DUMPS

BASE
EXAM DUMPS

PALO ALTO
NETWORKS
PCCSE
28% OFF Automatically For You

Prisma Certified Cloud Security Engineer

[Link] a default deployment of Console, a customer needs to identify the alerted
compliance checks that are set by default.
Where should the customer navigate in Console?
A. Monitor > Compliance
B. Defend > Compliance
C. Manage > Compliance
D. Custom > Compliance
Answer: B
Explanation:
Reference: [Link]
admin-compute/compliance/manage_compliance.html
In the context of Prisma Cloud by Palo Alto Networks, the correct navigation to
identify alerted compliance checks set by default is under the "Defend" section,

2)
specifically at "Defend > Compliance." This section is designed to allow users to

.0
14
configure and manage compliance policies and rules, monitor compliance statuses,

(V
and review alerts related to compliance violations. The "Defend" section is tailored for

ps
um
setting up defenses, including compliance standards, against potential security risks

D
within the cloud environment, making it the logical location for managing and

E
S
reviewing compliance-related alerts and settings.
C
C
P
ed
at
pd

[Link] container scan is constructed correctly?

U

A. twistcli images scan -u api -p api --address [Link]

h
it
w

[Link]/us-3-123456789 - - container myimage/latest

m

B. twistcli images scan --docker-address [Link]

xa
E

[Link]/us-3-123456789 myimage/latest
E
S

C. twistcli images scan -u api -p api --address [Link]

C
C
P

[Link]/us-3-123456789 - -details myimage/latest

r
ou

D. twistcli images scan -u api -p api --docker-address [Link]

Y

[Link]/us-3-
r
fo

123456789 myimage/latest
re
pa

Answer: C
re
P

Explanation:
The correct construction for a container scan using the TwistCLI tool provided by
Prisma Cloud (formerly Twistlock) is shown in option
C. This command uses the TwistCLI tool to scan a container image, specifying the
necessary authentication credentials (username and password with '-u' and '-p' flags),
the address of the Prisma Cloud instance (with the '--address' flag), and the image to
be scanned (in this case, 'myimage/latest'). The inclusion of the '--details' flag is a
common practice to obtain detailed scan results, which is crucial for in-depth analysis
and remediation efforts. This command structure aligns with the standard usage of
TwistCLI for image scanning purposes, as documented in Prisma Cloud's official
resources and guides.
[Link] development team wants to fail CI jobs where a specific CVE is contained
within the image.
How should the development team configure the pipeline or policy to produce this
outcome?
A. Set the specific CVE exception as an option in Jenkins or twistcli.
B. Set the specific CVE exception as an option in Defender running the scan.
C. Set the specific CVE exception as an option using the magic string in the Console.
D. Set the specific CVE exception in Console’s CI policy.
Answer: D
Explanation:
Reference tech docs: [Link]

2)
cloud-admin-compute/continuous_integration/set_policy_ci_plugins.html

.0
14
Vulnerability rules that target the build tool can allow specific vulnerabilities by

(V
creating an exception and setting the effect to 'ignore'. Block them by creating an

ps
um
exception and setting hte effect to 'fail'. For example, you could create a vulnerability

D
rule that explicitly allows CVE-2018-1234 to suppress warnings in the scan results.

E
S
To fail CI jobs based on a specific CVE contained within an image, the development
C
C
P
team should configure the policy within Prisma Cloud's Console, specifically within the
ed

Continuous Integration (CI) policy settings. By setting a specific CVE exception in the
at
pd

CI policy, the team can define criteria that will cause the CI process to fail if the
U

specified CVE is detected in the scanned image. This approach allows for granular
h
it
w

control over the build process, ensuring that images with known vulnerabilities are not
m

promoted through the CI/CD pipeline, thereby maintaining the security posture of the
xa
E

deployed applications. This method is in line with best practices for integrating
E
S

security into the CI/CD process, allowing for automated enforcement of security
C
C
P

standards directly within the development pipeline.

r
ou
Y
r
fo

[Link] three types of classifications are available in the Data Security module?
re
pa

(Choose three.)
re
P

A. Personally identifiable information

B. Malicious IP
C. Compliance standard
D. Financial information
E. Malware
Answer: ACD
Explanation:
[Link]
[Link]
In the Data Security module of Prisma Cloud, the classifications available focus on
the types of sensitive data that need protection. These classifications include
Personally Identifiable Information (PII), which involves data that can be used on its
own or with other information to identify, contact, or locate a single person.
Compliance standards pertain to data that must be protected to meet specific
regulatory requirements, such as GDPR, HIPAA, or PCI-DSS. Financial information
classification is concerned with data related to financial transactions, accounts, and
credit card numbers, which are critical to secure due to their sensitive nature. These
classifications are integral to data security strategies, ensuring that sensitive
information is adequately protected according to its nature and the regulatory
requirements governing it.

5.A customer has a requirement to terminate any Container from image

topSecret:latest when a process named ransomWare is executed.

2)
How should the administrator configure Prisma Cloud Compute to satisfy this

.0
14
requirement?

(V
A. set the Container model to manual relearn and set the default runtime rule to block

ps
um
for process protection.

D
B. set the Container model to relearn and set the default runtime rule to prevent for

E
S
process protection.
C
C
P
C. add a new runtime policy targeted at a specific Container name, add ransomWare
ed

process into the denied process list, and set the action to “prevent”.
at
pd

D. choose “copy into rule” for the Container, add a ransomWare process into the
U

denied process list, and set the action to “block”.

h
it
w

Answer: C
m

Explanation:
xa
E

To terminate any Container from the image "topSecret:latest" when a process named
E
S

"ransomWare" is executed, the administrator should create a new runtime policy in

C
C
P

Prisma Cloud Compute specifically targeting the container in question. By adding the
r
ou

"ransomWare" process to the denied process list within this policy and setting the
Y

action to "prevent," Prisma Cloud Compute will actively

r
fo

monitor for the execution of the specified process within the targeted container and
re
pa

take preventive action to terminate the container if the process is detected. This
re
P

approach allows for precise, targeted security measures that address specific threats
identified by the organization, thereby enhancing the overall security posture and
protecting sensitive workloads from potential compromise.

[Link] statement is true about obtaining Console images for Prisma Cloud Compute
Edition?
A. To retrieve Prisma Cloud Console images using basic auth:

7. Access [Link], and authenticate using ‘docker login’.

8. Retrieve the Prisma Cloud Console images using ‘docker pull’.
B. To retrieve Prisma Cloud Console images using basic auth:

9. Access [Link], and authenticate using ‘docker login’.

10. Retrieve the Prisma Cloud Console images using ‘docker pull’.
C. To retrieve Prisma Cloud Console images using URL auth:

11. Access [Link], and authenticate using the user certificate.

12. Retrieve the Prisma Cloud Console images using ‘docker pull’.
D. To retrieve Prisma Cloud Console images using URL auth:

2)
13. Access [Link], and authenticate using the user certificate.

.0
14
(V
14. Retrieve the Prisma Cloud Console images using ‘docker pull’.

ps
um
Answer: A

D
Explanation:

E
S
Retrieving Prisma Cloud Console images involves accessing a specific registry
C
C
P
provided by Palo Alto Networks and authenticating using basic authentication with
ed

'docker login'. Once authenticated, the user can pull the Prisma Cloud Console
at
pd

images using the 'docker pull' command. This process is part of the initial setup for
U

deploying Prisma Cloud Console in an environment, allowing users to obtain the

h
it
w

necessary images to run the Console, which serves as the central management
m

interface for Prisma Cloud. The detailed steps, including the specific registry URL and
xa
E

authentication method, are typically provided in the Prisma Cloud documentation,

E
S

ensuring that users have the information needed to successfully retrieve and deploy
C
C
P

Console images.
r
ou
Y
r
fo

[Link] two statements are true about the differences between build and run config
re
pa

policies? (Choose two.)

re
P

A. Run and Network policies belong to the configuration policy set.

B. Build and Audit Events policies belong to the configuration policy set.
C. Run policies monitor resources, and check for potential issues after these cloud
resources are deployed.
D. Build policies enable you to check for security misconfigurations in the IaC
templates and ensure that these issues do not get into production.
E. Run policies monitor network activities in your environment, and check for potential
issues during
runtime.
Answer: CD
Explanation:
In the context of Prisma Cloud, Build and Run policies serve distinct purposes in
securing cloud environments. Build policies are designed to evaluate Infrastructure as
Code (IaC) templates before deployment. These policies help identify and remediate
security misconfigurations in the development phase, ensuring that vulnerabilities are
addressed before the infrastructure is provisioned. This proactive approach enhances
security by preventing misconfigurations from reaching production environments.
On the other hand, Run policies are applied to resources that are already deployed in
the cloud. These policies continuously monitor the cloud environment, detecting and
alerting on potential security issues that arise in the runtime. Run policies help
maintain the security posture of cloud resources by identifying deviations from
established security baselines and enabling quick remediation of identified issues.
Both Build and Run policies are integral to a comprehensive cloud security strategy,
addressing security concerns at different stages of the cloud resource lifecycle?from

2)
development and deployment to ongoing operation.

.0
14
(V
ps
um
16.A security team notices a number of anomalies under Monitor > Events. The

D
incident response team works with the developers to determine that these anomalies

E
S
are false positives.
C
C
P
What will be the effect if the security team chooses to Relearn on this image?
ed

A. The model is deleted, and Defender will relearn for 24 hours.

at
pd

B. The anomalies detected will automatically be added to the model.

U

C. The model is deleted and returns to the initial learning state.

h
it
w

D. The model is retained, and any new behavior observed during the new learning
m

period will be added to the existing model.

xa
E

Answer: D
E
S

Explanation:
C
C
P

In Prisma Cloud, when anomalies are detected and the security team chooses to
r
ou

Relearn on a specific image, the existing behavioral model for that image is not
Y

deleted. Instead, the system retains the model and enters a new learning period,
r
fo

during which it observes the behavior of the container based on the image. If new
re
pa

behaviors are observed during this period, they are added to the existing model,
re
P

thereby refining and updating the model to reflect the current operational profile of the
container. This approach allows for dynamic adaptation to changes in container
behavior while preserving the valuable insights and patterns already established in
the model. The Relearn function is part of Prisma Cloud's adaptive capabilities,
enabling it to maintain accurate and up-to-date behavioral models that reflect the
evolving nature of containerized applications.

17.A customer does not want alerts to be generated from network traffic that
originates from trusted internal networks.
Which setting should you use to meet this customer’s request?
A. Trusted Login IP Addresses
B. Anomaly Trusted List
C. Trusted Alert IP Addresses
D. Enterprise Alert Disposition
Answer: C
Explanation:
B --> Anomaly Trusted List?Exclude trusted IP addresses when conducting tests for
PCI compliance or penetration testing on your network. Any addresses included in
this list do not generate alerts against the Prisma Cloud Anomaly Policies that detect
unusual network activity such as the policies that detect internal port scan and port
sweep activity, which are enabled by default.
C --> Trusted Alert IP Addresses?If you have internal networks that connect to your
public cloud infrastructure, you can add these IP address ranges (or CIDR blocks) as

2)
trusted ... Prisma Cloud default network policies that look for internet exposed

.0
14
instances also do not generate alerts when the source IP address is included in the

(V
trusted IP address list and the account hijacking anomaly policy filters out activities

ps
um
from known IP addresses. Also, when you use RQL to query network traffic, you can

D
filter out traffic from known networks that are included in the trusted IP address list.

E
S
For a customer who does not want alerts to be generated from network traffic
C
C
P
originating from trusted internal networks, the appropriate setting is C. Trusted Alert
ed

IP Addresses. This setting allows for specifying certain IP addresses as trusted,

at
pd

meaning alerts will not be triggered by activities from these IPs, ensuring that internal
U

network traffic is not flagged as potentially malicious.

h
it
w
m
xa
E

18.A DevOps lead reviewed some system logs and notices some odd behavior that
E
S

could be a data exfiltration attempt. The DevOps lead only has access to vulnerability
C
C
P

data in Prisma Cloud Compute, so the DevOps lead passes this information to
r
ou

SecOps.
Y

Which pages in Prisma Cloud Compute can the SecOps lead use to investigate the
r
fo

runtime aspects of this attack?

re
pa

A. The SecOps lead should investigate the attack using Vulnerability Explorer and
re
P

Runtime Radar.
B. The SecOps lead should use Incident Explorer and Compliance Explorer.
C. The SecOps lead should use the Incident Explorer page and Monitor > Events >
Container Audits.
D. The SecOps lead should review the vulnerability scans in the CI/CD process to
determine blame.
Answer: C
Explanation:
To investigate the runtime aspects of a potential data exfiltration attempt, the SecOps
lead in Prisma Cloud Compute should focus on areas that provide insights into
runtime activity and potential threats.
C. The SecOps lead should use the Incident Explorer page and Monitor > Events >
Container Audits. These sections provide detailed information on security incidents
and container-level activities, enabling a thorough investigation into the runtime
behavior that might indicate a security issue.

19.A customer finds that an open alert from the previous day has been resolved. No
auto-remediation was configured.
Which two reasons explain this change in alert status? (Choose two.)
A. user manually changed the alert status.
B. policy was changed.
C. resource was deleted.
D. alert was sent to an external integration.

2)
Answer: AC

.0
14
Explanation:

(V
When an open alert from the previous day has been resolved without any configured

ps
um
auto-remediation, the change in alert status could be due to A. a user manually

D
changing the alert status, indicating a manual intervention where someone reviewed

E
S
and updated the alert status, and C. resource was deleted, implying that the
C
C
P
resolution of the alert could be due to the removal of the resource associated with the
ed

alert, hence nullifying the alert condition.

at
pd

Reference: [Link]
U

admin/manage-prisma-cloud-alerts/[Link]
h
it
w
m
xa
E

[Link] three steps are involved in onboarding an account for Data Security?
E
S

(Choose three.)
C
C
P

A. Create a read-only role with in-line policies

r
ou

B. Create a Cloudtrail with SNS Topic

Y

C. Enable Flow Logs

r
fo

D. Enter the RoleARN and SNSARN

re
pa

E. Create a S3 bucket
re
P

Answer: BDE
Explanation:
Onboarding an account for Data Security involves several critical steps to ensure
comprehensive coverage and effective monitoring.
The steps involved include B. Create a Cloudtrail with SNS Topic to track and
manage API calls and relevant notifications, D. Enter the RoleARN and SNSARN to
provide necessary access and integration points for data security functions, and E.
Create a S3 bucket
which serves as a storage solution for logging and data capture essential for security
analysis.
[Link] administrator has deployed Console into a Kubernetes cluster running in AWS.
The administrator also has configured a load balancer in TCP passthrough mode to
listen on the same ports as the default Prisma Compute Console configuration.
In the build pipeline, the administrator wants twistcli to talk to Console over HTTPS.
Which port will twistcli need to use to access the Prisma Compute APIs?
A. 8084
B. 443
C. 8083
D. 8081
Answer: A
Explanation:
When the administrator wants twistcli to communicate with the Console over HTTPS

2)
in a Kubernetes cluster, and considering the load balancer is configured in TCP

.0
14
passthrough mode, A. 8084 is typically the port used for secure HTTPS

(V
communication with the Prisma Compute Console. This port will allow twistcli to

ps
um
access the Prisma Compute APIs securely.

D
[Link]

E
S
#connectivity-to-console
C
C
P
ed
at
pd

22.A customer is reviewing Container audits, and an audit has identified a

U

cryptominer attack.
h
it
w

Which three options could have generated this audit? (Choose three.)
m

A. The value of the mined currency exceeds $100.

xa
E

B. High CPU usage over time for the container is detected.

E
S

C. Common cryptominer process name was found.

C
C
P

D. The mined currency is associated with a user token.

r
ou

E. Common cryptominer port usage was found.

Y

Answer: BCE
r
fo

Explanation:
re
pa

In the case of identifying a cryptominer attack through container audits, the options
re
P

that could have generated this audit include B. High CPU usage over time for the
container is detected, which is a common indicator of cryptomining activity as it
consumes significant computational resources, C. Common cryptominer process
name was found, which directly indicates the presence of cryptomining based on
known malicious processes, and E. Common cryptominer port usage was found,
suggesting cryptomining activity based on network behavior typical of such attacks.

[Link] step is included when configuring Kubernetes to use Prisma Cloud

Compute as an admission controller?
A. copy the Console address and set the config map for the default namespace.
B. create a new namespace in Kubernetes called admission-controller.
C. enable Kubernetes auditing from the Defend > Access > Kubernetes page in the
Console.
D. copy the admission controller configuration from the Console and apply it to
Kubernetes.
Answer: D
Explanation:
When configuring Kubernetes to use Prisma Cloud Compute as an admission
controller, a crucial step Involves D. copy the admission controller configuration from
the Console and apply it to Kubernetes.
This step is essential for integrating Prisma Cloud Compute's security controls directly
into the Kubernetes admission process, enabling real-time security assessments and
policy enforcement for new or modified resources within the cluster.

2)
[Link]

.0
14
edition- admin/access_control/open_policy_agent.html step 2

(V
ps
um
D
24.A Prisma Cloud administrator is onboarding a single GCP project to Prisma Cloud.

E
S
Which two steps can be performed by the Terraform script? (Choose two.)
C
C
P
A. enable flow logs for Prisma Cloud.
ed

B. create the Prisma Cloud role.

at
pd

C. enable the required APIs for Prisma Cloud.

U

D. publish the flow log to a storage bucket.

h
it
w

Answer: BC
m

Explanation:
xa
E

When a Prisma Cloud administrator is onboarding a single GCP project to Prisma

E
S

Cloud, the Terraform script can perform several steps to facilitate this integration. The
C
C
P

steps include B. create the Prisma Cloud role, which is essential for defining the
r
ou

permissions and capabilities that Prisma Cloud will have within the GCP environment,
Y

and C. enable the required APIs for Prisma Cloud, ensuring that Prisma Cloud can
r
fo

access the necessary GCP services and features for comprehensive cloud security
re
pa

management.
re
P

[Link] statement about build and run policies is true?

A. Build policies enable you to check for security misconfigurations in the IaC
templates.
B. Every type of policy has auto-remediation enabled by default.
C. The four main types of policies are: Audit Events, Build, Network, and Run.
D. Run policies monitor network activities in the environment and check for potential
issues during runtime.
Answer: A
Explanation:
A true statement about build and run policies is
A. Build policies enable you to check for security misconfigurations in the IaC
templates. This capability is crucial for identifying potential security issues early in the
development process, allowing for proactive mitigation before deployment, thereby
enhancing the overall security posture of the applications and infrastructure being
developed.

[Link] administrator sees that a runtime audit has been generated for a host. The
audit message is: “Service postfix attempted to obtain capability SHELL by executing
/bin/sh /usr/libexec/postfix/postfix- [Link]. Low severity audit, event is
automatically added to the runtime model”
Which runtime host policy rule is the root cause for this runtime audit?

2)
A. Custom rule with specific configuration for file integrity

.0
14
B. Custom rule with specific configuration for networking

(V
C. Default rule that alerts on capabilities

ps
um
D. Default rule that alerts on suspicious runtime behavior

D
Answer: D

E
S
Explanation:
C
C
P
For a runtime audit generated for a host with a message indicating a service
d
e

attempting to obtain capability by executing a script, the root cause for this runtime
at
pd

audit is most likely related to D. Default rule that alerts on suspicious runtime
U

behavior. This default rule is designed to flag unusual or potentially harmful activities
h
it
w

that could indicate a security risk, prompting further investigation.

m
xa
E
E
S

[Link] option identifies the Prisma Cloud Compute Edition?

C
C
P

A. Package installed with APT

r
ou

B. Downloadable, self-hosted software

Y

C. Software-as-a-Service (SaaS)
r
fo

D. Plugin to Prisma Cloud

re
pa

Answer: B
re
P

Explanation:
The Prisma Cloud Compute Edition is identified as B. Downloadable, self-hosted
software. This option indicates that Prisma Cloud Compute Edition is a solution that
organizations can deploy within their own infrastructure, providing them with control
over the installation, configuration, and management of the security platform.
Reference: [Link]
admin-compute/welcome/pcee_vs_pcce.html

[Link] type of compliance check is available for rules under Defend > Compliance
> Containers and Images > CI?
A. Host
B. Container
C. Functions
D. Image
Answer: D
Explanation:
In the context of Defend > Compliance > Containers and Images > CI within Prisma
Cloud by Palo Alto Networks, the compliance checks are focused on the security
posture and compliance of container images. Therefore, the type of compliance check
available under this section would be related to Images, ensuring they adhere to
security best practices and compliance standards before being deployed.

2)
[Link] security team wants to protect a web application container from an SQLi

.0
14
attack.

(V
Which type of policy should the administrator create to protect the container?

ps
um
A. CNAF

D
B. Runtime

E
S
C. Compliance
C
C
P
D. CNNF
ed

Answer: A
at
pd

Explanation:
U

To protect a web application container from an SQL Injection (SQLi) attack, the
h
it
w

administrator should create a Cloud Native Application Firewall (CNAF) policy. CNAF
m

policies are designed to protect applications running in containers from various types
xa
E

of attacks, including SQLi, by inspecting the traffic going to and from the containerized
E
S

applications and blocking malicious requests.

C
C
P

Reference: [Link]
r
ou

cloud-compute-edition- admin/firewalls/waas
Y
r
fo
re
pa

[Link] S3 bucket within AWS has generated an alert by violating the Prisma Cloud
re
P

Default policy “AWS

S3 buckets are accessible to public”.
The policy definition follows:
config where [Link] = 'aws' AND [Link]='aws-s3api-get-bucket-acl' AND
[Link]="(((([Link][? (@.grantee=='AllUsers')] size > 0) or [Link] is
true) and publicAccessBlockConfiguration does not exist) or
(([Link][?(@.grantee=='AllUsers')] size > 0) and
[Link] is false) or ([Link] is
true and [Link] is false)) and
websiteConfiguration does not exist"
Why did this alert get generated?
A. an event within the cloud account
B. network traffic to the S3 bucket
C. configuration of the S3 bucket
D. anomalous behaviors
Answer: C
Explanation:
The alert "AWS S3 buckets are accessible to public" is generated due to the
configuration of the S3 bucket, which has been set in a way that allows public access.
The policy definition provided checks for various conditions that would make an S3
bucket publicly accessible, such as grants to 'AllUsers', the absence of a
'publicAccessBlockConfiguration', or specific configurations that do not restrict public
access. Therefore, the alert is triggered by the configuration settings of the S3 bucket
that violate the policy's criteria for public accessibility.

2)
.0
14
(V
[Link] DROP

ps
um
Which order of steps map a policy to a custom compliance standard? (Drag the steps

D
into the correct order of occurrence, from the first step to the last.)

E
S
C
C
P
ed
at
pd
U
h
it
w
m
xa
E
E
S
C
C
P
r
ou
Y
r
fo
re
pa
re
P

Answer:
 2)
.0
14
Explanation:

(V
ps
um
32. click on compliance standard.

D
E
S
33. add custom compliance standard.
C
C
P
ed

34. edit policies.

at
pd
U

35. add compliance standard from drop-down menu

h
it
w

[Link]
m

mpliance_checks.html#creating-a-new-custom-check
xa
E

The process of mapping a policy to a custom compliance standard in a security

E
S

platform like Prisma Cloud by Palo Alto Networks involves several specific steps.
C
C
P

Firstly, one must access the compliance standards, which is typically done by clicking
r
ou

on the "Compliance Standards" section within the platform's interface. This is where
Y

all standards, including custom and predefined ones, are listed.

r
fo

Next, if the custom compliance standard does not already exist, it must be created.
re
pa

This step involves defining the criteria and controls that make up the standard,
re
P

tailored to the organization's specific requirements.

Once the custom compliance standard is in place, the policy in question needs to be
edited. This editing process would involve configuring the policy to align with the
compliance controls outlined in the custom standard, ensuring that the policy will
enforce or check for the necessary requirements as defined by the standard.
Finally, the last step is to formally associate or map the edited policy with the custom
compliance standard. This is typically done by adding the policy to the standard,
which may involve selecting the custom compliance standard from a drop-down menu
within the policy settings, confirming that this particular policy should be enforced as
part of the compliance checks for that standard.
This ordered process ensures that policies are properly aligned with the organization's
compliance goals and can be enforced and reported on accurately within the security
platform.

36.A customer is interested in PCI requirements and needs to ensure that no privilege
containers can start in the environment.
Which action needs to be set for “do not use privileged containers”?
A. Prevent
B. Alert
C. Block
D. Fail
Answer: C
Explanation:

2)
Block???Defender stops the entire container if a process that violates your policy

.0
14
attempts to run.

(V
[Link]

ps
um
me_defense_containers.html#_effect

D
E
S
C
C
P
[Link] an existing ECS Cluster, which option shows the steps required to install the
ed

Console in Amazon ECS?

at
pd

A. The console cannot natively run in an ECS cluster. A onebox deployment should
U

be used.
h
it
w

B. Download and extract the release tarball

m

Ensure that each node has its own storage for Console data Create the Console task
xa
E

definition Deploy the task definition

E
S

C. Download and extract release tarball Download task from AWS Create the
C
C
P

Console task definition Deploy the task definition

r
ou

D. Download and extract the release tarball Create an EFS file system and mount to
Y

each node in the cluster Create the Console task definition Deploy the task definition
r
fo

Answer: D
re
pa

Explanation:
re
P

Reference: [Link]
cloud-compute-edition- admin/install/install_amazon_ecs.html
To install the Console in an Amazon ECS Cluster, the steps involve downloading and
extracting the release tarball, which contains the necessary files for the Console.
Then, an Amazon Elastic File System (EFS) should be created and mounted to each
node in the ECS cluster to provide shared storage for Console data. Following this, a
Console task definition needs to be created in ECS, which defines how the Console
container should run. Finally, this task definition is deployed to the ECS cluster to start
the Console.
[Link] options show the steps required to upgrade Console when using projects?
A. Upgrade all Supervisor Consoles Upgrade Central Console
B. Upgrade Central Console
Upgrade Central Console Defenders
C. Upgrade Defender Upgrade Central Console
Upgrade Supervisor Consoles
D. Upgrade Central Console Upgrade all Supervisor Consoles
Answer: A
Explanation:
When you have one or more tenant or scale Projects, upgrade all Supervisors before
upgrading the Central Console. [Link]
cloud/20-09/prisma-cloud-compute-edition-admin/upgrade/upgrade_process

2)
.0
14
39.A customer has Prisma Cloud Enterprise and host Defenders deployed.

(V
What are two options that allow an administrator to upgrade Defenders? (Choose

ps
um
two.)

D
A. with auto-upgrade, the host Defender will auto-upgrade.

E
S
B. auto deploy the Lambda Defender.
C
C
P
C. click the update button in the web-interface.
ed

D. generate a new DaemonSet file.

at
pd

Answer: AD
U

Explanation:
h
it
w

In Prisma Cloud, Defenders can be set to auto-upgrade, which is a feature that allows
m

the host Defender to automatically upgrade to the latest version without manual
xa
E

intervention. This ensures that the Defenders are always up-to-date with the latest
E
S

security features and fixes, enhancing the security posture of the environment they
C
C
P

protect.
r
ou
Y
r
fo

[Link] intensity setting for anomaly alerts is used for the measurement of 100
re
pa

events over 30 days?

re
P

A. High
B. Medium
C. Low
D. Very High
Answer: B
Explanation:
In the context of setting anomaly alert intensities in Prisma Cloud, an intensity setting
of "Medium" could be used for the measurement of 100 events over 30 days. This
setting indicates a moderate level of anomaly detection sensitivity, which is suitable
for environments where there is a need to balance between detecting potential
security issues and minimizing false positives.
Reference: [Link]
n/manage-prisma-cloud-administrators/[Link]

[Link] this information:

The Console is located at [Link] The username is:
cluster
The password is: password123
The image to scan is: myimage:latest
Which twistcli command should be used to scan a Container for vulnerabilities and
display the details about each vulnerability?
A. twistcli images scan --console-address [Link] -u
cluster -p password123 -- details myimage:latest

2)
B. twistcli images scan --console-address [Link] -u cluster

.0
14
-p password123 - - vulnerability-details myimage:latest

(V
C. twistcli images scan --address [Link] -u cluster -p

ps
um
password123 -- vulnerability- details myimage:latest

D
D. twistcli images scan --address [Link] -u cluster -p

E
S
password123 -- details myimage:latest
C
C
P
Answer: D
ed

Explanation:
at
pd

[Link]
U

compute/tools/twistcli_scan_images
h
it
w
m
xa
E

[Link] development team wants to block Cross Site Scripting attacks from pods in its
E
S

environment.
C
C
P

How should the team construct the CNAF policy to protect against this attack?
r
ou

A. create a Host CNAF policy, targeted at a specific resource, check the box for XSS
Y

attack protection, and set the action to “prevent”.

r
fo

B. create a Container CNAF policy, targeted at a specific resource, check the box for
re
pa

XSS attack protection, and set the action to alert.

re
P

C. create a Container CNAF policy, targeted at a specific resource, check the box for
XSS protection, and set the action to prevent.
D. create a Container CNAF policy, targeted at a specific resource, and they should
set “Explicitly allowed inbound IP sources” to the IP address of the pod.
Answer: C
Explanation:
To protect pods in an environment from Cross-Site Scripting (XSS) attacks, the
development team should create a Container Cloud Native Application Firewall
(CNAF) policy. This policy should be targeted at the specific resource (e.g., a
particular pod or set of pods), with the option for XSS protection checked, and the
action set to "prevent." This configuration ensures that any XSS attacks directed at
the targeted containers are effectively blocked.

[Link] Prisma Cloud administrator has configured a new policy.

Which steps should be used to assign this policy to a compliance standard?
A. Edit the policy, go to step 3 (Compliance Standards), click + at the bottom, select
the compliance standard, fill in the other boxes, and then click Confirm.
B. Create the Compliance Standard from Compliance tab, and then select Add to
Policy.
C. Open the Compliance Standards section of the policy, and then save.
D. Custom policies cannot be added to existing standards.
Answer: A
Explanation:

2)
To assign a new policy to a compliance standard in Prisma Cloud, the administrator

.0
14
needs to edit the policy and navigate to the step where compliance standards are

(V
managed. By clicking the '+' button, the administrator can add the policy to a specific

ps
um
compliance standard, provide necessary details, and confirm the assignment. This

D
integrates the custom policy into the chosen compliance standard, ensuring that

E
S
compliance checks include the newly defined policy criteria.
C
C
P
ed
at
pd

[Link] administrator wants to install the Defenders to a Kubernetes cluster. This

U

cluster is running the console on the default service endpoint and will be exporting to
h
it
w

YAML.
m

Console Address: $CONSOLE_ADDRESS Websocket Address:

xa
E

$WEBSOCKET_ADDRESS User:
E
S

$ADMIN_USER
C
C
P

Which command generates the YAML file for Defender install?

r
ou

A. <PLATFORM>/twistcli defender \
Y

--address $CONSOLE_ADDRESS \
r
fo

--user $ADMIN_USER \
re
pa

--cluster-address $CONSOLE_ADDRESS
re
P

B. <PLATFORM>/twistcli defender export kubernetes \

--address $WEBSOCKET_ADDRESS \
--user $ADMIN_USER \
--cluster-address $CONSOLE_ADDRESS
C. <PLATFORM>/twistcli defender YAML kubernetes \
--address $CONSOLE_ADDRESS \
--user $ADMIN_USER \
--cluster-address $WEBSOCKET_ADDRESS
D. <PLATFORM>/twistcli defender export kubernetes \
--address $CONSOLE_ADDRESS \
--user $ADMIN_USER \
--cluster-address $WEBSOCKET_ADDRESS
Answer: D
Explanation:
The correct command to generate the YAML file for Defender install in a Kubernetes
cluster, considering the console and websocket addresses, as well as the admin user,
would typically involve specifying the addresses and user details. The option D seems
most aligned with standard practices for such commands, where you export the
Defender configuration for Kubernetes, specifying the console and websocket
addresses along with the user details.
Reference: [Link]
admin-compute/install/install_kubernetes.html

2)
[Link] options show the steps required after upgrade of Console?

.0
14
A. Uninstall Defenders Upgrade Jenkins Plugin

(V
Upgrade twistcli where applicable

ps
um
Allow the Console to redeploy the Defender

D
B. Update the Console image in the Twistlock hosted registry Update the Defender

E
S
image in the
C
C
P
Twistlock hosted registry Uninstall Defenders
ed

C. Upgrade Defenders Upgrade Jenkins Plugin

at
pd

Upgrade twistcli where applicable

U

D. Update the Console image in the Twistlock hosted registry Update the Defender
h
it
w

image in the Twistlock hosted registry Redeploy Console

m

Answer: A
xa
E

Explanation:
E
S

After upgrading the Prisma Cloud Console (formerly Twistlock Console), the steps
C
C
P

outlined in option A are essential to ensure the entire Prisma Cloud ecosystem is
r
ou

updated and functioning correctly. Uninstalling Defenders, updating the Jenkins

Y

Plugin, and upgrading the TwistCLI tool are critical steps to align with the new
r
fo

Console version's capabilities and security enhancements. This process ensures that
re
pa

Defenders (the agents deployed to protect various resources) are compatible with the
re
P

upgraded Console, and that the development and CI/CD tools integrated with Prisma
Cloud, such as Jenkins, continue to operate effectively with the updated platform. The
final step, allowing the Console to redeploy the Defender, ensures that all
components are synchronized and that the security posture is maintained across the
environment. This approach is consistent with best practices for maintaining cloud
security tools and ensuring that updates do not disrupt the protected environment's
security posture.

[Link] organization wants to be notified immediately to any “High Severity” alerts for
the account group “Clinical Trials” via Slack.
Which option shows the steps the organization can use to achieve this goal?
A. 1. Configure Slack Integration

47. Create an alert rule and select “Clinical Trials” as the account group

48. Under the “Select Policies” tab, filter on severity and select “High”

49. Under the Set Alert Notification tab, choose Slack and populate the channel

50. Set Frequency to “As it Happens”

B. 1. Create an alert rule and select “Clinical Trials” as the account group

51. Under the “Select Policies” tab, filter on severity and select “High”

2)
.0
14
52. Under the Set Alert Notification tab, choose Slack and populate the channel

(V
ps
um
53. Set Frequency to “As it Happens”

D
E
S
54. Set up the Slack Integration to complete the configuration
C
C
P
C. 1. Configure Slack Integration
ed
at
pd

55. Create an alert rule

U
h
it
w

56. Under the “Select Policies” tab, filter on severity and select “High”
m
xa
E

57. Under the Set Alert Notification tab, choose Slack and populate the channel
E
S
C
C
P

58. Set Frequency to “As it Happens”

r
ou

D. 1. Under the “Select Policies” tab, filter on severity and select “High”
Y
r
fo

59. Under the Set Alert Notification tab, choose Slack and populate the channel
re
pa
re
P

60. Set Frequency to “As it Happens”

61. Configure Slack Integration

62. Create an Alert rule

Answer: A
Explanation:
To achieve immediate notification for "High Severity" alerts for a specific account
group via Slack, the steps outlined in option A provide a comprehensive and effective
approach. Firstly, configuring the Slack Integration establishes the necessary
communication channel between Prisma Cloud and the Slack workspace. Creating an
alert rule with the specified account group and severity filters ensures that only
relevant alerts trigger notifications. Selecting Slack as the notification channel and
setting the frequency to "As it Happens" ensures real-time alerting for critical issues.
This method leverages Prisma Cloud's alerting capabilities and Slack's real-time
messaging platform to promptly notify the security team, enabling swift action to
mitigate risks. This approach is in line with Prisma Cloud's flexible and configurable
alerting system, designed to integrate with various external platforms for efficient
incident response.

63.A business unit has acquired a company that has a very large AWS account
footprint. The plan is to immediately start onboarding the new company’s AWS
accounts into Prisma Cloud Enterprise tenant immediately. The current company is

2)
currently not using AWS Organizations and will require each account to be onboarded

.0
14
individually.

(V
The business unit has decided to cover the scope of this action and determined that a

ps
um
script should be written to onboard each of these accounts with general settings to

D
gain immediate posture visibility across the accounts.

E
S
Which API endpoint will specifically add these accounts into the Prisma Cloud
C
C
P
Enterprise tenant?
ed

A. [Link]
at
pd

B. [Link]
U

C. [Link]
h
it
w

D. [Link]
m

Answer: C
xa
E

Explanation:
E
S

To add AWS accounts to the Prisma Cloud Enterprise tenant, the correct API
C
C
P

endpoint is option C: [Link] This endpoint is specifically

r
ou

designed for integrating cloud accounts with Prisma Cloud, enabling centralized
Y

visibility and security posture management across multiple cloud environments. By

r
fo

using this API endpoint, each AWS account can be individually onboarded to the
re
pa

Prisma Cloud platform, allowing for immediate posture visibility and consistent
re
P

security policy enforcement across the newly acquired company's extensive AWS
footprint. This process aligns with Prisma Cloud's capabilities for multi-cloud security
and compliance management, ensuring that the onboarding of cloud accounts is both
efficient and aligned with the platform's best practices for cloud security.

64.A security team has a requirement to ensure the environment is scanned for
vulnerabilities.
What are three options for configuring vulnerability policies? (Choose three.)
A. individual actions based on package type
B. output verbosity for blocked requests
C. apply policy only when vendor fix is available
D. individual grace periods for each severity level
E. customize message on blocked requests
Answer: ACD
Explanation:
Configuring vulnerability policies within Prisma Cloud involves several options that
cater to different
aspects of vulnerability management and policy enforcement.
Options A, C, and D are valid configurations for vulnerability policies:
A) Individual actions based on package type allow for tailored responses to
vulnerabilities found in specific types of software packages, enabling more granular
control over the remediation process.
C) Applying policies only when a vendor fix is available helps prioritize the

2)
remediation of vulnerabilities for which a patch or update has been released by the

.0
14
software vendor, ensuring efficient use of resources in addressing the most

(V
actionable security issues.

ps
um
D) Setting individual grace periods for each severity level allows organizations to

D
define different time frames for addressing vulnerabilities based on their severity,

E
S
enabling a prioritized and risk-based approach to vulnerability management.
C
C
P
These configurations support a comprehensive vulnerability management strategy by
ed

allowing customization and prioritization based on the nature of the vulnerability, the
at
pd

availability of fixes, and the risk level associated with each vulnerability.
U
h
it
w
m

[Link] Unusual protocol activity (Internal) network anomaly is generating too many
xa
E

alerts. An administrator has been asked to tune it to the option that will generate the
E
S

least number of events without disabling it entirely.

C
C
P

Which strategy should the administrator use to achieve this goal?

r
ou

A. Disable the policy

Y

B. Set the Alert Disposition to Conservative

r
fo

C. Change the Training Threshold to Low

re
pa

D. Set Alert Disposition to Aggressive

re
P

Answer: B
Explanation:
To reduce the number of alerts generated by the "Unusual protocol activity (Internal)"
network anomaly without entirely disabling the policy, setting the Alert Disposition to
Conservative (option B) is the most effective strategy. This configuration adjusts the
sensitivity of the anomaly detection, reducing the likelihood of false positives and
minimizing alert fatigue without compromising the ability to detect genuine security
threats. By adopting a more conservative approach to anomaly detection, the
administrator can ensure that only the most significant and potentially harmful
activities trigger alerts, thus maintaining a balance between security vigilance and
operational efficiency.
[Link] is the behavior of Defenders when the Console is unreachable during
upgrades?
A. Defenders continue to alert, but not enforce, using the policies and settings most
recently cached before upgrading the Console.
B. Defenders will fail closed until the web-socket can be re-established.
C. Defenders will fail open until the web-socket can be re-established.
D. Defenders continue to alert and enforce using the policies and settings most
recently cached before upgrading the Console.
Answer: D
Explanation:
When the Console is unreachable during upgrades, Defenders continue to alert and

2)
enforce using the policies and settings most recently cached before the upgrade

.0
14
(option D). This behavior ensures that security enforcement remains active and

(V
consistent, even when the central management console is temporarily unavailable.

ps
um
The cached policies enable Defenders to maintain the security posture based on the

D
last known configuration, ensuring continuous protection against threats and

E
S
compliance with established security policies. This approach reflects Prisma Cloud's
C
C
P
design principle of ensuring uninterrupted security enforcement, thereby safeguarding
ed

the environment against potential vulnerabilities during maintenance periods.

at
pd

Reference: [Link]
U

cloud-compute-edition- admin/upgrade/upgrade_process.html
h
it
w
m
xa
E

[Link] are the following categorized?

E
S

Backdoor account access Hijacked processes Lateral movement

C
C
P

Port scanning
r
ou

A. audits
Y

B. incidents
r
fo

C. admission controllers
re
pa

D. models
re
P

Answer: B
Explanation:
The activities listed (Backdoor account access, Hijacked processes, Lateral
movement, Port scanning) are categorized as incidents (option B). Incidents
represent security events or patterns of activity that indicate potential security
breaches or malicious behavior within the environment. Prisma Cloud identifies and
classifies such activities as incidents to highlight significant security concerns that
require investigation and potential remediation. This categorization helps security
teams prioritize their response efforts, focusing on activities that pose a real threat to
the integrity and security of the cloud environment. By distinguishing incidents from
other types of security findings, Prisma Cloud enables more effective incident
response and threat management processes.

[Link] DROP
An administrator needs to write a script that automatically deactivates access keys
that have not been used for 30 days.
In which order should the API calls be used to accomplish this task? (Drag the steps
into the correct order from the first step to the last.)

2)
.0
14
(V
ps
um
D
E
S
C
C
P
ed
at
pd
U
h
it
w
m
xa

Answer:
E
E
S
C
C
P
r
ou
Y
r
fo
re
pa
re
P

Explanation:
POST [Link]
GET [Link]
PATCH [Link]
To write a script that automatically deactivates access keys that have not been used
for 30 days, an administrator would need to follow an ordered sequence of API calls
to the Prisma Cloud platform. The first API call must authenticate the script with the
Prisma Cloud API, which is typically done using a POST request to the login endpoint.
This step is necessary to establish a session and retrieve an authentication token
required for subsequent API calls.
Once the script is authenticated, the next call is a GET request to the access_keys
endpoint. This retrieves a list of all access keys within the environment. The script can
then parse through these keys to determine which ones have not been used within
the specified timeframe of 30 days.

2)
For each access key that meets the criteria (unused for 30 days), the script must send

.0
14
a PATCH request to the specific access key's endpoint, which includes the access

(V
key ID and the desired status. This request will change the status of the access key to

ps
um
'inactive' or a similar status that denotes deactivation.

D
Following this ordered sequence ensures that the script systematically authenticates,

E
S
evaluates, and updates the status of access keys based on their usage, thereby
C
C
P
maintaining security and compliance within the Prisma Cloud environment.
ed
at
pd
U

[Link] method should be used to authenticate to Prisma Cloud Enterprise

h
it
w

programmatically?
m

A. single sign-on
xa
E

B. SAML
E
S

C. basic authentication
C
C
P

D. access key
r
ou

Answer: D
Y

Explanation:
r
fo

To authenticate to Prisma Cloud Enterprise programmatically, the use of an access

re
pa

key is the most suitable method among the given options. Access keys, typically
re
P

consisting of an Access Key ID and Secret Access Key, are used for programmatic
calls to the Prisma Cloud API. This method enables secure, authenticated API
requests to Prisma Cloud services without requiring manual user intervention, which
is essential for automation and integration with CI/CD pipelines.
Reference to the use of access keys for programmatic access can often be found in
the API documentation of cloud security platforms like Prisma Cloud. While specific
documentation from Prisma Cloud is not directly quoted here, the general practice
across cloud services (AWS, Azure, GCP) supports the use of access keys for API
authentication, making it a verified approach for Prisma Cloud as well.
Reference: [Link]
admin/get-started-with- prisma-cloud/[Link]
[Link] option shows the steps to install the Console in a Kubernetes Cluster?
A. Download the Console and Defender image Generate YAML for Defender Deploy
Defender YAML using kubectl
B. Download and extract release tarball Generate YAML for Console Deploy Console
YAML using kubectl
C. Download the Console and Defender image Download YAML for Defender from
the document site Deploy Defender YAML using kubectl
D. Download and extract release tarball Download the YAML for Console Deploy
Console YAML using kubectl
Answer: B
Explanation:

2)
The installation of the Prisma Cloud Console in a Kubernetes cluster involves a series

.0
14
of steps that start with preparing the necessary deployment configurations, typically

(V
provided as YAML files. The process begins by downloading and extracting the

ps
um
release tarball, which contains the necessary files and instructions for the

D
deployment. After extracting the tarball, you generate YAML files for the Console

E
S
deployment. These YAML files define the Kubernetes resources needed to deploy
C
C
P
and run the Console, such as Deployments, Services, and ConfigMaps. Finally, you
ed

deploy the Console by applying the generated YAML files using the kubectl
at
pd

command, which communicates with the Kubernetes API to create the specified
U

resources in your cluster.

h
it
w

This process is aligned with Kubernetes best practices for deploying applications and
m

is indicative of
xa
E

the steps required for deploying complex applications like the Prisma Cloud Console.
E
S

The method ensures that all necessary configurations and dependencies are correctly
C
C
P

defined and deployed in the Kubernetes environment.

r
ou
Y
r
fo

71.A customer has a requirement to automatically protect all Lambda functions with
re
pa

runtime protection.
re
P

What is the process to automatically protect all the Lambda functions?

A. Configure a function scan policy from the Defend/Vulnerabilities/Functions page.
B. Configure serverless radar from the Defend/Compliance/Cloud Platforms page.
C. Configure a manually embedded Lambda Defender.
D. Configure a serverless auto-protect rule for the functions.
Answer: D
Explanation:
Reference: [Link]
functions/Automatically protecting all Lambda functions with runtime protection in
Prisma Cloud can be achieved by configuring a serverless auto-protect rule. This
feature allows for the automatic application of runtime protection policies to all
Lambda functions without the need for manual intervention or embedding defenders
in each function. The auto-protect rule ensures that as new Lambda functions are
deployed, they are automatically protected based on the predefined security policies,
maintaining a consistent security posture across all serverless functions.
This approach leverages the capabilities of Prisma Cloud to integrate seamlessly with
serverless architectures, providing a layer of security that is both comprehensive and
adaptive to the dynamic nature of serverless computing. By automating the protection
process, organizations can ensure that their serverless functions are always covered
by the latest security policies, reducing the risk of vulnerabilities and attacks.

[Link] statement accurately characterizes SSO Integration on Prisma Cloud?

A. Prisma Cloud supports IdP initiated SSO, and its SAML endpoint supports the

2)
POST and GET methods.

.0
14
B. Okta, Azure Active Directory, PingID, and others are supported via SAML.

(V
C. An administrator can configure different Identity Providers (IdP) for all the cloud

ps
um
accounts that Prisma Cloud monitors.

D
D. An administrator who needs to access the Prisma Cloud API can use SSO after

E
S
configuration.
C
C
P
Answer: B
ed

Explanation:
at
pd

Prisma Cloud supports Single Sign-On (SSO) integration through Security Assertion
U

Markup Language (SAML), enabling users to authenticate using their existing identity
h
it
w

providers (IdPs) such as Okta, Azure Active Directory, PingID, among others. This
m

SSO integration allows for a seamless user

xa
E

authentication experience, where users can log in to Prisma Cloud using their
E
S

credentials managed by their organization's IdP. The SAML protocol facilitates this by
C
C
P

allowing secure exchange of authentication and authorization data between the IdP
r
ou

and Prisma Cloud.

Y

This integration enhances security by centralizing user authentication, reducing the

r
fo

number of passwords users need to remember, and enabling organizations to enforce

re
pa

their security policies, such as multi-factor authentication (MFA) and password

re
P

complexity, across their cloud security tools. SAML support is a common feature in
cloud security platforms for integrating with various IdPs, making it a verified
approach for Prisma Cloud as well.

[Link] DROP
Match the service on the right that evaluates each exposure type on the left. (Select
your answer from the pull-down list. Answers may be used more than once or not at
all.)
 2)
.0
14
(V
ps
um
D
E
S
C
C
Answer:
P
ed
at
pd
U
h
it
w
m
xa
E
E
S
C
C
P
r
ou
Y
r
fo
re
pa
re
P

Explanation:
Reference: [Link]
[Link] are two ways to scan container images in Jenkins pipelines? (Choose two.)
A. twistcli
B. Jenkins Docker plugin
C. Compute Jenkins plugin
D. Compute Azure DevOps plugin
E. Prisma Cloud Visual Studio Code plugin with Jenkins integration
Answer: AC
Explanation:
To scan container images in Jenkins pipelines, two effective methods are using
twistcli and the Compute Jenkins plugin. twistcli is a command-line tool provided by
Prisma Cloud that allows for the scanning of container images for vulnerabilities and
compliance issues directly from the CI/CD pipeline. It can be integrated into Jenkins

2)
jobs as a build or post-build step to automatically scan images as part of the build

.0
14
process.

(V
The Compute Jenkins plugin is specifically designed for integration with Jenkins,

ps
um
providing a more seamless and automated way to include Prisma Cloud's security

D
scanning capabilities within Jenkins pipelines. This plugin enables Jenkins to trigger

E
S
image scans with Prisma Cloud directly and can fail builds based on scan results,
C
C
P
ensuring that only secure and compliant images are pushed through the CI/CD
ed

pipeline.
at
pd

Both twistcli and the Compute Jenkins plugin are designed to integrate Prisma
U

Cloud's security capabilities into the CI/CD process, enabling DevOps teams to
h
it
w

identify and fix security issues early in the development lifecycle.

m
xa
E
E
S

75.A customer wants to harden its environment from misconfiguration.

C
C
P

Prisma Cloud Compute Compliance enforcement for hosts covers which three
r
ou

options? (Choose three.)

Y

A. Docker daemon configuration files

r
fo

B. Docker daemon configuration

re
pa

C. Host cloud provider tags

re
P

D. Host configuration
E. Hosts without Defender agents
Answer: ABD
Explanation:
Prisma Cloud Compute Compliance enforcement for hosts covers several aspects to
ensure a secure and compliant host environment, particularly within containerized
environments. These include: Docker daemon configuration files: Ensuring that
Docker daemon configuration files are set up according to best security practices is
crucial. These files contain various settings that control the behavior of the Docker
daemon, and misconfigurations can lead to security vulnerabilities.
Docker daemon configuration: Beyond just the configuration files, the overall
configuration of the Docker daemon itself is critical. This encompasses runtime
settings and command-line options that determine how Docker containers are
executed and managed on the host.
Host configuration: The security of the underlying host on which Docker and other
container runtimes are installed is paramount. This includes the configuration of the
host's operating system, network settings, file permissions, and other system-level
settings that can impact the security of the containerized applications running on top.
By focusing on these areas, Prisma Cloud ensures that not just the containers but
also the environment they run in is secure, adhering to compliance standards and
best practices to mitigate risks associated with containerized deployments.

76.A Prisma Cloud administrator is tasked with pulling a report via API. The Prisma

2)
Cloud tenant is located on [Link].

.0
14
What is the correct API endpoint?

(V
A. [Link]

ps
um
B. [Link]

D
C. httsp://[Link]

E
S
D. [Link]
C
C
P
Answer: D
ed

Explanation:
at
pd

[Link]
U

When accessing the Prisma Cloud API for a tenant located on [Link],
h
it
w

the correct API endpoint to use would be [Link] This endpoint

m

corresponds to the Prisma Cloud service instance hosted on [Link],

xa
E

ensuring that API requests are directed to the correct instance of the service for
E
S

processing.
C
C
P

The use of api2 in the URL indicates that this is the second instance or a different
r
ou

geographical or functional partition of the Prisma Cloud service, which might be used
Y

for load balancing, redundancy, or serving different sets of users. It is crucial to use
r
fo

the correct endpoint corresponding to the Prisma Cloud console URL to ensure
re
pa

successful API communication and authentication.

re
P

77.A customer has Defenders connected to Prisma Cloud Enterprise. The Defenders
are deployed as a DaemonSet in OpenShift.
How should the administrator get a report of vulnerabilities on hosts?
A. Navigate to Monitor > Vulnerabilities > CVE Viewer
B. Navigate to Defend > Vulnerabilities > VM Images
C. Navigate to Defend > Vulnerabilities > Hosts
D. Navigate to Monitor > Vulnerabilities > Hosts
Answer: D
Explanation:
To view the vulnerabilities identified on a host, navigating to the "Monitor >
Vulnerabilities > Hosts" section within the Prisma Cloud Console is the correct
approach. This section is specifically designed to provide a comprehensive overview
of all detected vulnerabilities within the host environment, offering detailed insights
into each vulnerability's nature, severity, and potential impact.
This pathway allows users to efficiently assess the security posture of their hosts,
prioritize vulnerabilities based on their severity, and take appropriate remediation
actions. The "Hosts" section under "Vulnerabilities" is tailored to display vulnerabilities
related to host configurations, installed software, and other host-level security
concerns, making it the ideal location within the Prisma Cloud Console for this
purpose.

2)
[Link] DROP

.0
14
Order the steps involved in onboarding an AWS Account for use with Data Security

(V
feature.

ps
um
D
E
S
C
C
P
ed
at
pd
U
h
it
w
m
xa
E
E
S
C
C
P
r
ou
Y
r
fo
re
pa
re
P

Answer:
 2)
.0
14
(V
ps
Explanation:

um
Create CloudTrail with S3 as storage

D
E
S
Enter SNS Topic in CloudTrail
C
Enter RoleARN and SNSARN C
P
d

Create Stack
e
at

Comprehensive Detailed
pd
U

Onboarding an AWS account for use with the Data Security feature involves setting
h
it

up AWS CloudTrail to monitor API calls and log the data to an Amazon S3 bucket,
w
m

which is essential for auditing and security purposes.

xa

The first step in the onboarding process is to create an AWS CloudTrail with S3 as
E
E

the storage destination. This is where all the CloudTrail logs will be collected and
S
C
C

stored. The S3 bucket must be properly configured to receive and store logs.
P
r

After setting up CloudTrail, the next step is to enter the Amazon Simple Notification
ou
Y

Service (SNS) topic in CloudTrail. This step involves specifying an SNS topic that
r
fo

CloudTrail will use to send notifications of log file delivery to the specified S3 bucket.
re
pa

The third step is to enter the Role Amazon Resource Name (RoleARN) and the SNS
re

Amazon Resource Name (SNSARN). RoleARN refers to the IAM role that grants
P

permissions to the CloudTrail to access resources, while SNSARN is the identifier for
the SNS topic created in the previous step.
Finally, the last step is to create a stack, which typically refers to deploying a
CloudFormation template or another infrastructure as code service in AWS. This
stack will set up all the necessary resources and configurations automatically,
including the correct permissions and settings for the Data Security feature to function
correctly.
These steps ensure that the AWS account is properly configured to capture and store
API call logs and to notify the appropriate systems or personnel when specific events
occur, thereby enhancing data security monitoring and compliance.
 GET FULL VERSION OF PCCSE DUMPS

Powered by TCPDF ([Link])