Which pages in Prisma Cloud Compute can the SecOps lead use to investigate the runtime aspects of this attack?

PCCSE V4 0 Comments

A DevOps lead reviewed some system logs and notices some odd behavior that could be a data exfiltration attempt. The DevOps lead only has access to vulnerability data in Prisma Cloud Compute, so the DevOps lead passes this information to SecOps.

Which pages in Prisma Cloud Compute can the SecOps lead use to investigate the runtime aspects of this attack?
A . The SecOps lead should investigate the attack using Vulnerability Explorer and Runtime Radar.
B . The SecOps lead should use Incident Explorer and Compliance Explorer.
C . The SecOps lead should use the Incident Explorer page and Monitor > Events > Container Audits.
D . The SecOps lead should review the vulnerability scans in the CI/CD process to determine blame.

Answer: C

Explanation:

To investigate the runtime aspects of a potential data exfiltration attempt, the SecOps lead in Prisma Cloud Compute should focus on areas that provide insights into runtime activity and potential threats.

C. The SecOps lead should use the Incident Explorer page and Monitor > Events > Container Audits. These sections provide detailed information on security incidents and container-level activities, enabling a thorough investigation into the runtime behavior that might indicate a security issue.

Latest PCCSE Dumps Valid Version with 85 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download PCCSE PDF     PCCSE Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments