How should the administrator configure Prisma Cloud Compute to satisfy this requirement?

A customer has a requirement to terminate any Container from image topSecret:latest when a process named ransomWare is executed.

How should the administrator configure Prisma Cloud Compute to satisfy this requirement?
A . set the Container model to manual relearn and set the default runtime rule to block for process protection.
B . set the Container model to relearn and set the default runtime rule to prevent for process protection.
C . add a new runtime policy targeted at a specific Container name, add ransomWare process into the denied process list, and set the action to “prevent”.
D . choose “copy into rule” for the Container, add a ransomWare process into the denied process list, and set the action to “block”.

View Answer

Answer: C

Explanation:

To terminate any Container from the image "topSecret:latest" when a process named "ransomWare" is executed, the administrator should create a new runtime policy in Prisma Cloud Compute specifically targeting the container in question. By adding the "ransomWare" process to the denied process list within this policy and setting the action to "prevent," Prisma Cloud Compute will actively

monitor for the execution of the specified process within the targeted container and take preventive action to terminate the container if the process is detected. This approach allows for precise, targeted security measures that address specific threats identified by the organization, thereby enhancing the overall security posture and protecting sensitive workloads from potential compromise.