PCCSE

Given the following RQL: event from cloud.audit_logs where operation IN (‘CreateCryptoKey’, ‘DestroyCryptoKeyVersion’, ‘v1.compute.disks.createSnapshot’) Which audit event snippet is identified? A) B) C) D) A . Option AB . Option BC . Option CD . Option DView AnswerAnswer: A Explanation: Reference: https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-rql-reference/rql-reference/event-query/event-query-attributes.html#id192IG500ES0

Which type of compliance check is available for rules under Defend > Compliance > Containers and Images > CI?A . HostB . ContainerC . FunctionsD . ImageView AnswerAnswer: B Explanation: Reference: https://docs.twistlock.com/docs/enterprise_edition/compliance/manage_compliance.html

The development team wants to fail CI jobs where a specific CVE is contained within the image . How should the development team configure the pipeline or policy to produce this outcome?A . Set the specific CVE exception as an option in Jenkins or twistcli.B . Set the specific CVE...

What is an automatically correlated set of individual events generated by the firewall and runtime sensors to identify unfolding attacks?A . policyB . incidentC . auditD . anomalyView AnswerAnswer: B Explanation: Reference: https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/runtime_defense/incident_explorer.html

An S3 bucket within AWS has generated an alert by violating the Prisma Cloud Default policy “AWS S3 buckets are accessible to public”. The policy definition follows: config where cloud.type = 'aws' AND api.name='aws-s3api-get-bucket-acl' AND json.rule="((((acl.grants[? (@.grantee=='AllUsers')] size > 0) or policyStatus.isPublic is true) and publicAccessBlockConfiguration does not exist) or...

DRAG DROP An administrator needs to write a script that automatically deactivates access keys that have not been used for 30 days. In which order should the API calls be used to accomplish this task? (Drag the steps into the correct order from the first step to the last.) Select...

A customer wants to monitor the company’s AWS accounts via Prisma Cloud, but only needs the resource configuration to be monitored for now. Which two pieces of information do you need to onboard this account? (Choose two.)A . CloudtrailB . Subscription IDC . Active Directory IDD . External IDE ....

Which three types of classifications are available in the Data Security module? (Choose three.)A . Personally identifiable informationB . Malicious IPC . Compliance standardD . Financial informationE . MalwareView AnswerAnswer: A,D,E Explanation: https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/prisma-cloud-data-security.html

Which statement accurately characterizes SSO Integration on Prisma Cloud?A . Prisma Cloud supports IdP initiated SSO, and its SAML endpoint supports the POST and GET methods.B . Okta, Azure Active Directory, PingID, and others are supported via SAMD . An administrator can configure different Identity Providers (IdP) for all the...

The compliance team needs to associate Prisma Cloud policies with compliance frameworks . Which option should the team select to perform this task?A . Custom ComplianceB . PoliciesC . ComplianceD . Alert RulesView AnswerAnswer: B Explanation: Reference: https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/prisma-cloud- compliance/compliance-dashboard.html