[May-2022] Free PCCSE Exam Dumps to Improve Exam Score [Q49-Q69]

Rate this post

[May-2022] Free PCCSE Exam Dumps to Improve Exam Score

2022 Realistic PCCSE Dumps Exam Tips Test Pdf Exam Material

Q49. What is an example of an outbound notification within Prisma Cloud?

PagerDuty

AWS Inspector

Tenable

Qualys

Q50. Review this admission control policy:

Which response to this policy will be achieved when the effect is set to “block”?

The policy will replace Defender with a privileged Defender

The policy will block the creation of a privileged pod

The policy will block all pods on a Privileged host

The policy will alert only the administrator when a privileged pod is created

Q51. An S3 bucket within AWS has generated an alert by violating the Prisma Cloud Default policy “AWS S3 buckets are accessible to public”. The policy definition follows:
config where cloud.type = ‘aws’ AND api.name=’aws-s3api-get-bucket-acl’ AND json.rule=”((((acl.grants[? (@.grantee==’AllUsers’)] size > 0) or policyStatus.isPublic is true) and publicAccessBlockConfiguration does not exist) or ((acl.grants[?(@.grantee==’AllUsers’)] size > 0) and publicAccessBlockConfiguration.ignorePublicAcis is false) or (policyStatus.isPublic is true and publicAccessBlockConfiguration.restrictPublicBuckets is false)) and websiteConfiguration does not exist” Why did this alert get generated?

an event within the cloud account

network traffic to the S3 bucket

configuration of the S3 bucket

anomalous behaviors

Q52. Given a default deployment of Console, a customer needs to identify the alerted compliance checks that are set by default.
Where should the customer navigate in Console?

Monitor > Compliance

Defend > Compliance

Manage > Compliance

Custom > Compliance

Q53. Which three types of classifications are available in the Data Security module? (Choose three.)

Compliance standard

Financial information

Malware

Malicious IP

Personally identifiable information

Q54. Given an existing ECS Cluster, which option shows the steps required to install the Console in Amazon ECS?

The console cannot natively run in an ECS cluster. A onebox deployment should be used.

Download and extract the release tarball
Ensure that each node has its own storage for Console data Create the Console task definition Deploy the task definition

Download and extract release tarball Download task from AWS
Create the Console task definition Deploy the task definition

Download and extract the release tarball
Create an EFS file system and mount to each node in the cluster Create the Console task definition Deploy the task definition

Q55. A DevOps lead reviewed some system logs and notices some odd behavior that could be a data exfiltration attempt. The DevOps lead only has access to vulnerability data in Prisma Cloud Compute, so the DevOps lead passes this information to SecOps.
Which pages in Prisma Cloud Compute can the SecOps lead use to investigate the runtime aspects of this attack?

The SecOps lead should investigate the attack using Vulnerability Explorer and Runtime Radar.

The SecOps lead should use Incident Explorer and Compliance Explorer.

The SecOps lead should use the Incident Explorer page and Monitor > Events > Container Audits.

The SecOps lead should review the vulnerability scans in the CI/CD process to determine blame.

Q56. What is the behavior of Defenders when the Console is unreachable during upgrades?

Defenders will fail open until the web-socket can be reestablished.

Defenders will fail closed until the web-socket can be re-established

Defenders continue to alert, but not enforce, using the policies and settings most recently cached before upgrading the Console.

Defenders continue to alert and enforce using the policies and settings most recently cached before upgrading the Console.

Q57. Which container scan is constructed correctly?

twistcli images scan -u api -p api –address https://us-west1.cloud.twistlock.com/us-3-123456789 — container myimage/latest

twistcli images scan –docker-address https://us-west1.cloud.twistlock.com/us-3-123456789 myimage/ latest

twistcli images scan -u api -p api –address https://us-west1.cloud.twistlock.com/us-3-123456789 –details myimage/latest

twistcli images scan -u api -p api –docker-address https://us-west1.cloud.twistlock.com/us-3-123456789 myimage/latest

Q58. Which option shows the steps to install the Console in a Kubernetes Cluster?

Download the Console and Defender image Download YAML for Defender from the document site Deploy Defender YAML using kubectl

Download and extract release tarball Generate YAML for Console Deploy Console YAML using kubectl

Download and extract release tarball Download the YAML for Console Deploy Console YAML using kubectl

Download the Console and Defender image Generate YAML for Defender Deploy Defender YAML using kubectl

Q59. Given the following audit event activity snippet:

Which RQL will be triggered by the audit event?
A)

B)

C)

D)

Option A

Option B

Option C

Option D

Q60. How are the following categorized?
* Backdoor account access
* Hijacked processes
* Lateral movement
* Port scanning

audits

models

admission controllers

incidents

Q61. An administrator sees that a runtime audit has been generated for a Container. The audit message is “DNS resolution of suspicious name wikipedia.com. type A”.
Why would this message appear as an audit?

The DNS was not learned as part of the Container model or added to the DNS allow list.

This is a DNS known to be a source of malware.

The process calling out to this domain was not part of the Container model.

The Layer7 firewall detected this as anomalous behavior.

Q62. A customer wants to harden its environment from misconfiguration.
Prisma Cloud Compute Compliance enforcement for hosts covers which three options? (Choose three.)

Docker daemon configuration

Host cloud provider tags

Host configuration

Docker daemon configuration files

Hosts without Defender agents

Q63. Which statement accurately characterizes SSO Integration on Prisma Cloud?

Prisma Cloud supports IdP initiated SSO. and its SAML endpoint supports the POST and GET methods

An administrator can configure different Identity Providers (IdP) for all the cloud accounts that Prisma Cloud monitors.

Okta, Azure Active Directory. PingID, and others are supported via SAML

An administrator who needs to access the Prisma Cloud API can use SSO after configuration.

Q64. A customer wants to harden its environment from misconfiguration
Prisma Cloud Compute Compliance enforcement for hosts covers which three options? (Choose three.)

Host cloud provider tags

Host configuration

Docker daemon configuration files

Docker daemon configuration

Hosts without Defender agents

Q65. What are two ways to scan container images in Jenkins pipelines? (Choose two )

Compute Jenkins plugin

Jenkins Docker plugin

Compute Azure DevOps plugin

Prisma Cloud Visual Studio Code plugin with Jenkins integration

twistcli

Q66. Given the following JSON query:
$.resource[*].aws_s3_bucket exists
Which tab is the correct place to add the JSON query when creating a Config policy?

Details

Compliance Standards

Remediation

Build Your Rule (Run tab)

Build Your Rule (Build tab)

Q67. A customer is interested in PCI requirements and needs to ensure that no privilege containers can start in the environment.
Which action needs to be set for “do not use privileged containers”?

Prevent

Alert

Block

Fail

Explanation
Block-Defender stops the entire container if a process that violates your policy attempts to run.
https://docs.prismacloudcompute.com/docs/enterprise_edition/runtime_defense/runtime_defense_containers.htm

Q68. Which statement about build and run policies is true?

Build policies enable you to check for security misconfigurations in the laC templates.

Every type of policy has auto-remediation enabled by default.

Run policies monitor network activities in the environment and check for potential issues during runtime

The four main types of policies are Audit Events. Build. Network, and Run.

Q69. You have onboarded a public cloud account into Prisma Cloud Enterprise Configuration Resource ingestion is visible in the Asset Inventory for the onboarded account, but no alerts are being generated for the configuration assets in the account Config policies are enabled in the Prisma Cloud Enterprise tenant, with those policies associated to existing alert rules RQL statements on the Investigate matching those policies return config resource results successfully Why are no alerts being generated”

The public cloud account does not have audit trail ingestion enabled.

The public cloud account is not associated with an alert notification.

The public cloud account does not have access to configuration resources.

The public cloud account is not associated with an alert rule

Loading …

Palo-Alto-Networks PCCSE: Prisma Certified Cloud Security Engineer Certification Path

PCCSE is an advanced exam and PCNSA – Palo Alto Networks Certified Network Security Administrator is a prerequisite for this Palo Alto Networks PCCSE exam. The qualification Prisma Certified Cloud Security Engineer (PCCSE) confirms the expertise, experience, and capacity necessary for the integration, deployment and management of Prisma Cloud as a whole. Individuals certified with PCCSE would have a proven understanding of Prisma Cloud technologies and services from Palo Alto Networks. The cloud has changed every part of the life cycle of application growth. In order for apps, data and the full cloud native infrastructure stack across the growth period and in non- and hybrid cloud settings, Prisma Cloud provides the widest safety and enforcement coverage in the sector. Prisma Cloud, Prisma Cloud Enterprise and Prisma Cloud Compute are qualification goals.

Palo Alto Networks Certifications support by not just companies but people by demonstrating their understanding of the Palo Alto Networks portfolio. It improves your professional profile immediately and lines you up with the fastest expanding safety business for those who are looking into the future.

Powerful PCCSE PDF Dumps for PCCSE Questions: https://www.real4exams.com/PCCSE_braindumps.html