ExamGecko
Search Search Login
Home Home / Palo Alto Networks / PCCSE
Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which three types of runtime rules can be created? (Choose three.)
DRAG DROP What is the order of steps in a Jenkins pipeline scan? (Drag the steps into the correct order of occurrence, from the first step to the last.)
DRAG DROP Match the correct scanning mode for each given operation. (Select your answer from the pull-down list. Answers may be used more than once or not at all.)
Where can a user submit an external new feature request?
Which two variables must be modified to achieve automatic remediation for identity and access management (IAM) alerts in Azure cloud? (Choose two.)
A customer has a requirement to restrict any container from resolving the name www.evil-url.com . How should the administrator configure Prisma Cloud Compute to satisfy this requirement?
A Prisma Cloud administrator is onboarding a single GCP project to Prisma Cloud. Which two steps can be performed by the Terraform script? (Choose two.)
Which type of query is used for scanning Infrastructure as Code (laC) templates?
DRAG DROP You wish to create a custom policy with build and run subtypes. Match the query types for each example. (Select your answer from the pull-down list. Answers may be used more than once or not at all.)
What should be used to associate Prisma Cloud policies with compliance frameworks?

Question 2 - PCCSE discussion

Report
Export

A security team is deploying Cloud Native Application Firewall (CNAF) on a containerized web application. The application is running an NGINX container. The container is listening on port 8080 and is mapped to host port 80.

Which port should the team specify in the CNAF rule to protect the application?

A.
443
Answers
A.
443
B.
80
Answers
B.
80
C.
8080
Answers
C.
8080
D.
8888
Answers
D.
8888
Suggested answer: C

Explanation:

https://docs.paloaltonetworks.com/prisma/prisma-cloud/19-11/prisma-cloud-compute-edition-admin/firewalls/deploy_cnaf

When configuring Cloud Native Application Firewall (CNAF) rules, the specified port should be the one where the container itself listens for web traffic. In this scenario, since the NGINX container is listening on port 8080, the CNAF rule should be configured to protect traffic on port 8080. This ensures that the firewall rule is applied to the traffic intended for the container, regardless of the port mapping on the host.

The documentation from Palo Alto Networks provides guidance on deploying CNAF and specifies that the port in the firewall rule should match the container's listening port, not the host's mapped port. This is an important distinction for properly securing containerized applications with CNAF.

Show Answer
asked 23/09/2024
Ioana Mihaila
21 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms