Palo Alto Networks PCCSE Prisma Certified Cloud Security Engineer Online Training
Palo Alto Networks PCCSE Online Training
The questions for PCCSE were last updated at Nov 20,2024.
- Exam Code: PCCSE
- Exam Name: Prisma Certified Cloud Security Engineer
- Certification Provider: Palo Alto Networks
- Latest update: Nov 20,2024
A security team is deploying Cloud Native Application Firewall (CNAF) on a containerized web application. The application is running an NGINX container. The container is listening on port 8080 and is mapped to host port 80.
Which port should the team specify in the CNAF rule to protect the application?
- A . 443
- B . 80
- C . 8080
- D . 8888
Which three types of buckets exposure are available in the Data Security module? (Choose three.)
- A . Public
- B . Private
- C . International
- D . Differential
- E . Conditional
The administrator wants to review the Console audit logs from within the Console.
Which page in the Console should the administrator use to review this data, if it can be reviewed at all?
- A . Navigate to Monitor > Events > Host Log Inspection
- B . The audit logs can be viewed only externally to the Console
- C . Navigate to Manage > Defenders > View Logs
- D . Navigate to Manage > View Logs > History
DRAG DROP
What is the order of steps in a Jenkins pipeline scan? (Drag the steps into the correct order of occurrence, from the first step to the last.)
DRAG DROP
What is the order of steps to create a custom network policy? (Drag the steps into the correct order of occurrence, from the first step to the last.)
DRAG DROP
You wish to create a custom policy with build and run subtypes.
Match the query types for each example. (Select your answer from the pull-down list. Answers may be used more than once or not at all.)
Which statement is true regarding CloudFormation templates?
- A . Scan support does not currently exist for nested references, macros, or intrinsic functions.
- B . A single template or a zip archive of template files cannot be scanned with a single API request.
- C . Request-Header-Field ‘cloudformation-version’ is required to request a scan.
- D . Scan support is provided for JSON, HTML and YAML formats.
A customer has a large environment that needs to upgrade Console without upgrading all Defenders at one time.
What are two prerequisites prior to performing a rolling upgrade of Defenders? (Choose two.)
- A . manual installation of the latest twistcli tool prior to the rolling upgrade
- B . all Defenders set in read-only mode before execution of the rolling upgrade
- C . a second location where you can install the Console
- D . additional workload licenses are required to perform the rolling upgrade
- E . an existing Console at version n-1
An administrator sees that a runtime audit has been generated for a Container. The audit message is “DNS resolution of suspicious name wikipedia.com. type A”.
Why would this message appear as an audit?
- A . The DNS was not learned as part of the Container model or added to the DNS allow list.
- B . This is a DNS known to be a source of malware.
- C . The process calling out to this domain was not part of the Container model.
- D . The Layer7 firewall detected this as anomalous behavior.
Which “kind” of Kubernetes object is configured to ensure that Defender is acting as the admission controller?
- A . MutatingWebhookConfiguration
- B . DestinationRules
- C . ValidatingWebhookConfiguration
- D . PodSecurityPolicies
Latest PCCSE Dumps Valid Version with 85 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
