ExamGecko
Login
Home / Palo Alto Networks / PCCSE / List of questions
Ask Question

Palo Alto Networks PCCSE Practice Test - Questions Answers, Page 20

List of questions

Question 191

Report
Export
Collapse

Which of the following is not a supported external integration for receiving Prisma Cloud Code Security notifications?

Splunk
Splunk
Cortex XSOAR
Cortex XSOAR
Microsoft Teams
Microsoft Teams
ServiceNow
ServiceNow
Suggested answer: D

Explanation:

Prisma Cloud enables you to send notifications for new code and CI/CD security issues detected during periodic scans of your environments to messaging systems that you have integrated with Prisma Cloud. Supported messaging systems include Microsoft Teams, Slack, Splunk, JIRA, ServiceNow notification systems, as well as for webhooks.

https://docs.prismacloud.io/en/classic/appsec-admin-guide/get-started/finetune-configuration-settings/enable-notifications

asked 23/09/2024
Albert Hidalgo Bassons
45 questions

Question 192

Report
Export
Collapse

How is the scope of each rule determined in the Prisma Cloud Compute host runtime policy?

By the collection assigned to that rule
By the collection assigned to that rule
By the target workload
By the target workload
By the order in which it is created
By the order in which it is created
By the type of network traffic it controls
By the type of network traffic it controls
Suggested answer: A

Explanation:

In Prisma Cloud Compute, the scope of each rule within the host runtime policy is determined by the collection assigned to that rule. Collections in Prisma Cloud are logical groupings of resources, such as hosts, containers, or cloud accounts, that share common attributes or security requirements. By associating a rule with a specific collection, administrators can precisely define the context and applicability of the rule, ensuring that the runtime protection mechanisms are accurately targeted and effective. This approach enables granular control over security policies, allowing for tailored security measures that reflect the unique characteristics and needs of different resource groups within the multicloud environment.

asked 23/09/2024
Tom Rez
35 questions

Question 193

Report
Export
Collapse

A Prisma Cloud Administrator needs to enable a Registry Scanning for a registry that stores Windows images. Which of the following statement is correct regarding this process?

They can deploy any type of container defender to scan this registry.
They can deploy any type of container defender to scan this registry.
There are Windows host defenders deployed in your environment already.
There are Windows host defenders deployed in your environment already.
There are Windows host defenders deployed in your environment already. Therefore, they do not need to deploy any additional defenders.
There are Windows host defenders deployed in your environment already. Therefore, they do not need to deploy any additional defenders.
A defender is not required to configure this type of registry scan.
A defender is not required to configure this type of registry scan.
Suggested answer: B

Explanation:

When enabling Registry Scanning in Prisma Cloud for a registry that stores Windows images, it's important to note that Windows host defenders must be deployed in the environment to scan these images effectively. The Windows host defenders are specialized versions of the Prisma Cloud Defender that are designed to run on Windows operating systems. They provide the necessary functionality to scan Windows container images stored in registries, identifying vulnerabilities and ensuring the images comply with security policies before they are deployed. This requirement underscores the importance of having the appropriate Defender deployments that match the operating systems of the images being scanned.

asked 23/09/2024
Emmanuel Yeboah
38 questions

Question 194

Report
Export
Collapse

Which RQL query will help create a custom identity and access management (1AM) policy to alert on Lambda functions that have permission to terminate EC2 instances?

iam from cloud.resource where dest.cloud.type = 'AWS' AND source.cloud.service.name = 'lambda' AND source.cloud.resource.type = 'function' AND dest.cloud.service.name = 'ec2' AND action.name = 'ec2:TerminateInstances'
iam from cloud.resource where dest.cloud.type = 'AWS' AND source.cloud.service.name = 'lambda' AND source.cloud.resource.type = 'function' AND dest.cloud.service.name = 'ec2' AND action.name = 'ec2:TerminateInstances'
config from iam where dest.cloud.type = 'AWS' AND source.cloud.service.name = 'ec2' AND source.cloud.resource.type = 'instance' AND dest.cloud.service.name = 'lambda' AND action.name = 'ec2:TerminateInstances'
config from iam where dest.cloud.type = 'AWS' AND source.cloud.service.name = 'ec2' AND source.cloud.resource.type = 'instance' AND dest.cloud.service.name = 'lambda' AND action.name = 'ec2:TerminateInstances'
iam from cloud.resource where cloud.type equals 'AWS' AND cloud.resource.type equals 'lambda function' AND cloud.service.name = 'ec2' AND action.name equals 'ec2:TerminateInstances'
iam from cloud.resource where cloud.type equals 'AWS' AND cloud.resource.type equals 'lambda function' AND cloud.service.name = 'ec2' AND action.name equals 'ec2:TerminateInstances'
config from iam where dest.cloud.type = 'AWS' AND source.cloud.service.name = 'lambda' AND source.cloud.resource.type = 'function' AND dest.cloud.service.name = 'ec2' AND action.name = 'ec2:TerminateInstances'
config from iam where dest.cloud.type = 'AWS' AND source.cloud.service.name = 'lambda' AND source.cloud.resource.type = 'function' AND dest.cloud.service.name = 'ec2' AND action.name = 'ec2:TerminateInstances'
Suggested answer: D
asked 23/09/2024
Salman Hashmi
33 questions

Question 195

Report
Export
Collapse

In which Console menu would an administrator verify whether a custom compliance check is failing or passing?

Become a Premium Member for full access
  Unlock Premium Member

Question 196

Report
Export
Collapse

Which two frequency options are available to create a compliance report within the console? (Choose two.)

Become a Premium Member for full access
  Unlock Premium Member

Question 197

Report
Export
Collapse

Which Prisma Cloud policy type detects port scanning activities in a customer environment?

Become a Premium Member for full access
  Unlock Premium Member

Question 198

Report
Export
Collapse

In Azure, what permissions need to be added to Management Groups to allow Prisma Cloud to calculate net effective permissions?

Become a Premium Member for full access
  Unlock Premium Member

Question 199

Report
Export
Collapse

What is the purpose of Incident Explorer in Prisma Cloud Compute under the 'Monitor' section?

Become a Premium Member for full access
  Unlock Premium Member

Question 200

Report
Export
Collapse

Which RQL will trigger the following audit event activity?

Become a Premium Member for full access
  Unlock Premium Member
Total 260 questions
Go to page: of 26
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which two statements are true about the differences between build and run config policies? (Choose two.)
An administrator sees that a runtime audit has been generated for a host. The audit message is: ''Service postfix attempted to obtain capability SHELL by executing /bin/sh /usr/libexec/postfix/postfix- script.stop. Low severity audit, event is automatically added to the runtime model'' Which runtime host policy rule is the root cause for this runtime audit?
Which two statements explain differences between build and run config policies? (Choose two.)
Which two information types cannot be seen in the data security dashboard? (Choose two).
An administrator needs to detect and alert on any activities performed by a root account. Which policy type should be used?
You are an existing customer of Prisma Cloud Enterprise. You want to onboard a public cloud account and immediately see all of the alerts associated with this account based off ALL of your tenant's existing enabled policies. There is no requirement to send alerts from this account to a downstream application at this time. Which option shows the steps required during the alert rule creation process to achieve this objective?
Review this admission control policy: match[{'msg': msg}] { input.request.operation == 'CREATE' input.request.kind.kind == 'Pod' input.request.resource.resource == 'pods' input.request.object.spec.containers[_].securityContext.privileged msg := 'Privileged' } Which response to this policy will be achieved when the effect is set to ''block''?
How are the following categorized? Backdoor account access Hijacked processes Lateral movement Port scanning
A Prisma Cloud Administrator onboarded an AWS cloud account with agentless scanning enabled successfully to Prisma Cloud. Which item requires deploying defenders to be able to inspect the risk on the onboarded AWS account?
Which action must be taken to enable a user to interact programmatically with the Prisma Cloud APIs and for a nonhuman entity to be enabled for the access keys?