최신 PCCSE 무료덤프 - Palo Alto Networks Prisma Certified Cloud Security Engineer

문제1

A customer has a requirement to scan serverless functions for vulnerabilities.
Which three settings are required to configure serverless scanning? (Choose three.)

A. Credential

B. Region

C. Console Address

D. Provider

E. Defender Name

정답: A,B,D

설명: (DumpTOP 회원만 볼 수 있음)

문제2

Which RQL query will help create a custom identity and access management (1AM) policy to alert on Lambda functions that have permission to terminate EC2 instances?

A. config from iam where dest.cloud.type = 'AWS' AND source.cloud.service.name = 'lambda' AND source.cloud.resource.type = 'function' AND dest.cloud.service.name = 'ec2' AND action.name =
'ec2:TerminateInstances'

B. config from iam where dest.cloud.type = 'AWS' AND source.cloud.service.name = 'ec2' AND source.cloud.resource.type = 'instance' AND dest.cloud.service.name = 'lambda' AND action.name =
'ec2:TerminateInstances'

C. iam from cloud.resource where cloud.type equals 'AWS' AND cloud.resource.type equals 'lambda function' AND cloud.service.name = 'ec2' AND action.name equals 'ec2:TerminateInstances'

D. iam from cloud.resource where dest.cloud.type = 'AWS' AND source.cloud.service.name = 'lambda' AND source.cloud.resource.type = 'function' AND dest.cloud.service.name = 'ec2' AND action.name =
'ec2:TerminateInstances'

정답: A

문제3

Where can Defender debug logs be viewed? (Choose two.)

A. /var/lib/twistlock/defender.log

B. /var/lib/twistlock/log/defender.log

C. From the Console, Manage > Defenders > Manage > Defenders. Select the Defender from the deployed Defenders list, then click Actions > Logs

D. From the Console, Manage > Defenders > Deploy > Defenders. Select the Defender from the deployed Defenders list, then click Actions > Logs

정답: B,C

설명: (DumpTOP 회원만 볼 수 있음)

문제4

Based on the following information, which RQL query will satisfy the requirement to identify VM hosts deployed to organization public cloud environments exposed to network traffic from the internet and affected by Text4Shell RCE (CVE-2022-42889) vulnerability?
* Network flow logs from all virtual private cloud (VPC) subnets are ingested to the Prisma Cloud Enterprise Edition tenant.
* All virtual machines (VMs) have Prisma Cloud Defender deployed.
A)
B)
C)
D)

A. Option D

B. Option C

C. Option B

D. Option A

정답: D

설명: (DumpTOP 회원만 볼 수 있음)

문제5

While writing a custom RQL with array objects in the investigate page, which type of auto-suggestion a user can leverage?

A. Auto-sugestion for array objects that are useful for comparing between arrays

B. Auto-suggestion for array objects that are useful for categorization of resource parameters

C. Auto-suggestion is not available for array objects

D. Auto-suggestion for array objects that are useful for comparing between array elements

정답: C

설명: (DumpTOP 회원만 볼 수 있음)

문제6

Which two services require external notifications to be enabled for policy violations in the Prisma Cloud environment? (Choose two.)

A. Splunk

B. Email

C. SQS

D. QROC

정답: A,C

설명: (DumpTOP 회원만 볼 수 있음)

문제7

Which three types of buckets exposure are available in the Data Security module? (Choose three.)

A. Public

B. Private

C. Conditional

D. International

E. Differential

정답: A,B,C

설명: (DumpTOP 회원만 볼 수 있음)

문제8

A Prisma Cloud administrator is tasked with pulling a report via API. The Prisma Cloud tenant is located on app2.prismacloud.io.
What is the correct API endpoint?

A. https://api2.prismacloud.io

B. https://api.prismacloud.io

C. https://api2.eu.prismacloud.io

D. httsp://api.prismacloud.cn

정답: A

설명: (DumpTOP 회원만 볼 수 있음)

문제9

Given the following RQL:
event from cloud.audit_logs where operation IN ('CreateCryptoKey', 'DestroyCryptoKeyVersion','v1.compute.disks.createSnapshot')
Which audit event snippet is identified?

A.

B.

C.

정답: C

설명: (DumpTOP 회원만 볼 수 있음)

문제10

Which option identifies the Prisma Cloud Compute Edition?

A. Plugin to Prisma Cloud

B. Downloadable, self-hosted software

C. Package installed with APT

D. Software-as-a-Service (SaaS)

정답: B

설명: (DumpTOP 회원만 볼 수 있음)

문제11

A Prisma Cloud Administrator onboarded an AWS cloud account with agentless scanning enabled successfully to Prisma Cloud. Which item requires deploying defenders to be able to inspect the risk on the onboarded AWS account?

A. Container vulnerability risks

B. Container runtime risks

C. Host vulnerability risks

D. Host compliances risks

정답: B

설명: (DumpTOP 회원만 볼 수 있음)

문제12

Taking which action will automatically enable all severity levels?

A. Navigate to Policies > Settings and ensure all severity levels are checked under "auto-enable default policies.

B. Navigate to Settings > Enterprise Settings and enable all severity levels in the alarm center.

C. Navigate to Settings > Enterprise Settings and ensure all severity levels are checked under "auto-enable default policies.

D. Navigate to Policies > Settings and enable all severity levels in the alarm center.

정답: A

설명: (DumpTOP 회원만 볼 수 있음)

문제13

What is the frequency to create a compliance report? (Choose two.)

A. Recurring

B. One time

C. Weekly

D. Monthly

정답: A,B

설명: (DumpTOP 회원만 볼 수 있음)

문제14

Which RQL will trigger the following audit event activity?

A. event from cloud.audit_logs where operation IN ( 'GetBucketWebsite', 'PutBucketWebsite',
'DeleteBucketWebsite')

B. event from cloud.audit_logs where cloud.service = s3.amazonaws.com' AND json.rule = $.userAgent contains 'parrot1

C. event from cloud.audit_logs where operation IN
('cloudsql.instances.update','cloudsql.sslCerts.create', cloudsql.instances.create','cloudsq

D. event from cloud.audit_logs where operation ConsoleLogin AND user = 'root'

정답: D

설명: (DumpTOP 회원만 볼 수 있음)

문제15

Which step is included when configuring Kubernetes to use Prisma Cloud Compute as an admission controller?

A. create a new namespace in Kubernetes called admission-controller.

B. copy the admission controller configuration from the Console and apply it to Kubernetes.

C. enable Kubernetes auditing from the Defend > Access > Kubernetes page in the Console.

D. copy the Console address and set the config map for the default namespace.

정답: B

설명: (DumpTOP 회원만 볼 수 있음)

문제16

Which role must be assigned to DevOps users who need access to deploy Container and Host Defenders in Compute?

A. Build and Deploy Security

B. Cloud Provisioning Admin

C. System Admin

D. Developer

정답: B

설명: (DumpTOP 회원만 볼 수 있음)

문제17

An administrator has deployed Console into a Kubernetes cluster running in AWS. The administrator also has configured a load balancer in TCP passthrough mode to listen on the same ports as the default Prisma Compute Console configuration.
In the build pipeline, the administrator wants twistcli to talk to Console over HTTPS. Which port will twistcli need to use to access the Prisma Compute APIs?

A. 8081

B. 8084

C. 443

D. 8083

정답: D

설명: (DumpTOP 회원만 볼 수 있음)

문제18

Which component(s), if any, will Palo Alto Networks host and run when a customer purchases Prisma Cloud Enterprise Edition?

A. Jenkins

B. Defenders

C. twistcli

D. Console

정답: D

설명: (DumpTOP 회원만 볼 수 있음)

문제19

A security team has been asked to create a custom policy.
Which two methods can the team use to accomplish this goal? (Choose two.)

A. edit the query in the out-of-the-box policy

B. clone an existing policy

C. add a new policy

D. disable an out-of-the-box policy

정답: B,C

설명: (DumpTOP 회원만 볼 수 있음)

최신 PCCSE 무료덤프 - Palo Alto Networks Prisma Certified Cloud Security Engineer

우리와 연락하기

유용한 링크

최신 업데이트