Most Updated PCCSE Dumps (V13.02) – Get a Profitable Exam Preparation for Passing the Prisma Certified Cloud Security Engineer Exam

1. Given a default deployment of Console, a customer needs to identify the alerted compliance checks that are set by default.

Where should the customer navigate in Console?

2. Which container scan is constructed correctly?

3. The development team wants to fail CI jobs where a specific CVE is contained within the image.

How should the development team configure the pipeline or policy to produce this outcome?

4. Which three types of classifications are available in the Data Security module? (Choose three.)

5. A customer has a requirement to terminate any Container from image topSecret:latest when a process named ransomWare is executed.

How should the administrator configure Prisma Cloud Compute to satisfy this requirement?

6. Retrieve the Prisma Cloud Console images using ‘docker pull’.

7. Which two statements are true about the differences between build and run config policies? (Choose two.)

8. A security team notices a number of anomalies under Monitor > Events. The incident response team works with the developers to determine that these anomalies are false positives.

What will be the effect if the security team chooses to Relearn on this image?

9. A customer does not want alerts to be generated from network traffic that originates from trusted internal networks.

Which setting should you use to meet this customer’s request?

10. A DevOps lead reviewed some system logs and notices some odd behavior that could be a data exfiltration attempt. The DevOps lead only has access to vulnerability data in Prisma Cloud Compute, so the DevOps lead passes this information to SecOps.

Which pages in Prisma Cloud Compute can the SecOps lead use to investigate the runtime aspects of this attack?

11. A customer finds that an open alert from the previous day has been resolved. No auto-remediation was configured.

Which two reasons explain this change in alert status? (Choose two.)

12. Which three steps are involved in onboarding an account for Data Security? (Choose three.)

13. An administrator has deployed Console into a Kubernetes cluster running in AWS. The administrator also has configured a load balancer in TCP passthrough mode to listen on the same ports as the default Prisma Compute Console configuration.

In the build pipeline, the administrator wants twistcli to talk to Console over HTTPS.

Which port will twistcli need to use to access the Prisma Compute APIs?

14. A customer is reviewing Container audits, and an audit has identified a cryptominer attack.

Which three options could have generated this audit? (Choose three.)

15. Which step is included when configuring Kubernetes to use Prisma Cloud Compute as an admission controller?

16. A Prisma Cloud administrator is onboarding a single GCP project to Prisma Cloud.

Which two steps can be performed by the Terraform script? (Choose two.)

17. Which statement about build and run policies is true?

A. Build policies enable you to check for security misconfigurations in the IaC templates.

B. Every type of policy has auto-remediation enabled by default.

C. The four main types of policies are: Audit Events, Build, Network, and Run.

D. Run policies monitor network activities in the environment and check for potential issues during runtime.

18. An administrator sees that a runtime audit has been generated for a host. The audit message is: “Service postfix attempted to obtain capability SHELL by executing /bin/sh /usr/libexec/postfix/postfix- script.stop. Low severity audit, event is automatically added to the runtime model”

Which runtime host policy rule is the root cause for this runtime audit?

19. Which option identifies the Prisma Cloud Compute Edition?

20. Which type of compliance check is available for rules under Defend > Compliance > Containers and Images > CI?

21. The security team wants to protect a web application container from an SQLi attack.

Which type of policy should the administrator create to protect the container?

22. An S3 bucket within AWS has generated an alert by violating the Prisma Cloud Default policy “AWS

S3 buckets are accessible to public”.

The policy definition follows:

config where cloud.type = 'aws' AND api.name='aws-s3api-get-bucket-acl' AND json.rule="((((acl.grants[? (@.grantee=='AllUsers')] size > 0) or policyStatus.isPublic is true) and publicAccessBlockConfiguration does not exist) or ((acl.grants[?(@.grantee=='AllUsers')] size > 0) and publicAccessBlockConfiguration.ignorePublicAcis is false) or (policyStatus.isPublic is true and publicAccessBlockConfiguration.restrictPublicBuckets is false)) and websiteConfiguration does not exist"

Why did this alert get generated?

23. DRAG DROP

Which order of steps map a policy to a custom compliance standard? (Drag the steps into the correct order of occurrence, from the first step to the last.)

24. A customer is interested in PCI requirements and needs to ensure that no privilege containers can start in the environment.

Which action needs to be set for “do not use privileged containers”?

25. Given an existing ECS Cluster, which option shows the steps required to install the Console in Amazon ECS?

26. Which options show the steps required to upgrade Console when using projects?

27. A customer has Prisma Cloud Enterprise and host Defenders deployed.

What are two options that allow an administrator to upgrade Defenders? (Choose two.)

28. Which intensity setting for anomaly alerts is used for the measurement of 100 events over 30 days?

29. Given this information:

The Console is located at https://prisma-console.mydomain.local The username is: cluster

The password is: password123

The image to scan is: myimage:latest

Which twistcli command should be used to scan a Container for vulnerabilities and display the details about each vulnerability?

30. The development team wants to block Cross Site Scripting attacks from pods in its environment.

How should the team construct the CNAF policy to protect against this attack?

31. The Prisma Cloud administrator has configured a new policy.

Which steps should be used to assign this policy to a compliance standard?

32. An administrator wants to install the Defenders to a Kubernetes cluster. This cluster is running the console on the default service endpoint and will be exporting to YAML.

Console Address: $CONSOLE_ADDRESS Websocket Address: $WEBSOCKET_ADDRESS User:

$ADMIN_USER

Which command generates the YAML file for Defender install?

33. Which options show the steps required after upgrade of Console?

34. Create an Alert rule

35. A business unit has acquired a company that has a very large AWS account footprint. The plan is to immediately start onboarding the new company’s AWS accounts into Prisma Cloud Enterprise tenant immediately. The current company is currently not using AWS Organizations and will require each account to be onboarded individually.

The business unit has decided to cover the scope of this action and determined that a script should be written to onboard each of these accounts with general settings to gain immediate posture visibility across the accounts.

Which API endpoint will specifically add these accounts into the Prisma Cloud Enterprise tenant?

36. A security team has a requirement to ensure the environment is scanned for vulnerabilities.

What are three options for configuring vulnerability policies? (Choose three.)

37. The Unusual protocol activity (Internal) network anomaly is generating too many alerts. An administrator has been asked to tune it to the option that will generate the least number of events without disabling it entirely.

Which strategy should the administrator use to achieve this goal?

38. What is the behavior of Defenders when the Console is unreachable during upgrades?

39. How are the following categorized?

Backdoor account access Hijacked processes Lateral movement

Port scanning

40. DRAG DROP

An administrator needs to write a script that automatically deactivates access keys that have not been used for 30 days.

In which order should the API calls be used to accomplish this task? (Drag the steps into the correct order from the first step to the last.)

41. Which method should be used to authenticate to Prisma Cloud Enterprise programmatically?

42. Which option shows the steps to install the Console in a Kubernetes Cluster?

43. A customer has a requirement to automatically protect all Lambda functions with runtime protection.

What is the process to automatically protect all the Lambda functions?

44. Which statement accurately characterizes SSO Integration on Prisma Cloud?

45. DRAG DROP

Match the service on the right that evaluates each exposure type on the left. (Select your answer from the pull-down list. Answers may be used more than once or not at all.)

46. What are two ways to scan container images in Jenkins pipelines? (Choose two.)

47. A customer wants to harden its environment from misconfiguration.

Prisma Cloud Compute Compliance enforcement for hosts covers which three options? (Choose three.)

48. A Prisma Cloud administrator is tasked with pulling a report via API. The Prisma Cloud tenant is located on app2.prismacloud.io.

What is the correct API endpoint?

49. A customer has Defenders connected to Prisma Cloud Enterprise. The Defenders are deployed as a DaemonSet in OpenShift.

How should the administrator get a report of vulnerabilities on hosts?

50. DRAG DROP

Order the steps involved in onboarding an AWS Account for use with Data Security feature.

51. A customer has a requirement to scan serverless functions for vulnerabilities.

Which three settings are required to configure serverless scanning? (Choose three.)

52. You are tasked with configuring a Prisma Cloud build policy for Terraform.

What type of query is necessary to complete this policy?

53. You have onboarded a public cloud account into Prisma Cloud Enterprise. Configuration Resource

ingestion is visible in the Asset Inventory for the onboarded account, but no alerts are being generated for the configuration assets in the account.

Config policies are enabled in the Prisma Cloud Enterprise tenant, with those policies associated to existing alert rules. ROL statements on the investigate matching those policies return config resource results successfully.

Why are no alerts being generated?

54. The security team wants to target a CNAF policy for specific running Containers.

How should the administrator scope the policy to target the Containers?

55. The InfoSec team wants to be notified via email each time a Security Group is misconfigured.

Which Prisma Cloud tab should you choose to complete this request?

56. An administrator has access to a Prisma Cloud Enterprise.

What are the steps to deploy a single container Defender on an ec2 node?

57. A customer wants to turn on Auto Remediation.

Which policy type has the built-in CLI command for remediation?

58. A customer is deploying Defenders to a Fargate environment. It wants to understand the vulnerabilities in the image it is deploying.

How should the customer automate vulnerability scanning for images deployed to Fargate?

59. Which container image scan is constructed correctly?

60. DRAG DROP

An administrator has been tasked with creating a custom service that will download any existing compliance report from a Prisma Cloud Enterprise tenant.

In which order will the APIs be executed for this service? (Drag the steps into the correct order of occurrence, from the first step to the last.)

61. Which two processes ensure that builds can function after a Console upgrade? (Choose two.)

62. The compliance team needs to associate Prisma Cloud policies with compliance frameworks.

Which option should the team select to perform this task?

63. Review this admission control policy:

match[{"msg": msg}] { input.request.operation == "CREATE" input.request.kind.kind == "Pod"

input.request.resource.resource == "pods"

input.request.object.spec.containers[_].securityContext.privileged msg := "Privileged"

}

Which response to this policy will be achieved when the effect is set to “block”?

64. Per security requirements, an administrator needs to provide a list of people who are receiving e-mails for Prisma Cloud alerts.

Where can the administrator locate this list of e-mail recipients?

65. A customer wants to scan a serverless function as part of a build process.

Which twistcli command can be used to scan serverless functions?

66. A customer has a development environment with 50 connected Defenders. A maintenance window is set for Monday to upgrade 30 stand-alone Defenders in the development environment, but there is no maintenance window available until Sunday to upgrade the remaining 20 stand-alone Defenders.

Which recommended action manages this situation?

67. What is an example of an outbound notification within Prisma Cloud?

68. A security team has been asked to create a custom policy.

Which two methods can the team use to accomplish this goal? (Choose two.)

69. The security auditors need to ensure that given compliance checks are being run on the host.

Which option is a valid host compliance policy?

70. DRAG DROP

Match the correct scanning mode for each given operation. (Select your answer from the pull-down list. Answers may be used more than once or not at all.)

71. A customer wants to be notified about port scanning network activities in their environment.

Which policy type detects this behavior?