PANW PCCSE Practice Questions Flashcards
Which registry do you use to download the Prisma Cloud Compute Defender image?
registry. redlock.com
registry. twistlock.com
registry. prisma.com
registry. paloaltonetworks.com
registry.twistlock.com
What is a valid tag for a Prisma Cloud Compute Docker image?
defender_20.04.177
defender.20.04.177
defender_20_04_177
defender-20-04-177
defender_20_04_177
An organization that uses a private cloud in a black site that has no internet connection can use which product?
Google Cloud AWS S3 Management. Prisma Cloud Compute Prisma Cloud
Prisma Cloud Compute
In Prisma Cloud Compute, what is the default HTTPS port for the Console? 443 8083 8443 9443
8083
What is the name of the configuration file that controls a Onebox configuration? twistlock.cfg twistlock.json redlock.cfg redlock.json
twistlock.cfg
In which format does the twistcli create the configuration file for the Console when using Kubernetes? JSON YAML XML CSV
YAML
What are the two external items that need to be deployed in Kubernetes together with a console? (Choose two.) a database (DB) to store the console’s state a load balancer, which is used to expose the console to the network an ephemeral volume (EV) for the console’s temporary data a Kubernetes authorization engine to make sure only authorized administrators use the console a persistent volume (PV) to store the console’s state
a load balancer, which is used to expose the console to the network a persistent volume (PV) to store the console’s state
What is the procedure to upgrade a non-SaaS Prisma Cloud Compute implementation? manually upgrade the console, then manually upgrade the Defenders manually upgrade the Defenders, then manually upgrade the console manually upgrade the console, which then automatically upgrades the Defenders manually upgrade both the console and Defenders in any order
manually upgrade the console, which then automatically upgrades the Defenders
Which command do you use to upgrade the console in Kubernetes? kubectl apply -f twistlock_console.yaml kubectl upgrade -f twistlock_console.yaml twistcli apply -f kubectl.yaml twiscli upgrade -f kuberctl.yaml
kubectl apply -f twistlock_console.yaml
Which command do you use to install a container Defender on Linux? rpm apt install either rpm or apt install, depending on the Linux distribution curl
curl
How does the Docker Defender receive information from the console? Pull, the Docker Defender connects to the console using TCP to ask for the information. Pull, the Docker Defender connects to the console using UDP to ask for the information. Push, the Docker Defender listens on a TCP port to receive information from the console. Push, the Docker Defender listens on a UDP port to receive information from the console.
Pull, the Docker Defender connects to the console using TCP to ask for the information.
The TCP listener setting in a Docker Defender running on Linux allows the Defender to function as what? a firewall a Docker proxy an SSH proxy an HTTP proxy
a Docker proxy
Where do you install the Docker Defender? on the hosts that run the Docker containers of the application on the images that become the Docker containers of the application on the Docker containers that implement the application on both the hosts and the images
on the hosts that run the Docker containers of the application
How do you deploy a host Defender on Windows? Download an .msi package using the browser. Run the provided command line using the old (cmd.exe) shell. Run the provided command line using PowerShell. Download an .exe command package using the browser.
Run the provided command line using PowerShell.
Which two versions of Windows support the host Defender? (Choose two.) Windows 10 Windows 2016 Windows 2017 Windows 2019
Windows 2016 Windows 2019
Which version of Windows supports the host Defenders runtime defense functionality? Windows 10 Windows 2016 Windows 2017 Windows 2019
Windows 2019
Which serverless platform is supported by the serverless layer deployment type? AWS Lambda GCP Cloud GCP On-Premises Azure
AWS Lambda
Which three runtimes are supported by the serverless Defender? (Choose four.) PowerShell Ruby Node.js C# Python
Ruby Node.js C# Python
Which three serverless platforms are supported by the serverless embedded deployment type? (Choose three.) AWS Lambda GCP Cloud Functions GCP On-Premises Azure Functions Google App Engine
AWS Lambda GCP Cloud Functions Azure Functions
Where do you install an app-embedded Defender? on the hosts that run the Docker containers of the application on the images that become the Docker containers of the application on the Docker containers that implement the application on both the hosts and the images
on the images that become the Docker containers of the application
Which option is not a way to deploy an app-embedded Defender? (Check console) Fargate Dockerfile Shell script manual
Shell script
How do alerts propagate from the Defenders to the Console in Kubernetes? (Check diagram) Pull, the console connects to port 8083 on the Defender. Pull, the console connects to port 8084 on the Defender. Push, the Defender connects to port 8083 on the console. Push, the Defender connects to port 8084 on the console.
Push, the Defender connects to port 8084 on the console.
What is the usual order of upgrades if you use a self-hosted console in Prisma Cloud Compute? The console identifies that there’s a new version, upgrades itself automatically, and then upgrades the Defenders automatically. The console identifies that there’s a new version and upgrades itself automatically. You then upgrade the Defenders manually during a scheduled maintenance window. You upgrade the console manually, and then it upgrades the Defenders automatically. You upgrade both the console and Defenders manually.
You upgrade the console manually, and then it upgrades the Defenders automatically.
Can Defender upgrades be restricted to a specific window of time? No. Upgrades happen automatically. However, those upgrades do not cause downtime. You can disable auto-upgrade, but then you can’t upgrade the Defenders. You need to uninstall and reinstall them for the upgrade. You can disable auto-upgrade, and then upgrade the Defenders during the window from the web-based interface. You can specify the maintenance window in the console, and then Defender upgrades will happen only during that time.
You can disable auto-upgrade, and then upgrade the Defenders during the window from the web-based interface.