config where cloud.type = ‘aws’ AND api.name=’aws-s3api-get-bucket-acl’ AND json.rule="((((acl.grants[? (@.grantee==’AllUsers’)] size > 0) or policyStatus.isPublic is true) and publicAccessBlockConfiguration does not exist) or ((acl.grants[?

An S3 bucket within AWS has generated an alert by violating the Prisma Cloud Default policy “AWS S3 buckets are accessible to public”.

The policy definition follows:

config where cloud.type = ‘aws’ AND api.name=’aws-s3api-get-bucket-acl’ AND json.rule="((((acl.grants[? (@.grantee==’AllUsers’)] size > 0) or policyStatus.isPublic is true) and publicAccessBlockConfiguration does not exist) or ((acl.grants[?(@.grantee==’AllUsers’)] size > 0) and publicAccessBlockConfiguration.ignorePublicAcis is false) or (policyStatus.isPublic is true and publicAccessBlockConfiguration.restrictPublicBuckets is false)) and websiteConfiguration does not exist"

Why did this alert get generated?
A . an event within the cloud account
B . network traffic to the S3 bucket
C . configuration of the S3 bucket
D . anomalous behaviors

Answer: C

Latest PCCSE Dumps Valid Version with 85 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments