New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Paloalto Networks Cloud Security Engineer PCCSE New Questions

Page: 7 / 20
Total 260 questions

Prisma Certified Cloud Security Engineer Questions and Answers

Question 25

A customer has a requirement to terminate any Container from image topSecret:latest when a process named ransomWare is executed.

How should the administrator configure Prisma Cloud Compute to satisfy this requirement?

Options:

A.

set the Container model to manual relearn and set the default runtime rule to block for process protection.

B.

set the Container model to relearn and set the default runtime rule to prevent for process protection.

C.

add a new runtime policy targeted at a specific Container name, add ransomWare process into the denied process list, and set the action to “prevent”.

D.

choose “copy into rule” for the Container, add a ransomWare process into the denied process list, and set the action to “block”.

Question 26

Which Defender type performs registry scanning?

Options:

A.

Serverless

B.

Container

C.

Host

D.

RASP

Question 27

Which step should a SecOps engineer implement in order to create a network exposure policy that identifies instances accessible from any untrusted internet sources?

Options:

A.

In Policy Section-> Add Policy-> Config type -> Define Policy details Like Name,Severity-> Configure RQL query "config from network where source.network = UNTRUSTJNTERNET and dest.resource.type = 'Instance' and dest.cloud.type = 'AWS*" -> define compliance standard -> Define recommendation for remediation & save.

B.

In Policy Section-> Add Policy-> Network type -> Define Policy details Like Name.Severity-> Configure RQL query "network from vpc.flow_record where source.publicnetwork IN ('Suspicious IPs', 'Internet IPs') and dest.resource IN (resource where role IN ('Instance ))" -> define compliance standard -> Define recommendation for remediation & save.

C.

In Policy Section-> Add Policy-> Network type -> Define Policy details Like Name.Severity-> Configure RQL query "network from vpc.flow_record where source.publicnetwork IN ('Suspicious IPs', 'Internet IPs') and dest.resource IN (resource where role IN ( Instance ))" -> define compliance standard -> Define recommendation for remediation & save.

D.

In Policy Section-> Add Policy-> Network type -> Define Policy details Like Name.Severity-> Configure RQL query "config from network where source.network = UNTRUSTJNTERNET and dest.resource.type = 'Instance' and dest.cloud.type = 'AWS'" -> Define recommendation for remediation & save.

Question 28

Prisma Cloud Compute has been installed on Onebox. After Prisma Cloud Console has been accessed. Defender is disconnected and keeps returning the error "No console connectivity" in the logs.

What could be causing the disconnection between Console and Defender in this scenario?

Options:

A.

Port 8083 is not open for Console and Defender communication.

B.

The license key provided to the Console is invalid.

C.

Port 8084 is not open for Console and Defender communication.

D.

Onebox script installed an older version of the Defender.

Page: 7 / 20
Total 260 questions