Exactprep PCCSE Questions

In Azure, to enable Prisma Cloud to calculate net effective permissions across Management Groups, the necessary permission is "Microsoft.Management/managementGroups/descendants/read." This permission grants Prisma Cloud the ability to read the management group hierarchy and the related details, allowing for a comprehensive analysis of the effective permissions applied across different levels of the management group structure. By having this level of access, Prisma Cloud can accurately assess and report on the permissions assigned to various resources and identities within the Azure environment, facilitating better security and compliance management.

To detect and alert on cryptominer network activity, the policy type that should be used is an Anomaly policy. Anomaly policies in Prisma Cloud are designed to identify unusual and potentially malicious activities, including the network patterns typical of cryptomining operations. These policies leverage behavioral analytics to spot deviations from normal operations, making Option B the correct answer.

Suspicious network actors—Exposes suspicious connections by inspecting the network traffic to and from your cloud environment and correlating it with AutoFocus, Palo Alto Networks threat intelligence feed. AutoFocus identifies IP addresses involved in suspicious or malicious activity and classifies them into one of eighteen categories. Some examples of the categories are Backdoor, Botnet, Cryptominer, DDoS, Ransomware, Rootkit, and Worm. There are thirty-six policies, two for each of the eighteen categories—internal and external.

Click Delete if you want to remove the notification from the alarm center. Once deleted, a similar alarm will not appear for the next 24 hours, if the same error occurs in that time period. After 24 hours, a similar error will generate a new alarm notification.

Prisma Cloud includes built-in Role-Based Access Control (RBAC) permission groups to manage user access and permissions efficiently. Among the options, Group Membership Admin and Account Group Admin are two built-in RBAC permission groups. Group Membership Admins are responsible for managing user memberships within groups, while Account Group Admins have administrative privileges over specific account groups, allowing them to manage resources and policies within those groups. These roles help in delegating administrative tasks and enforcing the principle of least privilege.