New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

PCCSE Exam Questions Tutorials

Page: 14 / 20
Total 260 questions

Prisma Certified Cloud Security Engineer Questions and Answers

Question 53

Given the following information, which twistcli command should be run if an administrator were to exec into a running container and scan it from within using an access token for authentication?

• Console is located at

• Token is: TOKEN_VALUE

• Report ID is: REPORTJD

• Container image running is: myimage:latest

Options:

A.

twistcli images scan --address https://prisma-console.mydomain.local —token TOKENVALUE —containerized —details myimage:latest

B.

twistcli images scan —console-address https://prisma-console.mydomain.local —auth-token MY_TOKEN —local-scan —details myimage:latest

C.

twistcli images scan —address https://prisma-console.mydomain.local —token TOKEN_VALUE —containerized --details REPORT_ID

D.

twistcli images scan --console-address https://prisma-console.mydomain.local --auth-token TOKEN_VALUE —containerized —vulnerability-details REPORT_ID

Question 54

The compliance team needs to associate Prisma Cloud policies with compliance frameworks. Which option should the team select to perform this task?

Options:

A.

Custom Compliance

B.

Policies

C.

Compliance

D.

Alert Rules

Question 55

An administrator sees that a runtime audit has been generated for a host. The audit message is:

“Service postfix attempted to obtain capability SHELL by executing /bin/sh /usr/libexec/postfix/postfix- script.stop. Low severity audit, event is automatically added to the runtime model”

Which runtime host policy rule is the root cause for this runtime audit?

Options:

A.

Custom rule with specific configuration for file integrity

B.

Custom rule with specific configuration for networking

C.

Default rule that alerts on capabilities

D.

Default rule that alerts on suspicious runtime behavior

Question 56

What is a benefit of the Cloud Discovery feature?

Options:

A.

It does not require any specific permissions to be granted before use.

B.

It helps engineers find all cloud-native services being used only on AWS.

C.

It offers coverage for serverless functions on AWS only.

D.

It enables engineers to continuously monitor all accounts and report on the services that are unprotected.

Page: 14 / 20
Total 260 questions