Palo Alto Networks PCCSE Dumps Updated [2022] PCCSE Exam Dumps V9.02 Online

1. The security team wants to target a CNAF policy for specific running Containers .

How should the administrator scope the policy to target the Containers?

2. Which three types of classifications are available in the Data Security module? (Choose three.)

3. A Prisma Cloud administrator is tasked with pulling a report via API. The Prisma Cloud tenant is located on app2.prismacloud.io.

What is the correct API endpoint?

4. An S3 bucket within AWS has generated an alert by violating the Prisma Cloud Default policy “AWS S3 buckets are accessible to public”.

The policy definition follows:

config where cloud.type = 'aws' AND api.name='aws-s3api-get-bucket-acl' AND json.rule="((((acl.grants[? (@.grantee=='AllUsers')] size > 0) or policyStatus.isPublic is true) and publicAccessBlockConfiguration does not exist) or ((acl.grants[?(@.grantee=='AllUsers')] size > 0) and publicAccessBlockConfiguration.ignorePublicAcis is false) or (policyStatus.isPublic is true and publicAccessBlockConfiguration.restrictPublicBuckets is false)) and websiteConfiguration does not exist"

Why did this alert get generated?

5. Which option shows the steps to install the Console in a Kubernetes Cluster?

6. Which type of compliance check is available for rules under Defend > Compliance > Containers and Images > CI?

7. A customer has serverless functions that are deployed in multiple clouds.

Which serverless cloud provider is covered be “overly permissive service access” compliance check?

8. A security team is deploying Cloud Native Application Firewall (CNAF) on a containerized web application. The application is running an NGINX container. The container is listening on port 8080 and is mapped to host port 80.

Which port should the team specify in the CNAF rule to protect the application?

9. An administrator has been tasked with a requirement by your DevSecOps team to write a script to continuously query programmatically the existing users, and the user’s associated permission levels, in a Prisma Cloud Enterprise tenant.

Which public documentation location should be reviewed to help determine the required attributes to carry out this step?

10. Which three steps are involved in onboarding an account for Data Security? (Choose three.)

11. DRAG DROP

An administrator has been tasked with creating a custom service that will download any existing compliance report from a Prisma Cloud Enterprise tenant.

In which order will the APIs be executed for this service? (Drag the steps into the correct order of occurrence, from the first step to the last.)

12. DRAG DROP

An administrator needs to write a script that automatically deactivates access keys that have not been used for 30 days.

In which order should the API calls be used to accomplish this task? (Drag the steps into the correct order from the first step to the last.) Select and Place:

13. A customer wants to monitor the company’s AWS accounts via Prisma Cloud, but only needs the resource configuration to be monitored for now.

Which two pieces of information do you need to onboard this account? (Choose two.)

14. Which statement is true regarding CloudFormation templates?

15. If you are required to run in an air-gapped environment, which product should you install?

16. The security auditors need to ensure that given compliance checks are being run on the host .

Which option is a valid host compliance policy?

17. A security team has a requirement to ensure the environment is scanned for vulnerabilities .

What are three options for configuring vulnerability policies? (Choose three.)

18. Which container scan is constructed correctly?

19. A customer finds that an open alert from the previous day has been resolved. No auto-remediation was configured.

Which two reasons explain this change in alert status? (Choose two.)

20. What is an automatically correlated set of individual events generated by the firewall and runtime sensors to identify unfolding attacks?

21. Given the following RQL:

Which audit event snippet is identified by the RQL?

A)

B)

C)

D)

22. A customer has a requirement to automatically protect all Lambda functions with runtime protection .

What is the process to automatically protect all the Lambda functions?

23. Which API calls can scan an image named myimage: latest with twistcli and then retrieve the results from Console?

24. The development team wants to fail CI jobs where a specific CVE is contained within the image .

How should the development team configure the pipeline or policy to produce this outcome?

25. A customer does not want alerts to be generated from network traffic that originates from trusted internal networks.

Which setting should you use to meet this customer’s request?

26. Which statement accurately characterizes SSO Integration on Prisma Cloud?

27. What is the maximum number of access keys a user can generate in Prisma Cloud with a System Admin role?

28. Which method should be used to authenticate to Prisma Cloud Enterprise programmatically?

29. When would a policy apply if the policy is set under Defend > Vulnerability > Images > Deployed?

30. Per security requirements, an administrator needs to provide a list of people who are receiving e-mails for Prisma Cloud alerts.

Where can the administrator locate this list of e-mail recipients?

31. A customer has multiple violations in the environment including:

User namespace is enabled

An LDAP server is enabled

SSH root is enabled

Which section of Console should the administrator use to review these findings?

32. Which option identifies the Prisma Cloud Compute Edition?

33. Which two required request headers interface with Prisma Cloud API? (Choose two.)

34. Which options show the steps required to upgrade Console when using projects?

35. Console is running in a Kubernetes cluster, and you need to deploy Defenders on nodes within this cluster.

Which option shows the steps to deploy the Defenders in Kubernetes using the default Console service name?

36. Which component(s), if any, will Palo Alto Networks host and run when a customer purchases Prisma Cloud Enterprise Edition?

37. Given the following RQL:

event from cloud.audit_logs where operation IN (‘CreateCryptoKey’, ‘DestroyCryptoKeyVersion’, ‘v1.compute.disks.createSnapshot’)

Which audit event snippet is identified?

A)

B)

C)

D)

38. A manager informs the SOC that one or more RDS instances have been compromised and the SOC needs to make sure production RDS instances are NOT publicly accessible.

Which action should the SOC take to follow security best practices?

39. A customer has a requirement to restrict any container from resolving the name www.evil-url.com.

How should the administrator configure Prisma Cloud Compute to satisfy this requirement?

40. How are the following categorized?

Backdoor account access Hijacked processes Lateral movement

Port scanning

41. The compliance team needs to associate Prisma Cloud policies with compliance frameworks .

Which option should the team select to perform this task?

42. One of the resources on the network has triggered an alert for a Default Config policy.

Given the following resource JSON snippet:

Which RQL detected the vulnerability?

A)

B)

C)

D)

43. An administrator sees that a runtime audit has been generated for a host.

The audit message is:

“Service postfix attempted to obtain capability SHELL by executing /bin/sh /usr/libexec/postfix/postfix-script.stop. Low severity audit, event is automatically added to the runtime model”

Which runtime host policy rule is the root cause for this runtime audit?

44. Which three options are selectable in a CI policy for image scanning with Jenkins or twistcli? (Choose three.)

45. Which options show the steps required after upgrade of Console?