ExamGecko
Search Search Login
Home Home / Palo Alto Networks / PCCSE
Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which three types of runtime rules can be created? (Choose three.)
DRAG DROP What is the order of steps in a Jenkins pipeline scan? (Drag the steps into the correct order of occurrence, from the first step to the last.)
DRAG DROP Match the correct scanning mode for each given operation. (Select your answer from the pull-down list. Answers may be used more than once or not at all.)
Which type of query is used for scanning Infrastructure as Code (laC) templates?
Where can a user submit an external new feature request?
What should be used to associate Prisma Cloud policies with compliance frameworks?
Which two variables must be modified to achieve automatic remediation for identity and access management (IAM) alerts in Azure cloud? (Choose two.)
A customer has a requirement to restrict any container from resolving the name www.evil-url.com . How should the administrator configure Prisma Cloud Compute to satisfy this requirement?
A Prisma Cloud administrator is onboarding a single GCP project to Prisma Cloud. Which two steps can be performed by the Terraform script? (Choose two.)
DRAG DROP You wish to create a custom policy with build and run subtypes. Match the query types for each example. (Select your answer from the pull-down list. Answers may be used more than once or not at all.)

Question 223 - PCCSE discussion

Report
Export

Which step should a SecOps engineer implement in order to create a network exposure policy that identifies instances accessible from any untrusted internet sources?

A.
In Policy Section-> Add Policy-> Config type -> Define Policy details Like Name,Severity-> Configure RQL query 'config from network where source.network = UNTRUSTJNTERNET and dest.resource.type = 'Instance' and dest.cloud.type = 'AWS*' -> define compliance standard -> Define recommendation for remediation & save.
Answers
A.
In Policy Section-> Add Policy-> Config type -> Define Policy details Like Name,Severity-> Configure RQL query 'config from network where source.network = UNTRUSTJNTERNET and dest.resource.type = 'Instance' and dest.cloud.type = 'AWS*' -> define compliance standard -> Define recommendation for remediation & save.
B.
In Policy Section-> Add Policy-> Network type -> Define Policy details Like Name.Severity-> Configure RQL query 'network from vpc.flow_record where source.publicnetwork IN ('Suspicious IPs', 'Internet IPs') and dest.resource IN (resource where role IN ('Instance ))' -> define compliance standard -> Define recommendation for remediation & save.
Answers
B.
In Policy Section-> Add Policy-> Network type -> Define Policy details Like Name.Severity-> Configure RQL query 'network from vpc.flow_record where source.publicnetwork IN ('Suspicious IPs', 'Internet IPs') and dest.resource IN (resource where role IN ('Instance ))' -> define compliance standard -> Define recommendation for remediation & save.
C.
In Policy Section-> Add Policy-> Network type -> Define Policy details Like Name.Severity-> Configure RQL query 'network from vpc.flow_record where source.publicnetwork IN ('Suspicious IPs', 'Internet IPs') and dest.resource IN (resource where role IN ( Instance ))' -> define compliance standard -> Define recommendation for remediation & save.
Answers
C.
In Policy Section-> Add Policy-> Network type -> Define Policy details Like Name.Severity-> Configure RQL query 'network from vpc.flow_record where source.publicnetwork IN ('Suspicious IPs', 'Internet IPs') and dest.resource IN (resource where role IN ( Instance ))' -> define compliance standard -> Define recommendation for remediation & save.
D.
In Policy Section-> Add Policy-> Network type -> Define Policy details Like Name.Severity-> Configure RQL query 'config from network where source.network = UNTRUSTJNTERNET and dest.resource.type = 'Instance' and dest.cloud.type = 'AWS'' -> Define recommendation for remediation & save.
Answers
D.
In Policy Section-> Add Policy-> Network type -> Define Policy details Like Name.Severity-> Configure RQL query 'config from network where source.network = UNTRUSTJNTERNET and dest.resource.type = 'Instance' and dest.cloud.type = 'AWS'' -> Define recommendation for remediation & save.
Suggested answer: A

Explanation:

To create a network exposure policy that identifies instances accessible from any untrusted internet sources, a SecOps engineer would need to navigate to the Policy section within Prisma Cloud and add a new policy of the Config type. They would define the details of the policy such as the name and severity level and then configure the RQL query to specify conditions that match instances accessible from untrusted internet sources. The RQL query provided in the answer specifies that the source of the network traffic should be from an untrusted internet and that the destination resource should be an instance in the AWS cloud. After defining the compliance standards and providing recommendations for remediation, the policy can be saved to be enforced within the environment.

Show Answer
asked 23/09/2024
Azwihangwisi Ntikane
38 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms