최신 PCCSE 무료덤프 - Palo Alto Networks Prisma Certified Cloud Security Engineer

문제1

Which options show the steps required to upgrade Console when using projects?

A. Upgrade Central Console Upgrade all Supervisor Consoles

B. Upgrade Central Console
Upgrade Central Console Defenders

C. Upgrade Defender Upgrade Central Console
Upgrade Supervisor Consoles

D. Upgrade all Supervisor Consoles Upgrade Central Console

정답: D

설명: (DumpTOP 회원만 볼 수 있음)

문제2

In Azure, what permissions need to be added to Management Groups to allow Prisma Cloud to calculate net effective permissions?

A. Microsoft.Management/managementGroups/descendants/calculate

B. PaloAltoNetworks.PrismaCloud/managementGroups/descendants/read

C. PaloAltoNetworks.PrismaCloud/managementGroups/

D. Microsoft.Management/managementGroups/descendants/read

정답: D

설명: (DumpTOP 회원만 볼 수 있음)

문제3

What is the correct method for ensuring key-sensitive data related to SSNs and credit card numbers cannot be viewed in Dashboard > Data view during investigations?

A. Go to Settings > Data > Snippet Masking and select Full Mask.

B. Go to Settings > Cloud Accounts > Edit Cloud Account > Assign Account Group and select a group with limited permissions.

C. Go to Settings > Data > Data Patterns, search for SSN Pattern, edit it, and modify the proximity keywords.

D. Go to Policies > Data > Clone > Modify Objects containing Financial Information publicly exposed and change the file exposure to Private.

정답: A

설명: (DumpTOP 회원만 볼 수 있음)

문제4

What is a benefit of the Cloud Discovery feature?

A. It helps engineers find all cloud-native services being used only on AWS.

B. It enables engineers to continuously monitor all accounts and report on the services that are unprotected.

C. It does not require any specific permissions to be granted before use.

D. It offers coverage for serverless functions on AWS only.

정답: B

설명: (DumpTOP 회원만 볼 수 있음)

문제5

The InfoSec team wants to be notified via email each time a Security Group is misconfigured. Which Prisma Cloud tab should you choose to complete this request?

A. Alert Rules

B. Policies

C. Notifications

D. Events

정답: A

설명: (DumpTOP 회원만 볼 수 있음)

문제6

Which statement applies to Adoption Advisor?

A. It only provides guidance during the deploy phase of the application lifecycle.

B. It is only available for organizations that have completed the cloud adoption journey.

C. It includes security capabilities from subscriptions for CSPM, CWP, CCS, OEM, and Data Security.

D. It helps adopt security capabilities at a fixed pace regardless of the organization's needs.

정답: C

설명: (DumpTOP 회원만 볼 수 있음)

문제7

An administrator wants to retrieve the compliance policies for images scanned in a continuous integration (CI) pipeline.
Which endpoint will successfully execute to enable access to the images via API?

A. GET /api/v22.01/policies/compliance/ci

B. GET /api/v22.01/policies/compliance

C. GET /api/v22.01/policies/compliance/ci/serverless

D. GET /api/v22.01/policies/compliance/ci/images

정답: D

설명: (DumpTOP 회원만 볼 수 있음)

문제8

An administrator sees that a runtime audit has been generated for a container.
The audit message is:
"/bin/ls launched and is explicitly blocked in the runtime rule. Full command: ls -latr" Which protection in the runtime rule would cause this audit?

A. Container

B. File systems

C. Networking

D. Processes

정답: D

설명: (DumpTOP 회원만 볼 수 있음)

문제9

Which two information types cannot be seen in the data security dashboard? (Choose two).

A. Top Publicly Exposed Objects By Data Profile

B. Object content

C. Bucket owner

D. Object Data Profile by Region

E. Total objects

정답: B,C

설명: (DumpTOP 회원만 볼 수 있음)

문제10

A customer has serverless functions that are deployed in multiple clouds.
Which serverless cloud provider is covered be "overly permissive service access" compliance check?

A. Azure

B. AWS

C. Alibaba

D. GCP

정답: B

문제11

Match the service on the right that evaluates each exposure type on the left.
(Select your answer from the pull-down list. Answers may be used more than once or not at all.)

정답:

문제12

What is the primary purpose of Prisma Cloud Code Security?

A. To triage alerts and incidents in realtime during deployment

B. To offer instant feedback on application performance issues and bottlenecks

C. To address cloud infrastructure misconfigurations in code before they become alerts or incidents

D. To provide a platform for developers to create custom security policies for applications

정답: C

설명: (DumpTOP 회원만 볼 수 있음)

문제13

Which three platforms support the twistcli tool? (Choose three.)

A. Linux

B. Solaris

C. MacOS

D. Windows

E. Android

정답: A,C,D

설명: (DumpTOP 회원만 볼 수 있음)

문제14

A customer is reviewing Container audits, and an audit has identified a cryptominer attack. Which three options could have generated this audit? (Choose three.)

A. Common cryptominer process name was found.

B. High CPU usage over time for the container is detected.

C. Common cryptominer port usage was found.

D. The value of the mined currency exceeds $100.

E. The mined currency is associated with a user token.

정답: A,B,C

설명: (DumpTOP 회원만 볼 수 있음)

문제15

What is the purpose of Incident Explorer in Prisma Cloud Compute under the "Monitor" section?

A. To identify and suppress all audit events generated by the defender

B. To store large amounts of forensic data on the host where Console runs to enable a more rapid and effective response to incidents

C. To correlate individual events to identify potential attacks and provide a sequence of process, file system, and network events for a comprehensive view of an incident

D. To sort through large amounts of audit data manually in order to identify developing attacks

정답: C

설명: (DumpTOP 회원만 볼 수 있음)

문제16

Which data storage type is supported by Prisma Cloud Data Security?

A. Oracle Object Storage

B. IBM Cloud Object Storage

C. AWS S3 buckets

D. Google storage class

정답: C

설명: (DumpTOP 회원만 볼 수 있음)

문제17

Match the correct scanning mode for each given operation.
(Select your answer from the pull-down list. Answers may be used more than once or not at all.)

정답:

Explanation:
* Create SNS Topic Triggers: No data security scan
* Select an S3 bucket: Forward Scan only
* Select an S3 bucket with existing files: Forward or Backward Scan
* Link an S3 logging to CloudTrail: Backward Scan only
The scanning mode for Data Security in AWS typically depends on the configuration and the desired outcomes for monitoring and protecting data within S3 buckets.
Creating SNS Topic Triggers is a configuration step that does not directly involve scanning. It is part of setting up notifications for events in S3 buckets, but on its own, it does not initiate a data security scan.
Selecting an S3 bucket without specifying existing files typically implies that you intend to scan new objects as they are added to the bucket, which is known as a Forward Scan. This mode is proactive and scans files upon their arrival in the bucket.
When you select an S3 bucket with existing files, you can perform either Forward Scanning for new files or Backward Scanning to scan all existing files in the bucket. This option provides the most comprehensive scanning coverage for both new and existing data.
Linking an S3 logging to CloudTrail is usually a step taken to monitor access and changes to S3 resources. In the context of scanning, linking S3 to CloudTrail does not initiate a scan, but the CloudTrail logs can be used to trigger a Backward Scan if configured to do so, which scans historical files in the bucket based on CloudTrail events.

최신 PCCSE 무료덤프 - Palo Alto Networks Prisma Certified Cloud Security Engineer

우리와 연락하기

유용한 링크

최신 업데이트