PCCSE : Prisma Certified Cloud Security Engineer : Part 02

  1. The security team wants to protect a web application container from an SQLi attack.

    Which type of policy should the administrator create to protect the container?

    • CNAF
    • Runtime
    • Compliance
    • CNNF

    Explanation:

    Reference:

    https://docs.paloaltonetworks.com/prisma/prisma-cloud/20-09/prisma-cloud-compute-edition-admin/firewalls/waas

  2. An S3 bucket within AWS has generated an alert by violating the Prisma Cloud Default policy “AWS S3 buckets are accessible to public”. The policy definition follows:

    config where cloud.type = 'aws' AND api.name='aws-s3api-get-bucket-acl' AND json.rule="((((acl.grants[?(@.grantee=='AllUsers')] size > 0) or policyStatus.isPublic is true) and publicAccessBlockConfiguration does not exist) or ((acl.grants[?(@.grantee=='AllUsers')] size > 0) and publicAccessBlockConfiguration.ignorePublicAcis is false) or (policyStatus.isPublic is true and publicAccessBlockConfiguration.restrictPublicBuckets is false)) and websiteConfiguration does not exist"

    Why did this alert get generated?

    • an event within the cloud account
    • network traffic to the S3 bucket
    • configuration of the S3 bucket
    • anomalous behaviors
  3. DRAG DROP

    Which order of steps map a policy to a custom compliance standard?

    (Drag the steps into the correct order of occurrence, from the first step to the last.)

    PCCSE Prisma Certified Cloud Security Engineer Part 02 Q03 001 Question
    PCCSE Prisma Certified Cloud Security Engineer Part 02 Q03 001 Question
    PCCSE Prisma Certified Cloud Security Engineer Part 02 Q03 001 Answer
    PCCSE Prisma Certified Cloud Security Engineer Part 02 Q03 001 Answer
  4. A customer is interested in PCI requirements and needs to ensure that no privilege containers can start in the environment.

    Which action needs to be set for “do not use privileged containers”?

    • Prevent
    • Alert
    • Block
    • Fail
    Explanation:
    Reference: https://docs.paloaltonetworks.com/content/dam/techdocs/en_US/pdf/prisma/prisma-cloud/prisma-cloud-policy-reference/prisma-cloud-policy-reference.pdf (133)
  5. Given an existing ECS Cluster, which option shows the steps required to install the Console in Amazon ECS?

    • The console cannot natively run in an ECS cluster.
      A onebox deployment should be used.
    • Download and extract the release tarball
      Ensure that each node has its own storage for Console data
      Create the Console task definition
      Deploy the task definition
    • Download and extract release tarball
      Download task from AWS
      Create the Console task definition
      Deploy the task definition
    • Download and extract the release tarball
      Create an EFS file system and mount to each node in the cluster
      Create the Console task definition
      Deploy the task definition
    Explanation:
    Reference:
    https://docs.paloaltonetworks.com/prisma/prisma-cloud/19-11/prisma-cloud-compute-edition-admin/install/install_amazon_ecs.html
  6. Which options show the steps required to upgrade Console when using projects?

    • Upgrade all Supervisor Consoles
      Upgrade Central Console
    • Upgrade Central Console
      Upgrade Central Console Defenders
    • Upgrade Defender
      Upgrade Central Console
      Upgrade Supervisor Consoles
    • Upgrade Central Console
      Upgrade all Supervisor Consoles
    Explanation:
    Reference:
    https://docs.paloaltonetworks.com/prisma/prisma-cloud/20-09/prisma-cloud-compute-edition-admin/upgrade/upgrade_process.html
  7. A customer has Prisma Cloud Enterprise and host Defenders deployed.

    What are two options that allow an administrator to upgrade Defenders? (Choose two.)

    • with auto-upgrade, the host Defender will auto-upgrade.
    • auto deploy the Lambda Defender.
    • click the update button in the web-interface.
    • generate a new DaemonSet file.
  8. Which intensity setting for anomaly alerts is used for the measurement of 100 events over 30 days?

    • High
    • Medium
    • Low
    • Very High
    Explanation:
    Reference:
    https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/manage-prisma-cloud-administrators/define-prisma-cloud-enterprise-settings.html
  9. Given this information:
    – The Console is located at https://prisma-console.mydomain.local
    – The username is: cluster
    – The password is: password123
    – The image to scan is: myimage:latest

    Which twistcli command should be used to scan a Container for vulnerabilities and display the details about each vulnerability?

    • twistcli images scan --console-address https://prisma-console.mydomain.local -u cluster -p password123 --details myimage:latest
    • twistcli images scan --console-address prisma-console.mydomain.local -u cluster -p password123 --vulnerability-details myimage:latest
    • twistcli images scan --address prisma-console.mydomain.local -u cluster -p password123 --vulnerability-details myimage:latest
    • twistcli images scan --address https://prisma-console.mydomain.local -u cluster -p password123 --details myimage:latest
    Explanation:
    Reference:
    https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/tools/twistcli_scan_images
  10. The development team wants to block Cross Site Scripting attacks from pods in its environment.

    How should the team construct the CNAF policy to protect against this attack?

    • create a Host CNAF policy, targeted at a specific resource, check the box for XSS attack protection, and set the action to “prevent”.
    • create a Container CNAF policy, targeted at a specific resource, check the box for XSS attack protection, and set the action to alert.
    • create a Container CNAF policy, targeted at a specific resource, check the box for XSS protection, and set the action to prevent.
    • create a Container CNAF policy, targeted at a specific resource, and they should set “Explicitly allowed inbound IP sources” to the IP address of the pod.
  11. The Prisma Cloud administrator has configured a new policy.

    Which steps should be used to assign this policy to a compliance standard?

    • Edit the policy, go to step 3 (Compliance Standards), click + at the bottom, select the compliance standard, fill in the other boxes, and then click Confirm.
    • Create the Compliance Standard from Compliance tab, and then select Add to Policy.
    • Open the Compliance Standards section of the policy, and then save.
    • Custom policies cannot be added to existing standards.
    Explanation:
    Reference:
    https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/prisma-cloud-policies/create-a-policy.html
  12. An administrator wants to install the Defenders to a Kubernetes cluster. This cluster is running the console on the default service endpoint and will be exporting to YAML.

    – Console Address: $CONSOLE_ADDRESS
    – Websocket Address: $WEBSOCKET_ADDRESS
    – User: $ADMIN_USER

    Which command generates the YAML file for Defender install?

    • <PLATFORM>/twistcli defender \
      
      --address $CONSOLE_ADDRESS \
      
      --user $ADMIN_USER \
      
      --cluster-address $CONSOLE_ADDRESS
    • <PLATFORM>/twistcli defender export kubernetes \
      
      --address $WEBSOCKET_ADDRESS \
      
      --user $ADMIN_USER \
      
      --cluster-address $CONSOLE_ADDRESS
    • <PLATFORM>/twistcli defender YAML kubernetes \
      
      --address $CONSOLE_ADDRESS \
      
      --user $ADMIN_USER \
      
      --cluster-address $WEBSOCKET_ADDRESS
    • <PLATFORM>/twistcli defender export kubernetes \
      --address $CONSOLE_ADDRESS \
      --user $ADMIN_USER \
      --cluster-address $WEBSOCKET_ADDRESS
    Explanation:
    Reference:
    https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/install/install_kubernetes.html
  13. Which options show the steps required after upgrade of Console?

    • Uninstall Defenders
      Upgrade Jenkins Plugin
      Upgrade twistcli where applicable
      Allow the Console to redeploy the Defender
    • Update the Console image in the Twistlock hosted registry
      Update the Defender image in the Twistlock hosted registry
      Uninstall Defenders
    • Upgrade Defenders
      Upgrade Jenkins Plugin
      Upgrade twistcli where applicable
    • Update the Console image in the Twistlock hosted registry
      Update the Defender image in the Twistlock hosted registry
      Redeploy Console
  14. An organization wants to be notified immediately to any “High Severity” alerts for the account group “Clinical Trials” via Slack.

    Which option shows the steps the organization can use to achieve this goal?

    • 1. Configure Slack Integration
      2. Create an alert rule and select “Clinical Trials” as the account group
      3. Under the “Select Policies” tab, filter on severity and select “High”
      4. Under the Set Alert Notification tab, choose Slack and populate the channel
      5. Set Frequency to “As it Happens”
    • 1. Create an alert rule and select “Clinical Trials” as the account group
      2. Under the “Select Policies” tab, filter on severity and select “High”
      3. Under the Set Alert Notification tab, choose Slack and populate the channel
      4. Set Frequency to “As it Happens”
      5. Set up the Slack Integration to complete the configuration
    • 1. Configure Slack Integration
      2. Create an alert rule
      3. Under the “Select Policies” tab, filter on severity and select “High”
      4. Under the Set Alert Notification tab, choose Slack and populate the channel
      5. Set Frequency to “As it Happens”
    • 1. Under the “Select Policies” tab, filter on severity and select “High”
      2. Under the Set Alert Notification tab, choose Slack and populate the channel
      3. Set Frequency to “As it Happens”
      4. Configure Slack Integration
      5. Create an Alert rule
  15. A business unit has acquired a company that has a very large AWS account footprint. The plan is to immediately start onboarding the new company’s AWS accounts into Prisma Cloud Enterprise tenant immediately. The current company is currently not using AWS Organizations and will require each account to be onboarded individually.

    The business unit has decided to cover the scope of this action and determined that a script should be written to onboard each of these accounts with general settings to gain immediate posture visibility across the accounts.

    Which API endpoint will specifically add these accounts into the Prisma Cloud Enterprise tenant?

    • https://api.prismacloud.io/cloud/
    • https://api.prismacloud.io/account/aws
    • https://api.prismacloud.io/cloud/aws
    • https://api.prismacloud.io/accountgroup/aws
  16. A security team has a requirement to ensure the environment is scanned for vulnerabilities.

    What are three options for configuring vulnerability policies? (Choose three.)

    • individual actions based on package type
    • output verbosity for blocked requests
    • apply policy only when vendor fix is available
    • individual grace periods for each severity level
    • customize message on blocked requests
    Explanation:
    Reference:
    https://docs.paloaltonetworks.com/prisma/prisma-cloud/19-11/prisma-cloud-compute-edition-admin/vulnerability_management/vuln_management_rules.html
  17. The Unusual protocol activity (Internal) network anomaly is generating too many alerts. An administrator has been asked to tune it to the option that will generate the least number of events without disabling it entirely.

    Which strategy should the administrator use to achieve this goal?

    • Disable the policy
    • Set the Alert Disposition to Conservative
    • Change the Training Threshold to Low
    • Set Alert Disposition to Aggressive
    Explanation:
    Reference:
    https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/prisma-cloud-policies/anomaly-policies.html
  18. What is the behavior of Defenders when the Console is unreachable during upgrades?

    • Defenders continue to alert, but not enforce, using the policies and settings most recently cached before upgrading the Console.
    • Defenders will fail closed until the web-socket can be re-established.
    • Defenders will fail open until the web-socket can be re-established.
    • Defenders continue to alert and enforce using the policies and settings most recently cached before upgrading the Console.
    Explanation:
    Reference:
    https://docs.paloaltonetworks.com/prisma/prisma-cloud/20-09/prisma-cloud-compute-edition-admin/upgrade/upgrade_process.html
  19. How are the following categorized?

    – Backdoor account access

    – Hijacked processes

    – Lateral movement

    – Port scanning

    • audits
    • incidents
    • admission controllers
    • models
  20. DRAG DROP

    An administrator needs to write a script that automatically deactivates access keys that have not been used for 30 days.

    In which order should the API calls be used to accomplish this task?

    (Drag the steps into the correct order from the first step to the last.)

    PCCSE Prisma Certified Cloud Security Engineer Part 02 Q20 002 Question
    PCCSE Prisma Certified Cloud Security Engineer Part 02 Q20 002 Question
    PCCSE Prisma Certified Cloud Security Engineer Part 02 Q20 002 Answer
    PCCSE Prisma Certified Cloud Security Engineer Part 02 Q20 002 Answer
Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments