PCCSE V4

DRAG DROP An administrator has been tasked with creating a custom service that will download any existing compliance report from a Prisma Cloud Enterprise tenant. In which order will the APIs be executed for this service? (Drag the steps into the correct order of occurrence, from the first step to...

One of the resources on the network has triggered an alert for a Default Config policy. Given the following resource JSON snippet: Which RQL detected the vulnerability? A) B) C) D) A . Option AB . Option BC . Option CD . Option DView AnswerAnswer: B Explanation: The correct RQL...

An administrator sees that a runtime audit has been generated for a host. The audit message is: “Service postfix attempted to obtain capability SHELL by executing /bin/sh /usr/libexec/postfix/postfix- script.stop. Low severity audit, event is automatically added to the runtime model” Which runtime host policy rule is the root cause for...

A customer has configured the JIT, and the user created by the process is trying to log in to the Prisma Cloud console. The user encounters the following error message: What is the reason for the error message?A . The attribute name is not set correctly in JIT settings.B ....

A security team has a requirement to ensure the environment is scanned for vulnerabilities. What are three options for configuring vulnerability policies? (Choose three.)A . individual actions based on package typeB . output verbosity for blocked requestsC . apply policy only when vendor fix is availableD . individual grace periods...

Which options show the steps required after upgrade of Console?A . Uninstall Defenders Upgrade Jenkins Plugin Upgrade twistcli where applicable Allow the Console to redeploy the DefenderB . Update the Console image in the Twistlock hosted registry Update the Defender image in the Twistlock hosted registry Uninstall DefendersC . Upgrade...

Review this admission control policy: match[{"msg": msg}] { input.request.operation == "CREATE" input.request.kind.kind == "Pod" input.request.resource.resource == "pods" input.request.object.spec.containers[_].securityContext.privileged msg := "Privileged" } Which response to this policy will be achieved when the effect is set to “block”?A . The policy will block all pods on a Privileged host.B . The...

Which two processes ensure that builds can function after a Console upgrade? (Choose two.)A . allowing Jenkins to automatically update the pluginB . updating any build environments that have twistcli included to use the latest versionC . configuring build pipelines to download twistcli at the start of each buildD ....

The security auditors need to ensure that given compliance checks are being run on the host. Which option is a valid host compliance policy?A . Ensure functions are not overly permissive.B . Ensure host devices are not directly exposed to containers.C . Ensure images are created with a non-root user.D...

Which container image scan is constructed correctly?A . twistcli images scan --docker-address https://us-west1.cloud.twistlock.com/us-3-123456789 myimage/latestB . twistcli images scan --address https://us-west1.cloud.twistlock.com/us-3-123456789 myimage/latestC . twistcli images scan --address https://us-west1.cloud.twistlock.com/us-3-123456789 --container myimage/latestD . twistcli images scan --address https://us-west1.cloud.twistlock.com/us-3-123456789 --container myimage/latest --detailsView AnswerAnswer: B Explanation: The correct construction for scanning a container image using...