[Q67-Q90] Accurate & Verified 2023 New PCCSE Answers As Experienced in the Actual Test!

Rate this post

Accurate & Verified 2023 New PCCSE Answers As Experienced in the Actual Test!

PCCSE Certification Sample Questions certification Exam

Q67. A customer has configured the JIT, and the user created by the process is trying to log in to the Prisma Cloud console. The user encounters the following error message:

What is the reason for the error message?

The attribute name is not set correctly in JIT settings.

The user does not exist.

The user entered an incorrect password

The role is not assigned for the user.

Q68. You have onboarded a public cloud account into Prisma Cloud Enterprise. Configuration Resource ingestion is visible in the Asset Inventory for the onboarded account, but no alerts are being generated for the configuration assets in the account.
Config policies are enabled in the Prisma Cloud Enterprise tenant, with those policies associated to existing alert rules. ROL statements on the investigate matching those policies return config resource results successfully.
Why are no alerts being generated?

The public cloud account is not associated with an alert notification.

The public cloud account does not have audit trail ingestion enabled.

The public cloud account does not access to configuration resources.

The public cloud account is not associated with an alert rule.

Q69. What is the behavior of Defenders when the Console is unreachable during upgrades?

Defenders will fail open until the web-socket can be reestablished.

Defenders will fail closed until the web-socket can be re-established

Defenders continue to alert, but not enforce, using the policies and settings most recently cached before upgrading the Console.

Defenders continue to alert and enforce using the policies and settings most recently cached before upgrading the Console.

Q70. Match the service on the right that evaluates each exposure type on the left.
(Select your answer from the pull-down list. Answers may be used more than once or not at all.)

Q71. A DevOps lead reviewed some system logs and notices some odd behavior that could be a data exfiltration attempt The DevOps lead only has access to vulnerability data in Prisma Cloud Compute, so the DevOps lead passes this information to SecOps Which pages in Prisma Cloud Compute can the SecOps lead use to investigate the runtime aspects of this attack?

The SecOps lead should use the Incident Explorer page and Monitor > Events > Container Audits

The SecOps lead should review the vulnerability scans in the CI/CD process to determine blame

The SecOps lead should investigate the attack using Vulnerability Explorer and Runtime Radar

The SecOps lead should use Incident Explorer and Compliance Explorer.

Q72. Which three types of runtime rules can be created? (Choose three.)

Network-outgoing

Processes

Kubernetes-audit

Filesystem

Waas-request

Q73. Given the following RQL:
event from cloud.audit_logs where operation IN (‘CreateCryptoKey’, ‘DestroyCryptoKeyVersion’,
‘v1.compute.disks.createSnapshot’)
Which audit event snippet is identified?
A)

B)

C)

D)

Option A

Option B

Option C

Option D

Q74. Which options show the steps required after upgrade of Console?

Update the Console image in the Twistlock hosted registry
Update the Defender image in the Twistlock hosted registry
Uninstall Defenders

Update the Console image in the Twistlock hosted registry
Update the Defender image in the Twistlock hosted registry
Redeploy Console

Upgrade Defenders
Upgrade Jenkins Plugin
Upgrade twistcli where applicable

Uninstall Defenders
Upgrade Jenkins Plugin
Upgrade twistcli where applicable
Allow the Console to redeploy the Defender

Q75. The development team wants to fail CI jobs where a specific CVE is contained within the image. How should the development team configure the pipeline or policy to produce this outcome?

Set the specific CVE exception as an option using the magic string in the Console.

Set the specific CVE exception in Console’s CI policy.

Set the specific CVE exception as an option in Defender running the scan.

Set the specific CVE exception as an option in Jenkins or twistcli.

Q76. Which statement about build and run policies is true?

Build policies enable you to check for security misconfigurations in the laC templates.

Every type of policy has auto-remediation enabled by default.

Run policies monitor network activities in the environment and check for potential issues during runtime

The four main types of policies are Audit Events. Build. Network, and Run.

Q77. Which two fields are required to configure SSO in Prisma Cloud? (Choose two.)

Prisma Cloud Access SAML URL

Identity Provider Issuer

Certificate

Identity Provider Logout URL

Q78. Which categories does the Adoption Advisor use to measure adoption progress for Cloud Security Posture Management?

Foundations, Advanced, and Optimize

Visibility, Security, and Compliance

Visibility, Compliance, Governance, and Threat Detection and Response

Network, Anomaly, and Audit Event

Q79. Which statement about build and run policies is true?

Build policies enable you to check for security misconfigurations in the IaC templates.

Every type of policy has auto-remediation enabled by default.

The four main types of policies are: Audit Events, Build, Network, and Run.

Run policies monitor network activities in the environment and check for potential issues during runtime.

Q80. One of the resources on the network has triggered an alert for a Default Config policy.
Given the following resource JSON snippet:

Which RQL detected the vulnerability?
A)

B)

C)

D)

Option A

Option B

Option C

Option D

Q81. A customer has a requirement to automatically protect all Lambda functions with runtime protection. What is the process to automatically protect all the Lambda functions?

Configure a function scan policy from the Defend/Vulnerabilities/Functions page.

Configure serverless radar from the Defend/Compliance/Cloud Platforms page.

Configure a manually embedded Lambda Defender.

Configure a serverless auto-protect rule for the functions.

Q82. An administrator has deployed Console into a Kubernetes cluster running in AWS. The administrator also has configured a load balancer in TCP passthrough mode to listen on the same ports as the default Prisma Compute Console configuration.
In the build pipeline, the administrator wants twistcli to talk to Console over HTTPS. Which port will twistcli need to use to access the Prisma Compute APIs?

8083

8081

8084

443

Q83. A customer is deploying Defenders to a Fargate environment. It wants to understand the vulnerabilities in the image it is deploying.
How should the customer automate vulnerability scanning for images deployed to Fargate?

Set up a vulnerability scanner on the registry

Embed a Fargate Defender to automatically scan for vulnerabilities

Designate a Fargate Defender to serve a dedicated image scanner

Use Cloud Compliance to identify misconfigured AWS accounts

Q84. Given the following RQL:

Which audit event snippet is identified by the RQL?
A)

B)

C)

D)

Option C

Option D

Option A

Option B

Q85. An administrator needs to write a script that automatically deactivates access keys that have not been used for
30 days.
In which order should the API calls be used to accomplish this task? (Drag the steps into the correct order from the first step to the last.) Select and Place:

Q86. What is the maximum number of access keys a user can generate in Prisma Cloud with a System Admin role?

Q87. A customer has a requirement to scan serverless functions for vulnerabilities. Which three settings are required to configure serverless scanning? (Choose three )

Defender Name

Credential

Provider

Console Address

Region

Q88. Which statement is true regarding CloudFormation templates?

Scan support does not currently exist tor nested references, macros, or intrinsic functions.

A single template or a zip archive of template files cannot be scanned with a single API request.

Scan support is provided for JSON. HTML and YAML formats.

Request-Header-Field ‘cloudformation-version’ is required to request a scan.

Q89. How are the following categorized?
* Backdoor account access
* Hijacked processes
* Lateral movement
* Port scanning

audits