ExamGecko
Login
Home / Palo Alto Networks / PCCSE / List of questions
Ask Question

Palo Alto Networks PCCSE Practice Test - Questions Answers, Page 6

List of questions

Question 51

Report
Export
Collapse

A customer has Defenders connected to Prisma Cloud Enterprise. The Defenders are deployed as a DaemonSet in OpenShift.

How should the administrator get a report of vulnerabilities on hosts?

Navigate to Monitor > Vulnerabilities > CVE Viewer
Navigate to Monitor > Vulnerabilities > CVE Viewer
Navigate to Defend > Vulnerabilities > VM Images
Navigate to Defend > Vulnerabilities > VM Images
Navigate to Defend > Vulnerabilities > Hosts
Navigate to Defend > Vulnerabilities > Hosts
Navigate to Monitor > Vulnerabilities > Hosts
Navigate to Monitor > Vulnerabilities > Hosts
Suggested answer: D

Explanation:

To view the vulnerabilities identified on a host, navigating to the 'Monitor > Vulnerabilities > Hosts' section within the Prisma Cloud Console is the correct approach. This section is specifically designed to provide a comprehensive overview of all detected vulnerabilities within the host environment, offering detailed insights into each vulnerability's nature, severity, and potential impact.

This pathway allows users to efficiently assess the security posture of their hosts, prioritize vulnerabilities based on their severity, and take appropriate remediation actions. The 'Hosts' section under 'Vulnerabilities' is tailored to display vulnerabilities related to host configurations, installed software, and other host-level security concerns, making it the ideal location within the Prisma Cloud Console for this purpose.

asked 23/09/2024
Kshitij Vyas
39 questions

Question 52

Report
Export
Collapse

A customer has a requirement to scan serverless functions for vulnerabilities.

Which three settings are required to configure serverless scanning? (Choose three.)

Defender Name
Defender Name
Region
Region
Credential
Credential
Console Address
Console Address
Provider
Provider
Suggested answer: B, C, E

Explanation:

To configure serverless scanning in a cloud security platform like Prisma Cloud, the system needs to know where (Region) the serverless functions are deployed, how to access them (Credential), and on which cloud platform they are running (Provider). These settings ensure that the scanning tool can accurately locate and authenticate to the serverless functions across different cloud environments for vulnerability assessment. This aligns with the principle of providing comprehensive visibility and consistent security across multi-cloud environments as outlined in the 'Guide to Cloud Security Posture Management Tools' document.

asked 23/09/2024
Yahya Ozer
35 questions

Question 53

Report
Export
Collapse

You are tasked with configuring a Prisma Cloud build policy for Terraform. What type of query is necessary to complete this policy?

YAML
YAML
JSON
JSON
CloudFormation
CloudFormation
Terraform
Terraform
Suggested answer: B

Explanation:

'you can also create configuration policies to scan your Infrastructure as Code (IaC) templates that are used to deploy cloud resources. The policies used for scanning IaC templates use a JSON query instead of RQL.'

https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/prisma-cloud-policies/create-a-policy

asked 23/09/2024
Shane Cook
33 questions

Question 54

Report
Export
Collapse

You have onboarded a public cloud account into Prisma Cloud Enterprise. Configuration Resource ingestion is visible in the Asset Inventory for the onboarded account, but no alerts are being generated for the configuration assets in the account.

Config policies are enabled in the Prisma Cloud Enterprise tenant, with those policies associated to existing alert rules. ROL statements on the investigate matching those policies return config resource results successfully.

Why are no alerts being generated?

The public cloud account is not associated with an alert notification.
The public cloud account is not associated with an alert notification.
The public cloud account does not have audit trail ingestion enabled.
The public cloud account does not have audit trail ingestion enabled.
The public cloud account does not access to configuration resources.
The public cloud account does not access to configuration resources.
The public cloud account is not associated with an alert rule.
The public cloud account is not associated with an alert rule.
Suggested answer: D

Explanation:

In Prisma Cloud Enterprise, for alerts to be generated for configuration assets in an onboarded public cloud account, it is essential that the account is associated with an alert rule that matches the enabled config policies. If the account is not linked to an alert rule or if the existing alert rules do not match the config policies, no alerts will be generated even though configuration resource ingestion is visible, and RQL statements return config resource results. This requirement emphasizes the need for a well-structured alerting mechanism to ensure that security incidents are promptly identified and addressed.

asked 23/09/2024
Mashudu Abraham
34 questions

Question 55

Report
Export
Collapse

The security team wants to target a CNAF policy for specific running Containers. How should the administrator scope the policy to target the Containers?

scope the policy to Image names.
scope the policy to Image names.
scope the policy to namespaces.
scope the policy to namespaces.
scope the policy to Defender names.
scope the policy to Defender names.
scope the policy to Host names.
scope the policy to Host names.
Suggested answer: A

Explanation:

To specifically target running containers with a Cloud Native Application Framework (CNAF) policy in Prisma Cloud, the administrator should scope the policy to Image names. By doing so, the policy will apply to containers based on the images they were created from, allowing for precise targeting of security policies to specific containers. This approach is part of Prisma Cloud's capabilities to provide granular security controls for containerized environments, ensuring that policies are effectively applied to the relevant containers.

https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/waas/deploy_waas/deployment_containers

asked 23/09/2024
PRABHAT VAIBHAV
29 questions

Question 56

Report
Export
Collapse

The InfoSec team wants to be notified via email each time a Security Group is misconfigured. Which Prisma Cloud tab should you choose to complete this request?

Notifications
Notifications
Policies
Policies
Alert Rules
Alert Rules
Events
Events
Suggested answer: C

Explanation:

In Prisma Cloud, to notify the InfoSec team via email about misconfigured Security Groups, the appropriate tab to use is 'Alert Rules.' Alert rules in Prisma Cloud define the conditions under which alerts are generated and the notification channels, including email, where these alerts are sent. By configuring alert rules related to Security Group misconfigurations, the platform can automatically notify the team when such an event occurs, ensuring prompt awareness and response to potential security issues.

asked 23/09/2024
Easwari Lakshminarayanan
43 questions

Question 57

Report
Export
Collapse

An administrator has access to a Prisma Cloud Enterprise.

What are the steps to deploy a single container Defender on an ec2 node?

Pull the Defender image to the ec2 node, copy and execute the curl | bash script, and start the Defender to ensure it is running.
Pull the Defender image to the ec2 node, copy and execute the curl | bash script, and start the Defender to ensure it is running.
Execute the curl | bash script on the ec2 node.
Execute the curl | bash script on the ec2 node.
Configure the cloud credential in the console and allow cloud discovery to auto-protect the ec2 node.
Configure the cloud credential in the console and allow cloud discovery to auto-protect the ec2 node.
Generate DaemonSet file and apply DaemonSet to the twistlock namespace.
Generate DaemonSet file and apply DaemonSet to the twistlock namespace.
Suggested answer: B

Explanation:

https://docs.paloaltonetworks.com/prisma/prisma-cloud/22-06/prisma-cloud-compute-edition-admin/install/install_defender/install_host_defender

asked 23/09/2024
Hammad Chandio
31 questions

Question 58

Report
Export
Collapse

A customer wants to turn on Auto Remediation.

Which policy type has the built-in CLI command for remediation?

Anomaly
Anomaly
Audit Event
Audit Event
Network
Network
Config
Config
Suggested answer: D

Explanation:

In Prisma Cloud, Config policies have built-in CLI commands for auto-remediation. These policies help in identifying misconfigurations within cloud environments and can automatically execute remediation commands to correct the configurations without manual intervention. This feature is part of Prisma Cloud's comprehensive approach to maintaining cloud security posture by ensuring that cloud resources are configured in accordance with best practices and compliance standards.

asked 23/09/2024
Preetham Pakhala
29 questions

Question 59

Report
Export
Collapse

A customer is deploying Defenders to a Fargate environment. It wants to understand the vulnerabilities in the image it is deploying.

How should the customer automate vulnerability scanning for images deployed to Fargate?

Set up a vulnerability scanner on the registry
Set up a vulnerability scanner on the registry
Embed a Fargate Defender to automatically scan for vulnerabilities
Embed a Fargate Defender to automatically scan for vulnerabilities
Designate a Fargate Defender to serve a dedicated image scanner
Designate a Fargate Defender to serve a dedicated image scanner
Use Cloud Compliance to identify misconfigured AWS accounts
Use Cloud Compliance to identify misconfigured AWS accounts
Suggested answer: A

Explanation:

To automate vulnerability scanning for images deployed to Fargate, the customer should set up a vulnerability scanner on the container registry where the images are stored before they are deployed. By scanning the images in the registry, any vulnerabilities can be identified and addressed before the images are used to create Fargate tasks. This proactive approach to vulnerability management is crucial in cloud-native environments to ensure that deployed containers are free from known vulnerabilities.

asked 23/09/2024
Mark Hughes
30 questions

Question 60

Report
Export
Collapse

Which container image scan is constructed correctly?

twistcli images scan --docker-address https://us-west1.cloud.twistlock.com/us-3-123456789 myimage/ latest
twistcli images scan --docker-address https://us-west1.cloud.twistlock.com/us-3-123456789 myimage/ latest
twistcli images scan --address https://us-west1.cloud.twistlock.com/us-3-123456789 myimage/latest
twistcli images scan --address https://us-west1.cloud.twistlock.com/us-3-123456789 myimage/latest
twistcli images scan --address https://us-west1.cloud.twistlock.com/us-3-123456789 --container myimage/ latest
twistcli images scan --address https://us-west1.cloud.twistlock.com/us-3-123456789 --container myimage/ latest
twistcli images scan --address https://us-west1.cloud.twistlock.com/us-3-123456789 --container myimage/ latest --details
twistcli images scan --address https://us-west1.cloud.twistlock.com/us-3-123456789 --container myimage/ latest --details
Suggested answer: B

Explanation:

The correct construction for scanning a container image using the TwistCLI tool in Prisma Cloud is option B. This command specifies the address of the Prisma Cloud Console and the image to be scanned, including its tag. The TwistCLI tool is part of Prisma Cloud's capabilities to integrate security into the CI/CD pipeline, allowing for the scanning of images for vulnerabilities as part of the build process, thus ensuring that only secure images are deployed.

asked 23/09/2024
Chan Man Wong
43 questions
Total 260 questions
Go to page: of 26
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which two statements are true about the differences between build and run config policies? (Choose two.)
An administrator sees that a runtime audit has been generated for a host. The audit message is: ''Service postfix attempted to obtain capability SHELL by executing /bin/sh /usr/libexec/postfix/postfix- script.stop. Low severity audit, event is automatically added to the runtime model'' Which runtime host policy rule is the root cause for this runtime audit?
Which two statements explain differences between build and run config policies? (Choose two.)
Which two information types cannot be seen in the data security dashboard? (Choose two).
An administrator needs to detect and alert on any activities performed by a root account. Which policy type should be used?
You are an existing customer of Prisma Cloud Enterprise. You want to onboard a public cloud account and immediately see all of the alerts associated with this account based off ALL of your tenant's existing enabled policies. There is no requirement to send alerts from this account to a downstream application at this time. Which option shows the steps required during the alert rule creation process to achieve this objective?
Review this admission control policy: match[{'msg': msg}] { input.request.operation == 'CREATE' input.request.kind.kind == 'Pod' input.request.resource.resource == 'pods' input.request.object.spec.containers[_].securityContext.privileged msg := 'Privileged' } Which response to this policy will be achieved when the effect is set to ''block''?
How are the following categorized? Backdoor account access Hijacked processes Lateral movement Port scanning
A Prisma Cloud Administrator onboarded an AWS cloud account with agentless scanning enabled successfully to Prisma Cloud. Which item requires deploying defenders to be able to inspect the risk on the onboarded AWS account?
Which action must be taken to enable a user to interact programmatically with the Prisma Cloud APIs and for a nonhuman entity to be enabled for the access keys?