PANW PCCSE Practice Questions Flashcards by Gary Klimeck

Which registry do you use to download the Prisma Cloud Compute Defender image?

registry. redlock.com
registry. twistlock.com
registry. prisma.com
registry. paloaltonetworks.com

registry.twistlock.com

How well did you know this?

Not at all

Perfectly

What is a valid tag for a Prisma Cloud Compute Docker image?

defender_20.04.177

defender.20.04.177

defender_20_04_177

defender-20-04-177

defender_20_04_177

How well did you know this?

Not at all

Perfectly

An organization that uses a private cloud in a black site that has no internet connection can use which product?

Google Cloud AWS S3 Management. Prisma Cloud Compute Prisma Cloud

Prisma Cloud Compute

How well did you know this?

Not at all

Perfectly

In Prisma Cloud Compute, what is the default HTTPS port for the Console? 443 8083 8443 9443

8083

How well did you know this?

Not at all

Perfectly

What is the name of the configuration file that controls a Onebox configuration? twistlock.cfg twistlock.json redlock.cfg redlock.json

twistlock.cfg

How well did you know this?

Not at all

Perfectly

In which format does the twistcli create the configuration file for the Console when using Kubernetes? JSON YAML XML CSV

YAML

How well did you know this?

Not at all

Perfectly

What are the two external items that need to be deployed in Kubernetes together with a console? (Choose two.) a database (DB) to store the console’s state a load balancer, which is used to expose the console to the network an ephemeral volume (EV) for the console’s temporary data a Kubernetes authorization engine to make sure only authorized administrators use the console a persistent volume (PV) to store the console’s state

a load balancer, which is used to expose the console to the network a persistent volume (PV) to store the console’s state

How well did you know this?

Not at all

Perfectly

What is the procedure to upgrade a non-SaaS Prisma Cloud Compute implementation? manually upgrade the console, then manually upgrade the Defenders manually upgrade the Defenders, then manually upgrade the console manually upgrade the console, which then automatically upgrades the Defenders manually upgrade both the console and Defenders in any order

manually upgrade the console, which then automatically upgrades the Defenders

How well did you know this?

Not at all

Perfectly

Which command do you use to upgrade the console in Kubernetes? kubectl apply -f twistlock_console.yaml kubectl upgrade -f twistlock_console.yaml twistcli apply -f kubectl.yaml twiscli upgrade -f kuberctl.yaml

kubectl apply -f twistlock_console.yaml

How well did you know this?

Not at all

Perfectly

Which command do you use to install a container Defender on Linux? rpm apt install either rpm or apt install, depending on the Linux distribution curl

curl

How well did you know this?

Not at all

Perfectly

How does the Docker Defender receive information from the console? Pull, the Docker Defender connects to the console using TCP to ask for the information. Pull, the Docker Defender connects to the console using UDP to ask for the information. Push, the Docker Defender listens on a TCP port to receive information from the console. Push, the Docker Defender listens on a UDP port to receive information from the console.

Pull, the Docker Defender connects to the console using TCP to ask for the information.

How well did you know this?

Not at all

Perfectly

The TCP listener setting in a Docker Defender running on Linux allows the Defender to function as what? a firewall a Docker proxy an SSH proxy an HTTP proxy

a Docker proxy

How well did you know this?

Not at all

Perfectly

Where do you install the Docker Defender? on the hosts that run the Docker containers of the application on the images that become the Docker containers of the application on the Docker containers that implement the application on both the hosts and the images

on the hosts that run the Docker containers of the application

How well did you know this?

Not at all

Perfectly

How do you deploy a host Defender on Windows? Download an .msi package using the browser. Run the provided command line using the old (cmd.exe) shell. Run the provided command line using PowerShell. Download an .exe command package using the browser.

Run the provided command line using PowerShell.

How well did you know this?

Not at all

Perfectly

Which two versions of Windows support the host Defender? (Choose two.) Windows 10 Windows 2016 Windows 2017 Windows 2019

Windows 2016 Windows 2019

How well did you know this?

Not at all

Perfectly

Which version of Windows supports the host Defenders runtime defense functionality? Windows 10 Windows 2016 Windows 2017 Windows 2019

Windows 2019

How well did you know this?

Not at all

Perfectly

Which serverless platform is supported by the serverless layer deployment type? AWS Lambda GCP Cloud GCP On-Premises Azure

AWS Lambda

How well did you know this?

Not at all

Perfectly

Which three runtimes are supported by the serverless Defender? (Choose four.) PowerShell Ruby Node.js C# Python

Ruby Node.js C# Python

How well did you know this?

Not at all

Perfectly

Which three serverless platforms are supported by the serverless embedded deployment type? (Choose three.) AWS Lambda GCP Cloud Functions GCP On-Premises Azure Functions Google App Engine

AWS Lambda GCP Cloud Functions Azure Functions

How well did you know this?

Not at all

Perfectly

Where do you install an app-embedded Defender? on the hosts that run the Docker containers of the application on the images that become the Docker containers of the application on the Docker containers that implement the application on both the hosts and the images

on the images that become the Docker containers of the application

How well did you know this?

Not at all

Perfectly

Which option is not a way to deploy an app-embedded Defender? (Check console) Fargate Dockerfile Shell script manual

Shell script

How well did you know this?

Not at all

Perfectly

How do alerts propagate from the Defenders to the Console in Kubernetes? (Check diagram) Pull, the console connects to port 8083 on the Defender. Pull, the console connects to port 8084 on the Defender. Push, the Defender connects to port 8083 on the console. Push, the Defender connects to port 8084 on the console.

Push, the Defender connects to port 8084 on the console.

How well did you know this?

Not at all

Perfectly

What is the usual order of upgrades if you use a self-hosted console in Prisma Cloud Compute? The console identifies that there’s a new version, upgrades itself automatically, and then upgrades the Defenders automatically. The console identifies that there’s a new version and upgrades itself automatically. You then upgrade the Defenders manually during a scheduled maintenance window. You upgrade the console manually, and then it upgrades the Defenders automatically. You upgrade both the console and Defenders manually.

You upgrade the console manually, and then it upgrades the Defenders automatically.

How well did you know this?

Not at all

Perfectly

Can Defender upgrades be restricted to a specific window of time? No. Upgrades happen automatically. However, those upgrades do not cause downtime. You can disable auto-upgrade, but then you can’t upgrade the Defenders. You need to uninstall and reinstall them for the upgrade. You can disable auto-upgrade, and then upgrade the Defenders during the window from the web-based interface. You can specify the maintenance window in the console, and then Defender upgrades will happen only during that time.

You can disable auto-upgrade, and then upgrade the Defenders during the window from the web-based interface.

How well did you know this?

Not at all

Perfectly

How many queries can a policy include? How many standards? one query, one standard one query, multiple standards multiple queries, one standard multiple queries, multiple standards

one query, multiple standards

Which three protocols are identified by the following RQL query? (Choose three.) protocol='TCP' AND dest.port IN (21,23,80) AND source.publicnetwork IN ( 'Internet IPs' , 'Suspicious IPs' ) HTTP Telnet SSH HTTPS FTP

HTTP Telnet FTP

Which parameter can you use in RQL to look at a field that Prisma Cloud does not parse? config.external json.value json.rule config.internal

json.rule

Which of the following is not a Prisma Cloud policy category? Config Network Anomaly Audit Event

Network

Which two Prisma Cloud policy categories allow you to be reactive, but not proactive? (Choose two.) Config Network Anomaly Audit Event User Activity

Network Audit Event

What is the alert state after the next scan when Prisma Cloud detects that excessive access was allowed to an AWS S3 bucket? Open Resolved Closed Deleted

Resolved

Which two alert states would be used by an administrator that is trying to hide the alerts caused by their actions? (Choose two.) Open Resolved Snoozed Dismissed Closed

Resolved Snoozed

Which option shows the targets that an alert rule-checks? policies users cloud accounts account groups

account groups

Which request type do web hooks use? GET POST PUT ALERT

POST

Which two integrations can send alerts to a system that is behind dynamic source-address translation? (Choose two.) Tenable Webhooks Email Qualys Slack

Tenable, Qualys

How should an administrator respond to an alert opened at 2 a.m. and resolved at 4 a.m? Verify the Alert log file to gather additional information to investigate the occurrence in detail. Investigate further. Somebody may have disabled a safeguard at 2 a.m., committed a crime, and re-enabled it at 4 a.m. to avoid detection. Evidence of malware is clear. The administrator must shut down the system in which it occurred. Document the incident. If it happens multiple times it needs to be investigated.

Investigate further. Somebody may have disabled a safeguard at 2 a.m., committed a crime, and re-enabled it at 4 a.m. to avoid detection.

An alarm resulted from device A connecting to device B. Which device should you investigate first? Device A Device B The network firewalls The device that contains more valuable information

Device A

In which format are alert details provided to accepting systems? XML JSON CSV HTTP

XML

Which is not a field in the alert notification? accountName policyLabels riskLevel alertRemediationCli

riskLevel

What does this query mean on GCP? api.name='gcloud-sql-instances-list' and json.rule = 'settings.ipConfiguration.requireSsl is true'. list instances where SSL is configured list instances where SSL is not configured list SQL instances where SSL is configured list SQL instances where SSL is not configured

list SQL instances where SSL is configured

This query looks for which type of S3 buckets with rules? api.name='aws-s3api-get-bucket-acl' AND json.rule="(acl.grants[?(@.grantee=='AllUsers')] size\> 0)". allow access to all users deny access to all users allow access to some external users deny access to some external users

Allow access to all users

You suspect that the desktop at IP 6.6.6.6 has malware. Which event query will show whether malware performed any cloud activity on your instances? event where sourceIP IN ( 6.6.6.6 ) event where ip IN ( 6.6.6.6 ) event where inetIP IN ( 6.6.6.6 ) event where adminIP IN ( 6.6.6.6 )

event where ip IN ( 6.6.6.6 )

You type this query: event where user = 'root'. Where would the events you see originate? AWS Azure GCP Google Cloud

AWS

You suspect that the desktop at 6.6.6.6 has malware. Which two queries will show whether it contacted any suspicious IPs? (Choose two.) network where source.ip = 6.6.6.6 AND dest.publicnetwork = 'Suspicious IPs' network where source.ip = 6.6.6.6 AND dest.ip IN ('Suspicious IPs') network where source.publicnetwork = 'Suspicious IPs' AND dest.ip = 6.6.6.6 network where source.ip = 'Suspicious IPs' AND dest.ip = 6.6.6.6 network where source.ip = 6.6.6.6 OR dest.ip = 6.6.6.6

network where source.ip = 6.6.6.6 AND dest.publicnetwork = 'Suspicious IPs' network where source.publicnetwork = 'Suspicious IPs' AND dest.ip = 6.6.6.6

Which traffic will the following query identify? dest.resource IN ( resource where virtualnetwork.name != 'default' ) IP addresses of resources that are in the virtual network default IP addresses of resources that are not in the virtual network default traffic events where the destination is in the virtual network default traffic events where the destination is not in the virtual network default

traffic events where the destination is not in the virtual network default

What is a valid anomaly type? too many login attempts impossible time travel new device excessive login failures

impossible time travel

Which is a valid anomaly type for a device? digital fingerprint retinal scan MAC address IP address

digital fingerprint

In a Prisma Cloud asset inventory, which is not an option for the Assets by Classification widget? Cloud Type (AWK, Alibaba Cloud, GCP, Azure) Asset Type (Instance, Network, Database, etc.) Account Name Region

Asset Type (Instance, Network, Database, etc.)

Which two criteria can be used to filter the asset inventory? (Choose two.) Resource Type CIDR Network Block Resource Name Standard IP Type (Internal vs. External)

Resource Type Standard

Which two template types are supported by build rules? (Choose two.) JavaScript CloudFormation Bash scripts with configuration commands Terraform XML

CloudFormation Terraform

Which type of query do you use to validate that a build policy is being followed? SQL query JavaScript code to calculate the answer RQL JSON query

JSON query

Your auditor wants a weekly report of how compliant you were with SOC 2. Can you do it, and if so how? No. You can get only current compliance. You can automate it from the web interface. Do a GET https://api.prismacloud.io/compliance/posture?timeType=relative&timeAmount=\< \>&timeUnit=week&policy.complianceStandard=SOC%202, loop on \<\> Do a GET https://api.prismacloud.io/compliance/SOC 2?timeType=relative&timeAmount=\<\>\_weeks, loop on \<\>

Do a GET https://api.prismacloud.io/compliance/posture?timeType=relative&timeAmount=\< \>&timeUnit=week&policy.complianceStandard=SOC%202, loop on \<\>

How can you delete Audit log entries older than a year? Audit log entries are not under administrator control. You can do it from the web interface. Do a DELETE https://api.prismacloud.io/audit/redlock?timeType=relative&timeAmount=1&time Unit=year Do a DELETE https://api.prismacloud.io/audit/redlock?timeType=absolute&time=\<\>

Audit log entries are not under administrator control.

Which format do you use with a config search? RQL SQL JSON query XML query

RQL

Which HTTP method do you use with an event search? GET PUT POST HEAD

POST

Which of these is not a tab in the registry details for a Docker image? Layers Process Info Network Connections Packages

Network Connections

Which vulnerability rule policy does not make sense? Alert threshold Low, Block threshold: Medium Alert threshold Low, Block threshold: High Alert threshold Medium, Block threshold: Low Alert threshold Low, Block threshold: Medium

Alert threshold Medium, Block threshold: Low

What are three ways to limit the applicability of a vulnerability rule? (Choose three.) scope (containers, images, etc.) operating system (Linux vs. Windows) cloud environment (AWS vs. Azure vs. GCP) exceptions to the rule by CVEs and/or tags apply the rule only if there is a vendor fix

scope (containers, images, etc.) exceptions to the rule by CVEs and/or tags apply the rule only if there is a vendor fix

**Which type of virtual machine can Prisma Cloud scan without running an agent on it?** Amazon Machine Image (AMI) running Linux Amazon Machine Image (AMI) running Linux or Windows Any VM image on the three major cloud providers (AWS, Azure, and GCP) running Linux Any VM image on the three major cloud providers (AWS, Azure, and GCP) running Windows

Amazon Machine Image (AMI) running Linux

How can Prisma Cloud Compute detect vulnerabilities in software installed directly rather than through a package manager? It uses the MD5 Hash Generator of the executables to know what is running. Some apps are so popular that they are supported if you activate unpackaged scan in the web interface. Some apps are so popular that they are supported. This action is activated automatically. It uses the MD5 of executables to know what is running.

Some apps are so popular that they are supported. This action is activated automatically

Which image vulnerability policy field is not available in Host Vulnerability policies? Alert threshold Block threshold Apply rule only when vendor fixes are available Exceptions

Block threshold

Which two criteria can you use for exceptions in a Host Vulnerability policy? (Choose two.) CVE ID Console OS version Is there a vendor fix available? Severity Tag

CVE ID Tag

If a Docker image raises a high-severity compliance concern, what is the first digit of the compliance ID? 2 3 4 5

If a Docker container raises a medium-severity compliance concern, what is the first digit of the compliance ID? 2 3 4 5

Which is not a valid action for a Docker compliance rule? Ignore Alert Remediate Block

Remediate

Which three criteria can be used to restrict the scope of a container and image-compliance rule? (Choose three.) Container name Image name Tag Cloud type (AWS, Azure, and/or GCP) Label

Container name Image name Label

Which is not a compliance template that can be used for a Container Compliance policy? GDPR ISO 27001 PCI HIPAA

ISO 27001

Which category and type identify the compliance problem described in the following statement? “While the system administrator can establish secure permissions for users’ home directories, the users can easily override these.” Windows, host Linux, host Docker, daemon config Apache, daemon config

Linux, host Linux has easier access to a privileged command line interface

Which entity creates the host compliance policies that Prisma Cloud checks? Palo Alto Networks research department Center for Internet Security Committee for Information Safety National Institute of Standards and Technology

Center for Internet Security

Which two fields can be used to limit the scope of a host compliance rule? (Choose two.) Operating system Tag Account ID Host name Project ID

Account ID Host name

If you keep the default policy, what action is performed on each severity level? Low: Ignore, Medium: Alert, High: Alert, Critical: Block Low: Ignore, Medium: Alert, High: Alert, Critical: Alert Low: Ignore, Medium: Ignore, High: Alert, Critical: Block Low: Ignore, Medium: Ignore, High: Alert, Critical: Alert

Low: Ignore, Medium: Ignore, High: Alert, Critical: Alert

An application has five hosts that run 30 Docker containers based on 10 images. What is the total number of container models in the application? 5 10 20 30

Which is not a tab in the container model? Process Networking File System Memory

Memory

Which tab does not have a Prevent effect in a container runtime rule? Processes Networking File system Operations

Networking

Which container-runtime effect applies to a single action rather than to an entire container? Alert Prevent Block Delete

prevent

Which Docker storage driver does not support Prevent effects? devicemapper overlay2 aufs virtualmapper

aufs

When does Prisma Cloud Compute gather forensic information about containers? all the time at the time of a breach at the time of a breach and for a short time afterward at the time of the breach and for 10 minutes

all the time

Which time period is covered by the forensic information sent to the console? all the time the time of a breach and a short period before it the time of a breach and a short period afterward a short period before the time of a breach and a short period afterward

a short period before the time of a breach and a short period afterward

In Prisma Cloud Compute, which three languages can have their packages scanned for vulnerabilities in serverless? (Choose five.) JavaScript (Node.js) Go C# Rust Python Java

JavaScript (Node.js) Go C# Python Java

Which component of Prisma Cloud Compute scans serverless functions for vulnerabilities? Container Defenders the Console Serverless Defenders Network Defenders

the Console

Which permission does Prisma Cloud Compute need to have to scan AWS Lambda functions? AWSLambdaShortAccess AWSLambdaRole AWSLambdaReadOnlyAccess AWSLambdaFullAccess

AWSLambdaReadOnlyAccess

What two scope restrictions can a serverless vulnerability policy have? (Choose two.) Runtimes Functions Cloud Platforms Account IDs Trigger Types

Functions Trigger Types

Which two effects can an exception to a Vulnerability policy rule have? (Choose two.) Disable Ignore Alert Prevent Block

Ignore Alert

In Prisma Cloud Compute, which two languages are not supported for the serverless Defender? (Choose two.) JavaScript (Node.js) Go C# Rust

Go Rust

How do you add a serverless Defender to a GCP cloud function? Use serverless Defender on AWS Lambda. Add code to the serverless function. Add a layer to the serverless configuration. Add a layer to the serverless function.

Add code to the serverless function.

What type of event do you need to log for DLP to work? Read Write Upload Download

Write

Which cloud service can use DLP? AWS S3 Azure Blob Google Cloud Google Cloud Messaging

AWS S3

How does Prisma Cloud get information about new files that need to be checked for DLP? AWS SNS Link Azure Event Grid Google Messaging HTTP to a Prisma Cloud web hook

AWS SNS

What does Forward-only scanning mean? scan only files going in the forward direction from the organization being protected to the rest of the world scan only files going in the forward direction from the rest of the world to the organization being protected scan only files forward in time, new files being uploaded to the storage service scan only files forward in time, previous seen files being uploaded to the storage service

scan only files forward in time, new files being uploaded to the storage service

Which extensions is supported for malware scanning? .exe .jar .tar Msi

.exe

What is not an exposure level that would apply to a storage bucket? Public Partial Conditional Private

Partial

Which option is a PII data pattern? Bank – Bankruptcy Fillings Driver License – Estonia Credit card number Health – DEA

Driver License – Estonia

What is the recommended bucket time-to-live (TTL) in the CloudTrail bucket? one day five days one month five months

one month

Which protocol or protocols does the Cloud Native Application Firewall (CNAF) process? LDAP SSL SSH HTTP

HTTP

Which is not a valid action in a CNAF rule? (CNAF now known as WAAS) Disable Log Alert Prevent

Log

Which cloud service can consume CloudFormation configuration files? AWS Azure Google Storage GCP

AWS

In which type of template does .prismaCloud/config.yml have a variable\_files setting? Terraform CloudFormation CloudField Kubernetes

Terraform

Which two integrations integrate with an IDE? (Choose two.) Jenkins AWS DevOps Visual Studio Code Azure DevOps IntelliJ IDEA

Visual Studio Code IntelliJ IDEA

Which two integrations integrate with source code management software? (Choose two.) GitHub GitLab CircleCI IntelliJ IDEA Jenkins

GitHub GitLab

Which type of software does not have integrations with Prism Cloud to manage IaC? CI/CD SCM Compiler IDE

Compiler

Which HTTP method is used to request the scan results for a Terraform template? GET POST PUT DELETE

GET

What is the content-type value use to scan a single YAML CloudFormation template file? text/plain text/x-yaml application/yaml application/plain

text/plain

The OOTB policy to verify that versioning is turned on in AWS S3 buckets is applied to which two code options? (Choose two.) CloudFormation Terraform CloudField Kubernetes

CloudFormation Terraform

The OOTB policy to verify that versioning is turned on in GCP Storage log buckets is applied to which code option? CloudFormation Terraform CloudField Kubernetes

Terraform

Which type of query do you use in an IaC build policy? JSON YAML RQL SQL

JSON

What does the expression $.resource[\*] mean? the value of the resource field of the root object the number of items inside the resource field of the root object all the keys inside the resource field of the root object all the values inside the resource field of the root object

all the values inside the resource field of the root object

Which CI/CD software communicates with Prisma Cloud Compute to request scans of new container images? Jenkins Maven Freestyle Malware

Jenkins

Which kind of relationship is allowed between the Console release and the Jenkins plugin release? The Jenkins plugin can be the same release as the Console or newer. The Jenkins plugin and the Console must be the same release. The Console can be the same release as the Jenkins release or newer. Any version of the Jenkins plugin works with any version of the Console.

The Jenkins plugin and the Console must be the same release.

**xxxxx** ## Footnote 1. xxxxx 2. xxxxx 3. xxxxx 4. xxxxx

**You configure the console identity and authentication on Jenkins.**

What is the return code of twistcli if the image passes the test? -1 0 1 2

At what point does a twistcli scan check the image? before the image is created after the image is created after the image is deployed before the image is created

after the image is created

Which two policy types are valid for CI, before the image is deployed? (Choose two.) Compliance Network Event Vulnerability Audit Access

Compliance Vulnerability

What is the earliest stage of the toolchain where Prisma Cloud Compute can protect you? Coding Building Testing Deploying

Building

Which option shows the types of cloud accounts supported by Prisma Cloud? AWS and Azure AWS, Azure, and GCP AWS, Azure, GCP, and Alibaba AWS, Azure, GCP, Alibaba, and IBM Cloud

AWS, Azure, GCP, and Alibaba

Which two modes are supported to secure cloud accounts? (Choose two.) Read only Observe Monitor Observe & Prevent Monitor & Protect

Monitor Monitor & Protect

What is the relationship between cloud accounts and account groups? One to one. Each account group has exactly one cloud account. One to many. Each account group has multiple cloud accounts, but a cloud account can be in only one group. One to many. Each account has multiple accounts groups, but a group can include at most one account. Many to many. Each account can be a member of multiple account groups, and each group can contain multiple accounts.

Many to many. Each account can be a member of multiple account groups, and each group can contain multiple accounts.

What are the two ways in which account groups are used? (Choose two.) Prisma Cloud \> Compliance, to see the compliance status of a specific group Prisma Cloud \> Policies, to specify on which accounts groups Prisma Cloud can use auto remediation for each policy Prisma Cloud Compute \> Radar (one of the options to color different containers and serverless functions is by account group) Prisma Cloud Compute \> Defend \> Vulnerabilities; you can ask to get a report of all the vulnerabilities of a specific account group in the security roles, to permit users to access only specific account groups

in the security roles, to permit users to access only specific account groups

An administrator has a Prisma Cloud role of Account Group Admin. What is the administrator’s role in Prisma Cloud Compute? also Account Group Admin because they use the same roles Auditor DevSecOps User Defender Manager

Auditor

Which two actions are permitted for Cloud Provisioning Admins? (Choose two.) View SSO Settings Deploy new Prisma Cloud Compute Defenders View Alerts View Policy View Prisma Cloud account details

Deploy new Prisma Cloud Compute Defenders View Prisma Cloud account details

Which role in Prisma Cloud Compute do you give a team lead from development permission to see only continuous integration reports? CI User DevOps User DevSecOps User Auditor

DevOps User

An employee from Operations who works the night shift needs to be able to see everything in case of problems but should not be able to change anything. Which role do you assign in Prisma Cloud Compute? CI User DevOps User DevSecOps User Auditor

Auditor

Which type of Defender installation do you need for an admission controller? Single Defender DaemonSet Swarm Multiple Defender DaemonSet

DaemonSet

Which is the name of the file you apply to Kubernetes to install OPA? admin\_ctrl.yaml opa.yaml webhook.yaml opa.json

webhook.yaml

What is the Rego expression to select only nginx images? input.request.object.spec.containers[\_].image input.request.object.spec.containers[\*].image input.request.object.containers[\_].image input.request.object.containers[\*].image

input.request.object.spec.containers[\_].image

Which three operations are supported in OPA policies? (Choose three.) CREATE READ MODIFY UPDATE CONNECT

CREATE UPDATE CONNECT

Users connect to the Console through app.prismacloud.io. Which Audit log has the IP of the user that connected to it? Prisma Cloud Prisma Cloud Compute Prisma Cloud Log Prisma Cloud Compute Log

Prisma Cloud

Where is the Defender log file located? on the Console /var/lib/twistlock/log/defender.log /usr/lib/twistlock/log/defender.log /etc/lib/twistlock/log/defender.log

/var/lib/twistlock/log/defender.log

Which two values are legitimate entries in an anomaly trusted list? (Choose two.) 10.0.0.0/8 2.2.2.2/16 8.8.8.8 joe@prismacloud.io 172.16.1.1/32

10.0.0.0/8 172.16.1.1/32

Which three criteria can be used to limit the applicability of an anomaly trusted list? (Choose three.) Anomaly policy type(s) Account ID VPC (Link) Subnet DNS Domain

Anomaly policy type(s) Account ID VPC

What is the maximum idle timeout without using a custom value? minutes (Link) hours days months

Minutes

What is the maximum idle timeout without using a custom value? 30 minutes 45 minutes 60 minutes 120 minutes

60 Minutes

What can an administrator require when somebody dismisses an alert? Administrators are authorized to dismiss alerts. An administrator can configure the system so administrators must type a reason, but what they type can’t be controlled. Administrators are required to type a reason and require it to be of a certain length. Administrators are always required to type a reason.

An administrator can configure the system so administrators must type a reason, but what they type can’t be controlled.

Which system can serve as a source of information for Prisma Cloud? Slack Amazon GuardDuty Amazon SQS Jira

Amazon GuardDuty

Which system can be used to display Prisma Cloud alerts, but not to feed it information? AWS Inspector Tenable Qualys ServiceNow

Service Now

Where in the user interface do you specify integrations for Prisma Cloud to alert other products? Settings \> Integrations Manage \> Alerts Prisma Cloud Settings \> Integrations Prisma Cloud Manage \> Alerts

Prisma Cloud Settings \> Integrations

Where do you configure outbound notifications for CNAF? Settings \> Integrations Manage \> Alerts (Console Link) Prisma Cloud Settings \> Integrations Manage \> CNAF \> Alerts

Manage\>Alerts

You want to test an alert channel using /api/v1/alert-profiles/test. Which format should you use? GET JSON YAML Python

JSON

Which command will start an images scan? GET /images/scan POST /images/scan GET /results/images/download POST /results/images/download

POST /images/scan

Which command will get the results of a container scan? GET /results/containers/download POST /results/containers/download GET /containers/download POST /containers/download

GET/containers/download