 51

Report
Export
Collapse

A customer has Defenders connected to Prisma Cloud Enterprise. The Defenders are deployed as a DaemonSet in OpenShift.

How should the administrator get a report of vulnerabilities on hosts?

A.
Navigate to Monitor > Vulnerabilities > CVE Viewer
A.
Navigate to Monitor > Vulnerabilities > CVE Viewer
Answers
B.
Navigate to Defend > Vulnerabilities > VM Images
B.
Navigate to Defend > Vulnerabilities > VM Images
Answers
C.
Navigate to Defend > Vulnerabilities > Hosts
C.
Navigate to Defend > Vulnerabilities > Hosts
Answers
D.
Navigate to Monitor > Vulnerabilities > Hosts
D.
Navigate to Monitor > Vulnerabilities > Hosts
Answers
Suggested answer: D

Explanation:

To view the vulnerabilities identified on a host, navigating to the 'Monitor > Vulnerabilities > Hosts' section within the Prisma Cloud Console is the correct approach. This section is specifically designed to provide a comprehensive overview of all detected vulnerabilities within the host environment, offering detailed insights into each vulnerability's nature, severity, and potential impact.

This pathway allows users to efficiently assess the security posture of their hosts, prioritize vulnerabilities based on their severity, and take appropriate remediation actions. The 'Hosts' section under 'Vulnerabilities' is tailored to display vulnerabilities related to host configurations, installed software, and other host-level security concerns, making it the ideal location within the Prisma Cloud Console for this purpose.

Question 52

Report
Export
Collapse

A customer has a requirement to scan serverless functions for vulnerabilities.

Which three settings are required to configure serverless scanning? (Choose three.)

A.
Defender Name
A.
Defender Name
Answers
B.
Region
B.
Region
Answers
C.
Credential
C.
Credential
Answers
D.
Console Address
D.
Console Address
Answers
E.
Provider
E.
Provider
Answers
Suggested answer: B, C, E

Explanation:

To configure serverless scanning in a cloud security platform like Prisma Cloud, the system needs to know where (Region) the serverless functions are deployed, how to access them (Credential), and on which cloud platform they are running (Provider). These settings ensure that the scanning tool can accurately locate and authenticate to the serverless functions across different cloud environments for vulnerability assessment. This aligns with the principle of providing comprehensive visibility and consistent security across multi-cloud environments as outlined in the 'Guide to Cloud Security Posture Management Tools' document.

Question 53

Report
Export
Collapse

You are tasked with configuring a Prisma Cloud build policy for Terraform. What type of query is necessary to complete this policy?

A.
YAML
A.
YAML
Answers
B.
JSON
B.
JSON
Answers
C.
CloudFormation
C.
CloudFormation
Answers
D.
Terraform
D.
Terraform
Answers
Suggested answer: B

Explanation:

'you can also create configuration policies to scan your Infrastructure as Code (IaC) templates that are used to deploy cloud resources. The policies used for scanning IaC templates use a JSON query instead of RQL.'

https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/prisma-cloud-policies/create-a-policy

Question 54

Report
Export
Collapse

You have onboarded a public cloud account into Prisma Cloud Enterprise. Configuration Resource ingestion is visible in the Asset Inventory for the onboarded account, but no alerts are being generated for the configuration assets in the account.

Config policies are enabled in the Prisma Cloud Enterprise tenant, with those policies associated to existing alert rules. ROL statements on the investigate matching those policies return config resource results successfully.

Why are no alerts being generated?

A.
The public cloud account is not associated with an alert notification.
A.
The public cloud account is not associated with an alert notification.
Answers
B.
The public cloud account does not have audit trail ingestion enabled.
B.
The public cloud account does not have audit trail ingestion enabled.
Answers
C.
The public cloud account does not access to configuration resources.
C.
The public cloud account does not access to configuration resources.
Answers
D.
The public cloud account is not associated with an alert rule.
D.
The public cloud account is not associated with an alert rule.
Answers
Suggested answer: D

Explanation:

In Prisma Cloud Enterprise, for alerts to be generated for configuration assets in an onboarded public cloud account, it is essential that the account is associated with an alert rule that matches the enabled config policies. If the account is not linked to an alert rule or if the existing alert rules do not match the config policies, no alerts will be generated even though configuration resource ingestion is visible, and RQL statements return config resource results. This requirement emphasizes the need for a well-structured alerting mechanism to ensure that security incidents are promptly identified and addressed.

Question 55

Report
Export
Collapse

The security team wants to target a CNAF policy for specific running Containers. How should the administrator scope the policy to target the Containers?

A.
scope the policy to Image names.
A.
scope the policy to Image names.
Answers
B.
scope the policy to namespaces.
B.
scope the policy to namespaces.
Answers
C.
scope the policy to Defender names.
C.
scope the policy to Defender names.
Answers
D.
scope the policy to Host names.
D.
scope the policy to Host names.
Answers
Suggested answer: A

Explanation:

To specifically target running containers with a Cloud Native Application Framework (CNAF) policy in Prisma Cloud, the administrator should scope the policy to Image names. By doing so, the policy will apply to containers based on the images they were created from, allowing for precise targeting of security policies to specific containers. This approach is part of Prisma Cloud's capabilities to provide granular security controls for containerized environments, ensuring that policies are effectively applied to the relevant containers.

https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/waas/deploy_waas/deployment_containers

Question 56

Report
Export
Collapse

The InfoSec team wants to be notified via email each time a Security Group is misconfigured. Which Prisma Cloud tab should you choose to complete this request?

A.
Notifications
A.
Notifications
Answers
B.
Policies
B.
Policies
Answers
C.
Alert Rules
C.
Alert Rules
Answers
D.
Events
D.
Events
Answers
Suggested answer: C

Explanation:

In Prisma Cloud, to notify the InfoSec team via email about misconfigured Security Groups, the appropriate tab to use is 'Alert Rules.' Alert rules in Prisma Cloud define the conditions under which alerts are generated and the notification channels, including email, where these alerts are sent. By configuring alert rules related to Security Group misconfigurations, the platform can automatically notify the team when such an event occurs, ensuring prompt awareness and response to potential security issues.

Question 57

Report
Export
Collapse

An administrator has access to a Prisma Cloud Enterprise.

What are the steps to deploy a single container Defender on an ec2 node?

A.
Pull the Defender image to the ec2 node, copy and execute the curl | bash script, and start the Defender to ensure it is running.
A.
Pull the Defender image to the ec2 node, copy and execute the curl | bash script, and start the Defender to ensure it is running.
Answers
B.
Execute the curl | bash script on the ec2 node.
B.
Execute the curl | bash script on the ec2 node.
Answers
C.
Configure the cloud credential in the console and allow cloud discovery to auto-protect the ec2 node.
C.
Configure the cloud credential in the console and allow cloud discovery to auto-protect the ec2 node.
Answers
D.
Generate DaemonSet file and apply DaemonSet to the twistlock namespace.
D.
Generate DaemonSet file and apply DaemonSet to the twistlock namespace.
Answers
Suggested answer: B

Explanation:

https://docs.paloaltonetworks.com/prisma/prisma-cloud/22-06/prisma-cloud-compute-edition-admin/install/install_defender/install_host_defender

Question 58

Report
Export
Collapse

A customer wants to turn on Auto Remediation.

Which policy type has the built-in CLI command for remediation?

A.
Anomaly
A.
Anomaly
Answers
B.
Audit Event
B.
Audit Event
Answers
C.
Network
C.
Network
Answers
D.
Config
D.
Config
Answers
Suggested answer: D

Explanation:

In Prisma Cloud, Config policies have built-in CLI commands for auto-remediation. These policies help in identifying misconfigurations within cloud environments and can automatically execute remediation commands to correct the configurations without manual intervention. This feature is part of Prisma Cloud's comprehensive approach to maintaining cloud security posture by ensuring that cloud resources are configured in accordance with best practices and compliance standards.

Question 59

Report
Export
Collapse

A customer is deploying Defenders to a Fargate environment. It wants to understand the vulnerabilities in the image it is deploying.

How should the customer automate vulnerability scanning for images deployed to Fargate?

A.
Set up a vulnerability scanner on the registry
A.
Set up a vulnerability scanner on the registry
Answers
B.
Embed a Fargate Defender to automatically scan for vulnerabilities
B.
Embed a Fargate Defender to automatically scan for vulnerabilities
Answers
C.
Designate a Fargate Defender to serve a dedicated image scanner
C.
Designate a Fargate Defender to serve a dedicated image scanner
Answers
D.
Use Cloud Compliance to identify misconfigured AWS accounts
D.
Use Cloud Compliance to identify misconfigured AWS accounts
Answers
Suggested answer: A

Explanation:

To automate vulnerability scanning for images deployed to Fargate, the customer should set up a vulnerability scanner on the container registry where the images are stored before they are deployed. By scanning the images in the registry, any vulnerabilities can be identified and addressed before the images are used to create Fargate tasks. This proactive approach to vulnerability management is crucial in cloud-native environments to ensure that deployed containers are free from known vulnerabilities.

Question 60

Report
Export
Collapse

Which container image scan is constructed correctly?

A.
twistcli images scan --docker-address https://us-west1.cloud.twistlock.com/us-3-123456789 myimage/ latest
A.
twistcli images scan --docker-address https://us-west1.cloud.twistlock.com/us-3-123456789 myimage/ latest
Answers
B.
twistcli images scan --address https://us-west1.cloud.twistlock.com/us-3-123456789 myimage/latest
B.
twistcli images scan --address https://us-west1.cloud.twistlock.com/us-3-123456789 myimage/latest
Answers
C.
twistcli images scan --address https://us-west1.cloud.twistlock.com/us-3-123456789 --container myimage/ latest
C.
twistcli images scan --address https://us-west1.cloud.twistlock.com/us-3-123456789 --container myimage/ latest
Answers
D.
twistcli images scan --address https://us-west1.cloud.twistlock.com/us-3-123456789 --container myimage/ latest --details
D.
twistcli images scan --address https://us-west1.cloud.twistlock.com/us-3-123456789 --container myimage/ latest --details
Answers
Suggested answer: B

Explanation:

The correct construction for scanning a container image using the TwistCLI tool in Prisma Cloud is option B. This command specifies the address of the Prisma Cloud Console and the image to be scanned, including its tag. The TwistCLI tool is part of Prisma Cloud's capabilities to integrate security into the CI/CD pipeline, allowing for the scanning of images for vulnerabilities as part of the build process, thus ensuring that only secure images are deployed.

Total 260 questions
Go to page: of 26
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms