Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Palo Alto Networks PCCSE > PANW PCCSE Practice Questions > Flashcards

PANW PCCSE Practice Questions Flashcards

1
Q

Which registry do you use to download the Prisma Cloud Compute Defender image?

registry. redlock.com
registry. twistlock.com
registry. prisma.com
registry. paloaltonetworks.com

A

registry.twistlock.com

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is a valid tag for a Prisma Cloud Compute Docker image?

defender_20.04.177

defender.20.04.177

defender_20_04_177

defender-20-04-177

A

defender_20_04_177

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

An organization that uses a private cloud in a black site that has no internet connection can use which product?

Google Cloud AWS S3 Management. Prisma Cloud Compute Prisma Cloud

A

Prisma Cloud Compute

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

In Prisma Cloud Compute, what is the default HTTPS port for the Console? 443 8083 8443 9443

A

8083

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the name of the configuration file that controls a Onebox configuration? twistlock.cfg twistlock.json redlock.cfg redlock.json

A

twistlock.cfg

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

In which format does the twistcli create the configuration file for the Console when using Kubernetes? JSON YAML XML CSV

A

YAML

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the two external items that need to be deployed in Kubernetes together with a console? (Choose two.) a database (DB) to store the console’s state a load balancer, which is used to expose the console to the network an ephemeral volume (EV) for the console’s temporary data a Kubernetes authorization engine to make sure only authorized administrators use the console a persistent volume (PV) to store the console’s state

A

a load balancer, which is used to expose the console to the network a persistent volume (PV) to store the console’s state

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the procedure to upgrade a non-SaaS Prisma Cloud Compute implementation? manually upgrade the console, then manually upgrade the Defenders manually upgrade the Defenders, then manually upgrade the console manually upgrade the console, which then automatically upgrades the Defenders manually upgrade both the console and Defenders in any order

A

manually upgrade the console, which then automatically upgrades the Defenders

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which command do you use to upgrade the console in Kubernetes? kubectl apply -f twistlock_console.yaml kubectl upgrade -f twistlock_console.yaml twistcli apply -f kubectl.yaml twiscli upgrade -f kuberctl.yaml

A

kubectl apply -f twistlock_console.yaml

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which command do you use to install a container Defender on Linux? rpm apt install either rpm or apt install, depending on the Linux distribution curl

A

curl

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

How does the Docker Defender receive information from the console? Pull, the Docker Defender connects to the console using TCP to ask for the information. Pull, the Docker Defender connects to the console using UDP to ask for the information. Push, the Docker Defender listens on a TCP port to receive information from the console. Push, the Docker Defender listens on a UDP port to receive information from the console.

A

Pull, the Docker Defender connects to the console using TCP to ask for the information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

The TCP listener setting in a Docker Defender running on Linux allows the Defender to function as what? a firewall a Docker proxy an SSH proxy an HTTP proxy

A

a Docker proxy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Where do you install the Docker Defender? on the hosts that run the Docker containers of the application on the images that become the Docker containers of the application on the Docker containers that implement the application on both the hosts and the images

A

on the hosts that run the Docker containers of the application

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

How do you deploy a host Defender on Windows? Download an .msi package using the browser. Run the provided command line using the old (cmd.exe) shell. Run the provided command line using PowerShell. Download an .exe command package using the browser.

A

Run the provided command line using PowerShell.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which two versions of Windows support the host Defender? (Choose two.) Windows 10 Windows 2016 Windows 2017 Windows 2019

A

Windows 2016 Windows 2019

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which version of Windows supports the host Defenders runtime defense functionality? Windows 10 Windows 2016 Windows 2017 Windows 2019

A

Windows 2019

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Which serverless platform is supported by the serverless layer deployment type? AWS Lambda GCP Cloud GCP On-Premises Azure

A

AWS Lambda

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Which three runtimes are supported by the serverless Defender? (Choose four.) PowerShell Ruby Node.js C# Python

A

Ruby Node.js C# Python

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Which three serverless platforms are supported by the serverless embedded deployment type? (Choose three.) AWS Lambda GCP Cloud Functions GCP On-Premises Azure Functions Google App Engine

A

AWS Lambda GCP Cloud Functions Azure Functions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Where do you install an app-embedded Defender? on the hosts that run the Docker containers of the application on the images that become the Docker containers of the application on the Docker containers that implement the application on both the hosts and the images

A

on the images that become the Docker containers of the application

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Which option is not a way to deploy an app-embedded Defender? (Check console) Fargate Dockerfile Shell script manual

A

Shell script

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

How do alerts propagate from the Defenders to the Console in Kubernetes? (Check diagram) Pull, the console connects to port 8083 on the Defender. Pull, the console connects to port 8084 on the Defender. Push, the Defender connects to port 8083 on the console. Push, the Defender connects to port 8084 on the console.

A

Push, the Defender connects to port 8084 on the console.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What is the usual order of upgrades if you use a self-hosted console in Prisma Cloud Compute? The console identifies that there’s a new version, upgrades itself automatically, and then upgrades the Defenders automatically. The console identifies that there’s a new version and upgrades itself automatically. You then upgrade the Defenders manually during a scheduled maintenance window. You upgrade the console manually, and then it upgrades the Defenders automatically. You upgrade both the console and Defenders manually.

A

You upgrade the console manually, and then it upgrades the Defenders automatically.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Can Defender upgrades be restricted to a specific window of time? No. Upgrades happen automatically. However, those upgrades do not cause downtime. You can disable auto-upgrade, but then you can’t upgrade the Defenders. You need to uninstall and reinstall them for the upgrade. You can disable auto-upgrade, and then upgrade the Defenders during the window from the web-based interface. You can specify the maintenance window in the console, and then Defender upgrades will happen only during that time.

A

You can disable auto-upgrade, and then upgrade the Defenders during the window from the web-based interface.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

How many queries can a policy include? How many standards? one query, one standard one query, multiple standards multiple queries, one standard multiple queries, multiple standards

A

one query, multiple standards

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Which three protocols are identified by the following RQL query? (Choose three.) protocol=’TCP’ AND dest.port IN (21,23,80) AND source.publicnetwork IN ( ‘Internet IPs’ , ‘Suspicious IPs’ ) HTTP Telnet SSH HTTPS FTP

A

HTTP Telnet FTP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Which parameter can you use in RQL to look at a field that Prisma Cloud does not parse? config.external json.value json.rule config.internal

A

json.rule

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Which of the following is not a Prisma Cloud policy category? Config Network Anomaly Audit Event

A

Network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Which two Prisma Cloud policy categories allow you to be reactive, but not proactive? (Choose two.) Config Network Anomaly Audit Event User Activity

A

Network Audit Event

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

What is the alert state after the next scan when Prisma Cloud detects that excessive access was allowed to an AWS S3 bucket? Open Resolved Closed Deleted

A

Resolved

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Which two alert states would be used by an administrator that is trying to hide the alerts caused by their actions? (Choose two.) Open Resolved Snoozed Dismissed Closed

A

Resolved Snoozed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Which option shows the targets that an alert rule-checks? policies users cloud accounts account groups

A

account groups

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Which request type do web hooks use? GET POST PUT ALERT

A

POST

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Which two integrations can send alerts to a system that is behind dynamic source-address translation? (Choose two.) Tenable Webhooks Email Qualys Slack

A

Tenable, Qualys

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

How should an administrator respond to an alert opened at 2 a.m. and resolved at 4 a.m? Verify the Alert log file to gather additional information to investigate the occurrence in detail. Investigate further. Somebody may have disabled a safeguard at 2 a.m., committed a crime, and re-enabled it at 4 a.m. to avoid detection. Evidence of malware is clear. The administrator must shut down the system in which it occurred. Document the incident. If it happens multiple times it needs to be investigated.

A

Investigate further. Somebody may have disabled a safeguard at 2 a.m., committed a crime, and re-enabled it at 4 a.m. to avoid detection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

An alarm resulted from device A connecting to device B. Which device should you investigate first? Device A Device B The network firewalls The device that contains more valuable information

A

Device A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

In which format are alert details provided to accepting systems? XML JSON CSV HTTP

A

XML

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

Which is not a field in the alert notification? accountName policyLabels riskLevel alertRemediationCli

A

riskLevel

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

What does this query mean on GCP? api.name=’gcloud-sql-instances-list’ and json.rule = ‘settings.ipConfiguration.requireSsl is true’. list instances where SSL is configured list instances where SSL is not configured list SQL instances where SSL is configured list SQL instances where SSL is not configured

A

list SQL instances where SSL is configured

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

This query looks for which type of S3 buckets with rules? api.name=’aws-s3api-get-bucket-acl’ AND json.rule=”(acl.grants[?(@.grantee==’AllUsers’)] size> 0)”. allow access to all users deny access to all users allow access to some external users deny access to some external users

A

Allow access to all users

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

You suspect that the desktop at IP 6.6.6.6 has malware. Which event query will show whether malware performed any cloud activity on your instances? event where sourceIP IN ( 6.6.6.6 ) event where ip IN ( 6.6.6.6 ) event where inetIP IN ( 6.6.6.6 ) event where adminIP IN ( 6.6.6.6 )

A

event where ip IN ( 6.6.6.6 )

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

You type this query: event where user = ‘root’. Where would the events you see originate? AWS Azure GCP Google Cloud

A

AWS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

You suspect that the desktop at 6.6.6.6 has malware. Which two queries will show whether it contacted any suspicious IPs? (Choose two.) network where source.ip = 6.6.6.6 AND dest.publicnetwork = ‘Suspicious IPs’ network where source.ip = 6.6.6.6 AND dest.ip IN (‘Suspicious IPs’) network where source.publicnetwork = ‘Suspicious IPs’ AND dest.ip = 6.6.6.6 network where source.ip = ‘Suspicious IPs’ AND dest.ip = 6.6.6.6 network where source.ip = 6.6.6.6 OR dest.ip = 6.6.6.6

A

network where source.ip = 6.6.6.6 AND dest.publicnetwork = ‘Suspicious IPs’ network where source.publicnetwork = ‘Suspicious IPs’ AND dest.ip = 6.6.6.6

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

Which traffic will the following query identify? dest.resource IN ( resource where virtualnetwork.name != ‘default’ ) IP addresses of resources that are in the virtual network default IP addresses of resources that are not in the virtual network default traffic events where the destination is in the virtual network default traffic events where the destination is not in the virtual network default

A

traffic events where the destination is not in the virtual network default

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

What is a valid anomaly type? too many login attempts impossible time travel new device excessive login failures

A

impossible time travel

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

Which is a valid anomaly type for a device? digital fingerprint retinal scan MAC address IP address

A

digital fingerprint

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

In a Prisma Cloud asset inventory, which is not an option for the Assets by Classification widget? Cloud Type (AWK, Alibaba Cloud, GCP, Azure) Asset Type (Instance, Network, Database, etc.) Account Name Region

A

Asset Type (Instance, Network, Database, etc.)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

Which two criteria can be used to filter the asset inventory? (Choose two.) Resource Type CIDR Network Block Resource Name Standard IP Type (Internal vs. External)

A

Resource Type Standard

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

Which two template types are supported by build rules? (Choose two.) JavaScript CloudFormation Bash scripts with configuration commands Terraform XML

A

CloudFormation Terraform

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

Which type of query do you use to validate that a build policy is being followed? SQL query JavaScript code to calculate the answer RQL JSON query

A

JSON query

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

Your auditor wants a weekly report of how compliant you were with SOC 2. Can you do it, and if so how? No. You can get only current compliance. You can automate it from the web interface. Do a GET https://api.prismacloud.io/compliance/posture?timeType=relative&timeAmount=< >&timeUnit=week&policy.complianceStandard=SOC%202, loop on <> Do a GET https://api.prismacloud.io/compliance/SOC 2?timeType=relative&timeAmount=<>_weeks, loop on <>

A

Do a GET https://api.prismacloud.io/compliance/posture?timeType=relative&timeAmount=< >&timeUnit=week&policy.complianceStandard=SOC%202, loop on <>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

How can you delete Audit log entries older than a year? Audit log entries are not under administrator control. You can do it from the web interface. Do a DELETE https://api.prismacloud.io/audit/redlock?timeType=relative&timeAmount=1&time Unit=year Do a DELETE https://api.prismacloud.io/audit/redlock?timeType=absolute&time=<>

A

Audit log entries are not under administrator control.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

Which format do you use with a config search? RQL SQL JSON query XML query

A

RQL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

Which HTTP method do you use with an event search? GET PUT POST HEAD

A

POST

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

Which of these is not a tab in the registry details for a Docker image? Layers Process Info Network Connections Packages

A

Network Connections

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

Which vulnerability rule policy does not make sense? Alert threshold Low, Block threshold: Medium Alert threshold Low, Block threshold: High Alert threshold Medium, Block threshold: Low Alert threshold Low, Block threshold: Medium

A

Alert threshold Medium, Block threshold: Low

57
Q

What are three ways to limit the applicability of a vulnerability rule? (Choose three.) scope (containers, images, etc.) operating system (Linux vs. Windows) cloud environment (AWS vs. Azure vs. GCP) exceptions to the rule by CVEs and/or tags apply the rule only if there is a vendor fix

A

scope (containers, images, etc.) exceptions to the rule by CVEs and/or tags apply the rule only if there is a vendor fix

58
Q

Which type of virtual machine can Prisma Cloud scan without running an agent on it?

Amazon Machine Image (AMI) running Linux Amazon Machine Image (AMI) running Linux or Windows Any VM image on the three major cloud providers (AWS, Azure, and GCP) running Linux Any VM image on the three major cloud providers (AWS, Azure, and GCP) running Windows

A

Amazon Machine Image (AMI) running Linux

59
Q

How can Prisma Cloud Compute detect vulnerabilities in software installed directly rather than through a package manager? It uses the MD5 Hash Generator of the executables to know what is running. Some apps are so popular that they are supported if you activate unpackaged scan in the web interface. Some apps are so popular that they are supported. This action is activated automatically. It uses the MD5 of executables to know what is running.

A

Some apps are so popular that they are supported. This action is activated automatically

60
Q

Which image vulnerability policy field is not available in Host Vulnerability policies? Alert threshold Block threshold Apply rule only when vendor fixes are available Exceptions

A

Block threshold

61
Q

Which two criteria can you use for exceptions in a Host Vulnerability policy? (Choose two.) CVE ID Console OS version Is there a vendor fix available? Severity Tag

A

CVE ID Tag

62
Q

If a Docker image raises a high-severity compliance concern, what is the first digit of the compliance ID? 2 3 4 5

A

4

63
Q

If a Docker container raises a medium-severity compliance concern, what is the first digit of the compliance ID? 2 3 4 5

A

5

64
Q

Which is not a valid action for a Docker compliance rule? Ignore Alert Remediate Block

A

Remediate

65
Q

Which three criteria can be used to restrict the scope of a container and image-compliance rule? (Choose three.) Container name Image name Tag Cloud type (AWS, Azure, and/or GCP) Label

A

Container name Image name Label

66
Q

Which is not a compliance template that can be used for a Container Compliance policy? GDPR ISO 27001 PCI HIPAA

A

ISO 27001

67
Q

Which category and type identify the compliance problem described in the following statement? “While the system administrator can establish secure permissions for users’ home directories, the users can easily override these.” Windows, host Linux, host Docker, daemon config Apache, daemon config

A

Linux, host Linux has easier access to a privileged command line interface

68
Q

Which entity creates the host compliance policies that Prisma Cloud checks? Palo Alto Networks research department Center for Internet Security Committee for Information Safety National Institute of Standards and Technology

A

Center for Internet Security

69
Q

Which two fields can be used to limit the scope of a host compliance rule? (Choose two.) Operating system Tag Account ID Host name Project ID

A

Account ID Host name

70
Q

If you keep the default policy, what action is performed on each severity level? Low: Ignore, Medium: Alert, High: Alert, Critical: Block Low: Ignore, Medium: Alert, High: Alert, Critical: Alert Low: Ignore, Medium: Ignore, High: Alert, Critical: Block Low: Ignore, Medium: Ignore, High: Alert, Critical: Alert

A

Low: Ignore, Medium: Ignore, High: Alert, Critical: Alert

71
Q

An application has five hosts that run 30 Docker containers based on 10 images. What is the total number of container models in the application? 5 10 20 30

A

10

72
Q

Which is not a tab in the container model? Process Networking File System Memory

A

Memory

73
Q

Which tab does not have a Prevent effect in a container runtime rule? Processes Networking File system Operations

A

Networking

74
Q

Which container-runtime effect applies to a single action rather than to an entire container? Alert Prevent Block Delete

A

prevent

75
Q

Which Docker storage driver does not support Prevent effects? devicemapper overlay2 aufs virtualmapper

A

aufs

76
Q

When does Prisma Cloud Compute gather forensic information about containers? all the time at the time of a breach at the time of a breach and for a short time afterward at the time of the breach and for 10 minutes

A

all the time

77
Q

Which time period is covered by the forensic information sent to the console? all the time the time of a breach and a short period before it the time of a breach and a short period afterward a short period before the time of a breach and a short period afterward

A

a short period before the time of a breach and a short period afterward

78
Q

In Prisma Cloud Compute, which three languages can have their packages scanned for vulnerabilities in serverless? (Choose five.) JavaScript (Node.js) Go C# Rust Python Java

A

JavaScript (Node.js) Go C# Python Java

79
Q

Which component of Prisma Cloud Compute scans serverless functions for vulnerabilities? Container Defenders the Console Serverless Defenders Network Defenders

A

the Console

80
Q

Which permission does Prisma Cloud Compute need to have to scan AWS Lambda functions? AWSLambdaShortAccess AWSLambdaRole AWSLambdaReadOnlyAccess AWSLambdaFullAccess

A

AWSLambdaReadOnlyAccess

81
Q

What two scope restrictions can a serverless vulnerability policy have? (Choose two.) Runtimes Functions Cloud Platforms Account IDs Trigger Types

A

Functions Trigger Types

82
Q

Which two effects can an exception to a Vulnerability policy rule have? (Choose two.) Disable Ignore Alert Prevent Block

A

Ignore Alert

83
Q

In Prisma Cloud Compute, which two languages are not supported for the serverless Defender? (Choose two.) JavaScript (Node.js) Go C# Rust

A

Go Rust

84
Q

How do you add a serverless Defender to a GCP cloud function? Use serverless Defender on AWS Lambda. Add code to the serverless function. Add a layer to the serverless configuration. Add a layer to the serverless function.

A

Add code to the serverless function.

85
Q

What type of event do you need to log for DLP to work? Read Write Upload Download

A

Write

86
Q

Which cloud service can use DLP? AWS S3 Azure Blob Google Cloud Google Cloud Messaging

A

AWS S3

87
Q

How does Prisma Cloud get information about new files that need to be checked for DLP? AWS SNS Link Azure Event Grid Google Messaging HTTP to a Prisma Cloud web hook

A

AWS SNS

88
Q

What does Forward-only scanning mean? scan only files going in the forward direction from the organization being protected to the rest of the world scan only files going in the forward direction from the rest of the world to the organization being protected scan only files forward in time, new files being uploaded to the storage service scan only files forward in time, previous seen files being uploaded to the storage service

A

scan only files forward in time, new files being uploaded to the storage service

89
Q

Which extensions is supported for malware scanning? .exe .jar .tar Msi

A

.exe

90
Q

What is not an exposure level that would apply to a storage bucket? Public Partial Conditional Private

A

Partial

91
Q

Which option is a PII data pattern? Bank – Bankruptcy Fillings Driver License – Estonia Credit card number Health – DEA

A

Driver License – Estonia

92
Q

What is the recommended bucket time-to-live (TTL) in the CloudTrail bucket? one day five days one month five months

A

one month

93
Q

Which protocol or protocols does the Cloud Native Application Firewall (CNAF) process? LDAP SSL SSH HTTP

A

HTTP

94
Q

Which is not a valid action in a CNAF rule? (CNAF now known as WAAS) Disable Log Alert Prevent

A

Log

95
Q

Which cloud service can consume CloudFormation configuration files? AWS Azure Google Storage GCP

A

AWS

96
Q

In which type of template does .prismaCloud/config.yml have a variable_files setting? Terraform CloudFormation CloudField Kubernetes

A

Terraform

97
Q

Which two integrations integrate with an IDE? (Choose two.) Jenkins AWS DevOps Visual Studio Code Azure DevOps IntelliJ IDEA

A

Visual Studio Code IntelliJ IDEA

98
Q

Which two integrations integrate with source code management software? (Choose two.) GitHub GitLab CircleCI IntelliJ IDEA Jenkins

A

GitHub GitLab

99
Q

Which type of software does not have integrations with Prism Cloud to manage IaC? CI/CD SCM Compiler IDE

A

Compiler

100
Q

Which HTTP method is used to request the scan results for a Terraform template? GET POST PUT DELETE

A

GET

101
Q

What is the content-type value use to scan a single YAML CloudFormation template file? text/plain text/x-yaml application/yaml application/plain

A

text/plain

102
Q

The OOTB policy to verify that versioning is turned on in AWS S3 buckets is applied to which two code options? (Choose two.) CloudFormation Terraform CloudField Kubernetes

A

CloudFormation Terraform

103
Q

The OOTB policy to verify that versioning is turned on in GCP Storage log buckets is applied to which code option? CloudFormation Terraform CloudField Kubernetes

A

Terraform

104
Q

Which type of query do you use in an IaC build policy? JSON YAML RQL SQL

A

JSON

105
Q

What does the expression $.resource[*] mean? the value of the resource field of the root object the number of items inside the resource field of the root object all the keys inside the resource field of the root object all the values inside the resource field of the root object

A

all the values inside the resource field of the root object

106
Q

Which CI/CD software communicates with Prisma Cloud Compute to request scans of new container images? Jenkins Maven Freestyle Malware

A

Jenkins

107
Q

Which kind of relationship is allowed between the Console release and the Jenkins plugin release? The Jenkins plugin can be the same release as the Console or newer. The Jenkins plugin and the Console must be the same release. The Console can be the same release as the Jenkins release or newer. Any version of the Jenkins plugin works with any version of the Console.

A

The Jenkins plugin and the Console must be the same release.

108
Q

xxxxx

  1. xxxxx
  2. xxxxx
  3. xxxxx
  4. xxxxx
A

You configure the console identity and authentication on Jenkins.

109
Q

What is the return code of twistcli if the image passes the test? -1 0 1 2

A

0

110
Q

At what point does a twistcli scan check the image? before the image is created after the image is created after the image is deployed before the image is created

A

after the image is created

111
Q

Which two policy types are valid for CI, before the image is deployed? (Choose two.) Compliance Network Event Vulnerability Audit Access

A

Compliance Vulnerability

112
Q

What is the earliest stage of the toolchain where Prisma Cloud Compute can protect you? Coding Building Testing Deploying

A

Building

113
Q

Which option shows the types of cloud accounts supported by Prisma Cloud? AWS and Azure AWS, Azure, and GCP AWS, Azure, GCP, and Alibaba AWS, Azure, GCP, Alibaba, and IBM Cloud

A

AWS, Azure, GCP, and Alibaba

114
Q

Which two modes are supported to secure cloud accounts? (Choose two.) Read only Observe Monitor Observe & Prevent Monitor & Protect

A

Monitor Monitor & Protect

115
Q

What is the relationship between cloud accounts and account groups? One to one. Each account group has exactly one cloud account. One to many. Each account group has multiple cloud accounts, but a cloud account can be in only one group. One to many. Each account has multiple accounts groups, but a group can include at most one account. Many to many. Each account can be a member of multiple account groups, and each group can contain multiple accounts.

A

Many to many. Each account can be a member of multiple account groups, and each group can contain multiple accounts.

116
Q

What are the two ways in which account groups are used? (Choose two.) Prisma Cloud > Compliance, to see the compliance status of a specific group Prisma Cloud > Policies, to specify on which accounts groups Prisma Cloud can use auto remediation for each policy Prisma Cloud Compute > Radar (one of the options to color different containers and serverless functions is by account group) Prisma Cloud Compute > Defend > Vulnerabilities; you can ask to get a report of all the vulnerabilities of a specific account group in the security roles, to permit users to access only specific account groups

A

in the security roles, to permit users to access only specific account groups

117
Q

An administrator has a Prisma Cloud role of Account Group Admin. What is the administrator’s role in Prisma Cloud Compute? also Account Group Admin because they use the same roles Auditor DevSecOps User Defender Manager

A

Auditor

118
Q

Which two actions are permitted for Cloud Provisioning Admins? (Choose two.) View SSO Settings Deploy new Prisma Cloud Compute Defenders View Alerts View Policy View Prisma Cloud account details

A

Deploy new Prisma Cloud Compute Defenders View Prisma Cloud account details

119
Q

Which role in Prisma Cloud Compute do you give a team lead from development permission to see only continuous integration reports? CI User DevOps User DevSecOps User Auditor

A

DevOps User

120
Q

An employee from Operations who works the night shift needs to be able to see everything in case of problems but should not be able to change anything. Which role do you assign in Prisma Cloud Compute? CI User DevOps User DevSecOps User Auditor

A

Auditor

121
Q

Which type of Defender installation do you need for an admission controller? Single Defender DaemonSet Swarm Multiple Defender DaemonSet

A

DaemonSet

122
Q

Which is the name of the file you apply to Kubernetes to install OPA? admin_ctrl.yaml opa.yaml webhook.yaml opa.json

A

webhook.yaml

123
Q

What is the Rego expression to select only nginx images? input.request.object.spec.containers[_].image input.request.object.spec.containers[*].image input.request.object.containers[_].image input.request.object.containers[*].image

A

input.request.object.spec.containers[_].image

124
Q

Which three operations are supported in OPA policies? (Choose three.) CREATE READ MODIFY UPDATE CONNECT

A

CREATE UPDATE CONNECT

125
Q

Users connect to the Console through app.prismacloud.io. Which Audit log has the IP of the user that connected to it? Prisma Cloud Prisma Cloud Compute Prisma Cloud Log Prisma Cloud Compute Log

A

Prisma Cloud

126
Q

Where is the Defender log file located? on the Console /var/lib/twistlock/log/defender.log /usr/lib/twistlock/log/defender.log /etc/lib/twistlock/log/defender.log

A

/var/lib/twistlock/log/defender.log

127
Q

Which two values are legitimate entries in an anomaly trusted list? (Choose two.) 10.0.0.0/8 2.2.2.2/16 8.8.8.8 joe@prismacloud.io 172.16.1.1/32

A

10.0.0.0/8 172.16.1.1/32

128
Q

Which three criteria can be used to limit the applicability of an anomaly trusted list? (Choose three.) Anomaly policy type(s) Account ID VPC (Link) Subnet DNS Domain

A

Anomaly policy type(s) Account ID VPC

129
Q

What is the maximum idle timeout without using a custom value? minutes (Link) hours days months

A

Minutes

130
Q

What is the maximum idle timeout without using a custom value? 30 minutes 45 minutes 60 minutes 120 minutes

A

60 Minutes

131
Q

What can an administrator require when somebody dismisses an alert? Administrators are authorized to dismiss alerts. An administrator can configure the system so administrators must type a reason, but what they type can’t be controlled. Administrators are required to type a reason and require it to be of a certain length. Administrators are always required to type a reason.

A

An administrator can configure the system so administrators must type a reason, but what they type can’t be controlled.

132
Q

Which system can serve as a source of information for Prisma Cloud? Slack Amazon GuardDuty Amazon SQS Jira

A

Amazon GuardDuty

133
Q

Which system can be used to display Prisma Cloud alerts, but not to feed it information? AWS Inspector Tenable Qualys ServiceNow

A

Service Now

134
Q

Where in the user interface do you specify integrations for Prisma Cloud to alert other products? Settings > Integrations Manage > Alerts Prisma Cloud Settings > Integrations Prisma Cloud Manage > Alerts

A

Prisma Cloud Settings > Integrations

135
Q

Where do you configure outbound notifications for CNAF? Settings > Integrations Manage > Alerts (Console Link) Prisma Cloud Settings > Integrations Manage > CNAF > Alerts

A

Manage>Alerts

136
Q

You want to test an alert channel using /api/v1/alert-profiles/test. Which format should you use? GET JSON YAML Python

A

JSON

137
Q

Which command will start an images scan? GET /images/scan POST /images/scan GET /results/images/download POST /results/images/download

A

POST /images/scan

138
Q

Which command will get the results of a container scan? GET /results/containers/download POST /results/containers/download GET /containers/download POST /containers/download

A

GET/containers/download

Palo Alto Networks PCCSE (2 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions