PANW PCCSE Practice Questions Flashcards
Which registry do you use to download the Prisma Cloud Compute Defender image?
registry. redlock.com
registry. twistlock.com
registry. prisma.com
registry. paloaltonetworks.com
registry.twistlock.com
What is a valid tag for a Prisma Cloud Compute Docker image?
defender_20.04.177
defender.20.04.177
defender_20_04_177
defender-20-04-177
defender_20_04_177
An organization that uses a private cloud in a black site that has no internet connection can use which product?
Google Cloud AWS S3 Management. Prisma Cloud Compute Prisma Cloud
Prisma Cloud Compute
In Prisma Cloud Compute, what is the default HTTPS port for the Console? 443 8083 8443 9443
8083
What is the name of the configuration file that controls a Onebox configuration? twistlock.cfg twistlock.json redlock.cfg redlock.json
twistlock.cfg
In which format does the twistcli create the configuration file for the Console when using Kubernetes? JSON YAML XML CSV
YAML
What are the two external items that need to be deployed in Kubernetes together with a console? (Choose two.) a database (DB) to store the console’s state a load balancer, which is used to expose the console to the network an ephemeral volume (EV) for the console’s temporary data a Kubernetes authorization engine to make sure only authorized administrators use the console a persistent volume (PV) to store the console’s state
a load balancer, which is used to expose the console to the network a persistent volume (PV) to store the console’s state
What is the procedure to upgrade a non-SaaS Prisma Cloud Compute implementation? manually upgrade the console, then manually upgrade the Defenders manually upgrade the Defenders, then manually upgrade the console manually upgrade the console, which then automatically upgrades the Defenders manually upgrade both the console and Defenders in any order
manually upgrade the console, which then automatically upgrades the Defenders
Which command do you use to upgrade the console in Kubernetes? kubectl apply -f twistlock_console.yaml kubectl upgrade -f twistlock_console.yaml twistcli apply -f kubectl.yaml twiscli upgrade -f kuberctl.yaml
kubectl apply -f twistlock_console.yaml
Which command do you use to install a container Defender on Linux? rpm apt install either rpm or apt install, depending on the Linux distribution curl
curl
How does the Docker Defender receive information from the console? Pull, the Docker Defender connects to the console using TCP to ask for the information. Pull, the Docker Defender connects to the console using UDP to ask for the information. Push, the Docker Defender listens on a TCP port to receive information from the console. Push, the Docker Defender listens on a UDP port to receive information from the console.
Pull, the Docker Defender connects to the console using TCP to ask for the information.
The TCP listener setting in a Docker Defender running on Linux allows the Defender to function as what? a firewall a Docker proxy an SSH proxy an HTTP proxy
a Docker proxy
Where do you install the Docker Defender? on the hosts that run the Docker containers of the application on the images that become the Docker containers of the application on the Docker containers that implement the application on both the hosts and the images
on the hosts that run the Docker containers of the application
How do you deploy a host Defender on Windows? Download an .msi package using the browser. Run the provided command line using the old (cmd.exe) shell. Run the provided command line using PowerShell. Download an .exe command package using the browser.
Run the provided command line using PowerShell.
Which two versions of Windows support the host Defender? (Choose two.) Windows 10 Windows 2016 Windows 2017 Windows 2019
Windows 2016 Windows 2019
Which version of Windows supports the host Defenders runtime defense functionality? Windows 10 Windows 2016 Windows 2017 Windows 2019
Windows 2019
Which serverless platform is supported by the serverless layer deployment type? AWS Lambda GCP Cloud GCP On-Premises Azure
AWS Lambda
Which three runtimes are supported by the serverless Defender? (Choose four.) PowerShell Ruby Node.js C# Python
Ruby Node.js C# Python
Which three serverless platforms are supported by the serverless embedded deployment type? (Choose three.) AWS Lambda GCP Cloud Functions GCP On-Premises Azure Functions Google App Engine
AWS Lambda GCP Cloud Functions Azure Functions
Where do you install an app-embedded Defender? on the hosts that run the Docker containers of the application on the images that become the Docker containers of the application on the Docker containers that implement the application on both the hosts and the images
on the images that become the Docker containers of the application
Which option is not a way to deploy an app-embedded Defender? (Check console) Fargate Dockerfile Shell script manual
Shell script
How do alerts propagate from the Defenders to the Console in Kubernetes? (Check diagram) Pull, the console connects to port 8083 on the Defender. Pull, the console connects to port 8084 on the Defender. Push, the Defender connects to port 8083 on the console. Push, the Defender connects to port 8084 on the console.
Push, the Defender connects to port 8084 on the console.
What is the usual order of upgrades if you use a self-hosted console in Prisma Cloud Compute? The console identifies that there’s a new version, upgrades itself automatically, and then upgrades the Defenders automatically. The console identifies that there’s a new version and upgrades itself automatically. You then upgrade the Defenders manually during a scheduled maintenance window. You upgrade the console manually, and then it upgrades the Defenders automatically. You upgrade both the console and Defenders manually.
You upgrade the console manually, and then it upgrades the Defenders automatically.
Can Defender upgrades be restricted to a specific window of time? No. Upgrades happen automatically. However, those upgrades do not cause downtime. You can disable auto-upgrade, but then you can’t upgrade the Defenders. You need to uninstall and reinstall them for the upgrade. You can disable auto-upgrade, and then upgrade the Defenders during the window from the web-based interface. You can specify the maintenance window in the console, and then Defender upgrades will happen only during that time.
You can disable auto-upgrade, and then upgrade the Defenders during the window from the web-based interface.
How many queries can a policy include? How many standards? one query, one standard one query, multiple standards multiple queries, one standard multiple queries, multiple standards
one query, multiple standards
Which three protocols are identified by the following RQL query? (Choose three.) protocol=’TCP’ AND dest.port IN (21,23,80) AND source.publicnetwork IN ( ‘Internet IPs’ , ‘Suspicious IPs’ ) HTTP Telnet SSH HTTPS FTP
HTTP Telnet FTP
Which parameter can you use in RQL to look at a field that Prisma Cloud does not parse? config.external json.value json.rule config.internal
json.rule
Which of the following is not a Prisma Cloud policy category? Config Network Anomaly Audit Event
Network
Which two Prisma Cloud policy categories allow you to be reactive, but not proactive? (Choose two.) Config Network Anomaly Audit Event User Activity
Network Audit Event
What is the alert state after the next scan when Prisma Cloud detects that excessive access was allowed to an AWS S3 bucket? Open Resolved Closed Deleted
Resolved
Which two alert states would be used by an administrator that is trying to hide the alerts caused by their actions? (Choose two.) Open Resolved Snoozed Dismissed Closed
Resolved Snoozed
Which option shows the targets that an alert rule-checks? policies users cloud accounts account groups
account groups
Which request type do web hooks use? GET POST PUT ALERT
POST
Which two integrations can send alerts to a system that is behind dynamic source-address translation? (Choose two.) Tenable Webhooks Email Qualys Slack
Tenable, Qualys
How should an administrator respond to an alert opened at 2 a.m. and resolved at 4 a.m? Verify the Alert log file to gather additional information to investigate the occurrence in detail. Investigate further. Somebody may have disabled a safeguard at 2 a.m., committed a crime, and re-enabled it at 4 a.m. to avoid detection. Evidence of malware is clear. The administrator must shut down the system in which it occurred. Document the incident. If it happens multiple times it needs to be investigated.
Investigate further. Somebody may have disabled a safeguard at 2 a.m., committed a crime, and re-enabled it at 4 a.m. to avoid detection.
An alarm resulted from device A connecting to device B. Which device should you investigate first? Device A Device B The network firewalls The device that contains more valuable information
Device A
In which format are alert details provided to accepting systems? XML JSON CSV HTTP
XML
Which is not a field in the alert notification? accountName policyLabels riskLevel alertRemediationCli
riskLevel
What does this query mean on GCP? api.name=’gcloud-sql-instances-list’ and json.rule = ‘settings.ipConfiguration.requireSsl is true’. list instances where SSL is configured list instances where SSL is not configured list SQL instances where SSL is configured list SQL instances where SSL is not configured
list SQL instances where SSL is configured
This query looks for which type of S3 buckets with rules? api.name=’aws-s3api-get-bucket-acl’ AND json.rule=”(acl.grants[?(@.grantee==’AllUsers’)] size> 0)”. allow access to all users deny access to all users allow access to some external users deny access to some external users
Allow access to all users
You suspect that the desktop at IP 6.6.6.6 has malware. Which event query will show whether malware performed any cloud activity on your instances? event where sourceIP IN ( 6.6.6.6 ) event where ip IN ( 6.6.6.6 ) event where inetIP IN ( 6.6.6.6 ) event where adminIP IN ( 6.6.6.6 )
event where ip IN ( 6.6.6.6 )
You type this query: event where user = ‘root’. Where would the events you see originate? AWS Azure GCP Google Cloud
AWS
You suspect that the desktop at 6.6.6.6 has malware. Which two queries will show whether it contacted any suspicious IPs? (Choose two.) network where source.ip = 6.6.6.6 AND dest.publicnetwork = ‘Suspicious IPs’ network where source.ip = 6.6.6.6 AND dest.ip IN (‘Suspicious IPs’) network where source.publicnetwork = ‘Suspicious IPs’ AND dest.ip = 6.6.6.6 network where source.ip = ‘Suspicious IPs’ AND dest.ip = 6.6.6.6 network where source.ip = 6.6.6.6 OR dest.ip = 6.6.6.6
network where source.ip = 6.6.6.6 AND dest.publicnetwork = ‘Suspicious IPs’ network where source.publicnetwork = ‘Suspicious IPs’ AND dest.ip = 6.6.6.6
Which traffic will the following query identify? dest.resource IN ( resource where virtualnetwork.name != ‘default’ ) IP addresses of resources that are in the virtual network default IP addresses of resources that are not in the virtual network default traffic events where the destination is in the virtual network default traffic events where the destination is not in the virtual network default
traffic events where the destination is not in the virtual network default
What is a valid anomaly type? too many login attempts impossible time travel new device excessive login failures
impossible time travel
Which is a valid anomaly type for a device? digital fingerprint retinal scan MAC address IP address
digital fingerprint
In a Prisma Cloud asset inventory, which is not an option for the Assets by Classification widget? Cloud Type (AWK, Alibaba Cloud, GCP, Azure) Asset Type (Instance, Network, Database, etc.) Account Name Region
Asset Type (Instance, Network, Database, etc.)
Which two criteria can be used to filter the asset inventory? (Choose two.) Resource Type CIDR Network Block Resource Name Standard IP Type (Internal vs. External)
Resource Type Standard
Which two template types are supported by build rules? (Choose two.) JavaScript CloudFormation Bash scripts with configuration commands Terraform XML
CloudFormation Terraform
Which type of query do you use to validate that a build policy is being followed? SQL query JavaScript code to calculate the answer RQL JSON query
JSON query
Your auditor wants a weekly report of how compliant you were with SOC 2. Can you do it, and if so how? No. You can get only current compliance. You can automate it from the web interface. Do a GET https://api.prismacloud.io/compliance/posture?timeType=relative&timeAmount=< >&timeUnit=week&policy.complianceStandard=SOC%202, loop on <> Do a GET https://api.prismacloud.io/compliance/SOC 2?timeType=relative&timeAmount=<>_weeks, loop on <>
Do a GET https://api.prismacloud.io/compliance/posture?timeType=relative&timeAmount=< >&timeUnit=week&policy.complianceStandard=SOC%202, loop on <>
How can you delete Audit log entries older than a year? Audit log entries are not under administrator control. You can do it from the web interface. Do a DELETE https://api.prismacloud.io/audit/redlock?timeType=relative&timeAmount=1&time Unit=year Do a DELETE https://api.prismacloud.io/audit/redlock?timeType=absolute&time=<>
Audit log entries are not under administrator control.
Which format do you use with a config search? RQL SQL JSON query XML query
RQL
Which HTTP method do you use with an event search? GET PUT POST HEAD
POST
Which of these is not a tab in the registry details for a Docker image? Layers Process Info Network Connections Packages
Network Connections
Which vulnerability rule policy does not make sense? Alert threshold Low, Block threshold: Medium Alert threshold Low, Block threshold: High Alert threshold Medium, Block threshold: Low Alert threshold Low, Block threshold: Medium
Alert threshold Medium, Block threshold: Low
What are three ways to limit the applicability of a vulnerability rule? (Choose three.) scope (containers, images, etc.) operating system (Linux vs. Windows) cloud environment (AWS vs. Azure vs. GCP) exceptions to the rule by CVEs and/or tags apply the rule only if there is a vendor fix
scope (containers, images, etc.) exceptions to the rule by CVEs and/or tags apply the rule only if there is a vendor fix
Which type of virtual machine can Prisma Cloud scan without running an agent on it?
Amazon Machine Image (AMI) running Linux Amazon Machine Image (AMI) running Linux or Windows Any VM image on the three major cloud providers (AWS, Azure, and GCP) running Linux Any VM image on the three major cloud providers (AWS, Azure, and GCP) running Windows
Amazon Machine Image (AMI) running Linux
How can Prisma Cloud Compute detect vulnerabilities in software installed directly rather than through a package manager? It uses the MD5 Hash Generator of the executables to know what is running. Some apps are so popular that they are supported if you activate unpackaged scan in the web interface. Some apps are so popular that they are supported. This action is activated automatically. It uses the MD5 of executables to know what is running.
Some apps are so popular that they are supported. This action is activated automatically
Which image vulnerability policy field is not available in Host Vulnerability policies? Alert threshold Block threshold Apply rule only when vendor fixes are available Exceptions
Block threshold
Which two criteria can you use for exceptions in a Host Vulnerability policy? (Choose two.) CVE ID Console OS version Is there a vendor fix available? Severity Tag
CVE ID Tag
If a Docker image raises a high-severity compliance concern, what is the first digit of the compliance ID? 2 3 4 5
4
If a Docker container raises a medium-severity compliance concern, what is the first digit of the compliance ID? 2 3 4 5
5
Which is not a valid action for a Docker compliance rule? Ignore Alert Remediate Block
Remediate
Which three criteria can be used to restrict the scope of a container and image-compliance rule? (Choose three.) Container name Image name Tag Cloud type (AWS, Azure, and/or GCP) Label
Container name Image name Label
Which is not a compliance template that can be used for a Container Compliance policy? GDPR ISO 27001 PCI HIPAA
ISO 27001
Which category and type identify the compliance problem described in the following statement? “While the system administrator can establish secure permissions for users’ home directories, the users can easily override these.” Windows, host Linux, host Docker, daemon config Apache, daemon config
Linux, host Linux has easier access to a privileged command line interface
Which entity creates the host compliance policies that Prisma Cloud checks? Palo Alto Networks research department Center for Internet Security Committee for Information Safety National Institute of Standards and Technology
Center for Internet Security
Which two fields can be used to limit the scope of a host compliance rule? (Choose two.) Operating system Tag Account ID Host name Project ID
Account ID Host name
If you keep the default policy, what action is performed on each severity level? Low: Ignore, Medium: Alert, High: Alert, Critical: Block Low: Ignore, Medium: Alert, High: Alert, Critical: Alert Low: Ignore, Medium: Ignore, High: Alert, Critical: Block Low: Ignore, Medium: Ignore, High: Alert, Critical: Alert
Low: Ignore, Medium: Ignore, High: Alert, Critical: Alert
An application has five hosts that run 30 Docker containers based on 10 images. What is the total number of container models in the application? 5 10 20 30
10
Which is not a tab in the container model? Process Networking File System Memory
Memory
Which tab does not have a Prevent effect in a container runtime rule? Processes Networking File system Operations
Networking
Which container-runtime effect applies to a single action rather than to an entire container? Alert Prevent Block Delete
prevent
Which Docker storage driver does not support Prevent effects? devicemapper overlay2 aufs virtualmapper
aufs
When does Prisma Cloud Compute gather forensic information about containers? all the time at the time of a breach at the time of a breach and for a short time afterward at the time of the breach and for 10 minutes
all the time
Which time period is covered by the forensic information sent to the console? all the time the time of a breach and a short period before it the time of a breach and a short period afterward a short period before the time of a breach and a short period afterward
a short period before the time of a breach and a short period afterward
In Prisma Cloud Compute, which three languages can have their packages scanned for vulnerabilities in serverless? (Choose five.) JavaScript (Node.js) Go C# Rust Python Java
JavaScript (Node.js) Go C# Python Java
Which component of Prisma Cloud Compute scans serverless functions for vulnerabilities? Container Defenders the Console Serverless Defenders Network Defenders
the Console
Which permission does Prisma Cloud Compute need to have to scan AWS Lambda functions? AWSLambdaShortAccess AWSLambdaRole AWSLambdaReadOnlyAccess AWSLambdaFullAccess
AWSLambdaReadOnlyAccess
What two scope restrictions can a serverless vulnerability policy have? (Choose two.) Runtimes Functions Cloud Platforms Account IDs Trigger Types
Functions Trigger Types
Which two effects can an exception to a Vulnerability policy rule have? (Choose two.) Disable Ignore Alert Prevent Block
Ignore Alert
In Prisma Cloud Compute, which two languages are not supported for the serverless Defender? (Choose two.) JavaScript (Node.js) Go C# Rust
Go Rust
How do you add a serverless Defender to a GCP cloud function? Use serverless Defender on AWS Lambda. Add code to the serverless function. Add a layer to the serverless configuration. Add a layer to the serverless function.
Add code to the serverless function.
What type of event do you need to log for DLP to work? Read Write Upload Download
Write
Which cloud service can use DLP? AWS S3 Azure Blob Google Cloud Google Cloud Messaging
AWS S3
How does Prisma Cloud get information about new files that need to be checked for DLP? AWS SNS Link Azure Event Grid Google Messaging HTTP to a Prisma Cloud web hook
AWS SNS
What does Forward-only scanning mean? scan only files going in the forward direction from the organization being protected to the rest of the world scan only files going in the forward direction from the rest of the world to the organization being protected scan only files forward in time, new files being uploaded to the storage service scan only files forward in time, previous seen files being uploaded to the storage service
scan only files forward in time, new files being uploaded to the storage service
Which extensions is supported for malware scanning? .exe .jar .tar Msi
.exe
What is not an exposure level that would apply to a storage bucket? Public Partial Conditional Private
Partial
Which option is a PII data pattern? Bank – Bankruptcy Fillings Driver License – Estonia Credit card number Health – DEA
Driver License – Estonia
What is the recommended bucket time-to-live (TTL) in the CloudTrail bucket? one day five days one month five months
one month
Which protocol or protocols does the Cloud Native Application Firewall (CNAF) process? LDAP SSL SSH HTTP
HTTP
Which is not a valid action in a CNAF rule? (CNAF now known as WAAS) Disable Log Alert Prevent
Log
Which cloud service can consume CloudFormation configuration files? AWS Azure Google Storage GCP
AWS
In which type of template does .prismaCloud/config.yml have a variable_files setting? Terraform CloudFormation CloudField Kubernetes
Terraform
Which two integrations integrate with an IDE? (Choose two.) Jenkins AWS DevOps Visual Studio Code Azure DevOps IntelliJ IDEA
Visual Studio Code IntelliJ IDEA
Which two integrations integrate with source code management software? (Choose two.) GitHub GitLab CircleCI IntelliJ IDEA Jenkins
GitHub GitLab
Which type of software does not have integrations with Prism Cloud to manage IaC? CI/CD SCM Compiler IDE
Compiler
Which HTTP method is used to request the scan results for a Terraform template? GET POST PUT DELETE
GET
What is the content-type value use to scan a single YAML CloudFormation template file? text/plain text/x-yaml application/yaml application/plain
text/plain
The OOTB policy to verify that versioning is turned on in AWS S3 buckets is applied to which two code options? (Choose two.) CloudFormation Terraform CloudField Kubernetes
CloudFormation Terraform
The OOTB policy to verify that versioning is turned on in GCP Storage log buckets is applied to which code option? CloudFormation Terraform CloudField Kubernetes
Terraform
Which type of query do you use in an IaC build policy? JSON YAML RQL SQL
JSON
What does the expression $.resource[*] mean? the value of the resource field of the root object the number of items inside the resource field of the root object all the keys inside the resource field of the root object all the values inside the resource field of the root object
all the values inside the resource field of the root object
Which CI/CD software communicates with Prisma Cloud Compute to request scans of new container images? Jenkins Maven Freestyle Malware
Jenkins
Which kind of relationship is allowed between the Console release and the Jenkins plugin release? The Jenkins plugin can be the same release as the Console or newer. The Jenkins plugin and the Console must be the same release. The Console can be the same release as the Jenkins release or newer. Any version of the Jenkins plugin works with any version of the Console.
The Jenkins plugin and the Console must be the same release.
xxxxx
- xxxxx
- xxxxx
- xxxxx
- xxxxx
You configure the console identity and authentication on Jenkins.
What is the return code of twistcli if the image passes the test? -1 0 1 2
0
At what point does a twistcli scan check the image? before the image is created after the image is created after the image is deployed before the image is created
after the image is created
Which two policy types are valid for CI, before the image is deployed? (Choose two.) Compliance Network Event Vulnerability Audit Access
Compliance Vulnerability
What is the earliest stage of the toolchain where Prisma Cloud Compute can protect you? Coding Building Testing Deploying
Building
Which option shows the types of cloud accounts supported by Prisma Cloud? AWS and Azure AWS, Azure, and GCP AWS, Azure, GCP, and Alibaba AWS, Azure, GCP, Alibaba, and IBM Cloud
AWS, Azure, GCP, and Alibaba
Which two modes are supported to secure cloud accounts? (Choose two.) Read only Observe Monitor Observe & Prevent Monitor & Protect
Monitor Monitor & Protect
What is the relationship between cloud accounts and account groups? One to one. Each account group has exactly one cloud account. One to many. Each account group has multiple cloud accounts, but a cloud account can be in only one group. One to many. Each account has multiple accounts groups, but a group can include at most one account. Many to many. Each account can be a member of multiple account groups, and each group can contain multiple accounts.
Many to many. Each account can be a member of multiple account groups, and each group can contain multiple accounts.
What are the two ways in which account groups are used? (Choose two.) Prisma Cloud > Compliance, to see the compliance status of a specific group Prisma Cloud > Policies, to specify on which accounts groups Prisma Cloud can use auto remediation for each policy Prisma Cloud Compute > Radar (one of the options to color different containers and serverless functions is by account group) Prisma Cloud Compute > Defend > Vulnerabilities; you can ask to get a report of all the vulnerabilities of a specific account group in the security roles, to permit users to access only specific account groups
in the security roles, to permit users to access only specific account groups
An administrator has a Prisma Cloud role of Account Group Admin. What is the administrator’s role in Prisma Cloud Compute? also Account Group Admin because they use the same roles Auditor DevSecOps User Defender Manager
Auditor
Which two actions are permitted for Cloud Provisioning Admins? (Choose two.) View SSO Settings Deploy new Prisma Cloud Compute Defenders View Alerts View Policy View Prisma Cloud account details
Deploy new Prisma Cloud Compute Defenders View Prisma Cloud account details
Which role in Prisma Cloud Compute do you give a team lead from development permission to see only continuous integration reports? CI User DevOps User DevSecOps User Auditor
DevOps User
An employee from Operations who works the night shift needs to be able to see everything in case of problems but should not be able to change anything. Which role do you assign in Prisma Cloud Compute? CI User DevOps User DevSecOps User Auditor
Auditor
Which type of Defender installation do you need for an admission controller? Single Defender DaemonSet Swarm Multiple Defender DaemonSet
DaemonSet
Which is the name of the file you apply to Kubernetes to install OPA? admin_ctrl.yaml opa.yaml webhook.yaml opa.json
webhook.yaml
What is the Rego expression to select only nginx images? input.request.object.spec.containers[_].image input.request.object.spec.containers[*].image input.request.object.containers[_].image input.request.object.containers[*].image
input.request.object.spec.containers[_].image
Which three operations are supported in OPA policies? (Choose three.) CREATE READ MODIFY UPDATE CONNECT
CREATE UPDATE CONNECT
Users connect to the Console through app.prismacloud.io. Which Audit log has the IP of the user that connected to it? Prisma Cloud Prisma Cloud Compute Prisma Cloud Log Prisma Cloud Compute Log
Prisma Cloud
Where is the Defender log file located? on the Console /var/lib/twistlock/log/defender.log /usr/lib/twistlock/log/defender.log /etc/lib/twistlock/log/defender.log
/var/lib/twistlock/log/defender.log
Which two values are legitimate entries in an anomaly trusted list? (Choose two.) 10.0.0.0/8 2.2.2.2/16 8.8.8.8 joe@prismacloud.io 172.16.1.1/32
10.0.0.0/8 172.16.1.1/32
Which three criteria can be used to limit the applicability of an anomaly trusted list? (Choose three.) Anomaly policy type(s) Account ID VPC (Link) Subnet DNS Domain
Anomaly policy type(s) Account ID VPC
What is the maximum idle timeout without using a custom value? minutes (Link) hours days months
Minutes
What is the maximum idle timeout without using a custom value? 30 minutes 45 minutes 60 minutes 120 minutes
60 Minutes
What can an administrator require when somebody dismisses an alert? Administrators are authorized to dismiss alerts. An administrator can configure the system so administrators must type a reason, but what they type can’t be controlled. Administrators are required to type a reason and require it to be of a certain length. Administrators are always required to type a reason.
An administrator can configure the system so administrators must type a reason, but what they type can’t be controlled.
Which system can serve as a source of information for Prisma Cloud? Slack Amazon GuardDuty Amazon SQS Jira
Amazon GuardDuty
Which system can be used to display Prisma Cloud alerts, but not to feed it information? AWS Inspector Tenable Qualys ServiceNow
Service Now
Where in the user interface do you specify integrations for Prisma Cloud to alert other products? Settings > Integrations Manage > Alerts Prisma Cloud Settings > Integrations Prisma Cloud Manage > Alerts
Prisma Cloud Settings > Integrations
Where do you configure outbound notifications for CNAF? Settings > Integrations Manage > Alerts (Console Link) Prisma Cloud Settings > Integrations Manage > CNAF > Alerts
Manage>Alerts
You want to test an alert channel using /api/v1/alert-profiles/test. Which format should you use? GET JSON YAML Python
JSON
Which command will start an images scan? GET /images/scan POST /images/scan GET /results/images/download POST /results/images/download
POST /images/scan
Which command will get the results of a container scan? GET /results/containers/download POST /results/containers/download GET /containers/download POST /containers/download
GET/containers/download