Palo Alto Networks Exam PCCSE Topic 4 Question 89 Discussion

Actual exam question for Palo Alto Networks's PCCSE exam

Question #: 89
Topic #: 4

A customer's Security Operations Center (SOC) team wants to receive alerts from Prisma Cloud via email once a day about all policies that have a violation, rather than receiving an alert every time a new violation occurs.

Which alert rule configuration meets this requirement?

AConfigure an alert rule with all the defaults except selecting email within the 'Alert Notifications' tab and specifying recipient.

BConfigure an alert rule. Under the 'Policies' tab, select 'High Risk Severity Policies.' In the 'Set Alert Notifications' tab, select 'Email > Recurring,' set to repeat every 1 day, and enable 'Email.'

CSet up email integrations under the 'Integrations' tab in 'Settings' and create a notification template.

DConfigure an alert rule. Under the 'Policies' tab, select 'All Policies.' In the 'Set Alert Notifications' tab, select 'Email > Recurring,' set to repeat every 1 day, and then enable 'Email.'

Show Suggested Answer

Suggested Answer: D

To receive daily email alerts for all policy violations, the SOC team should configure an alert rule that encompasses all policies and sets the notification frequency to once per day. This can be achieved by:

Navigating to the ''Policies'' tab within the alert rule configuration and selecting ''All Policies'' to ensure that the rule applies to every policy.

Moving to the ''Set Alert Notifications'' tab and choosing the ''Email'' notification method.

Setting the notification to ''Recurring'' with a frequency of every 1 day.

Enabling the email notification by specifying the recipient's email address.

This configuration ensures that the SOC team will receive a consolidated email once a day that includes information on all policies that have been violated, rather than receiving multiple alerts throughout the day as new violations occur. It allows the team to review the compliance status efficiently and prioritize their response accordingly.

by Dick at Sep 19, 2024, 07:25 PM

Limited Time Offer

25%

Off

Get Premium PCCSE Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Mary

1 months ago

I'm feeling a bit mischievous today, so I'm going to go with C. Who doesn't love a good challenge, right? Plus, it'll look great on my resume if I can figure out the email integration thing.

upvoted 0 times

Alaine

2 days ago

B seems like the best option. It allows for daily email alerts for high-risk severity policies.

upvoted 0 times

...

Lucia

4 days ago

I agree, C is more about setting up email integrations, not configuring alert rules.

upvoted 0 times

...

Cherry

22 days ago

I think C is not the right choice for this requirement.

upvoted 0 times

...

Detra

1 months ago

D all the way! Why complicate things when you can just select 'All Policies' and get the daily email? Gotta love that efficiency.

upvoted 0 times

...

Tawanna

1 months ago

Hmm, I'm not sure about C. Seems like a lot of extra setup with the email integrations and notification templates. I'd go with D for simplicity.

upvoted 0 times

Carmelina

13 days ago

D is the way to go for sure.

upvoted 0 times

...

Kyoko

14 days ago

Yeah, D is straightforward and meets the requirement.

upvoted 0 times

...

An

22 days ago

I agree, D seems like the simplest option.

upvoted 0 times

...

Mari

1 months ago

I'm not sure, but option D also seems like a good choice since it sends daily alerts for all policies, not just high risk severity ones.

upvoted 0 times

...

Jesusita

2 months ago

I think B is the right choice. Focusing on 'High Risk Severity Policies' and setting the email to be recurring daily is a more targeted approach.

upvoted 0 times

...

Solange

2 months ago

Option D seems straightforward and meets the requirement. Selecting 'All Policies' and setting the email notification to repeat daily should do the trick.

upvoted 0 times

Hildred

4 days ago

True, Option B could be a good choice if the SOC team is mainly concerned about high-risk policy violations.

upvoted 0 times

...

Jerry

7 days ago

I think Option B could also work since it allows you to select 'High Risk Severity Policies' specifically for the alerts.

upvoted 0 times

...

Laticia

10 days ago

I agree, Option D sounds like the best choice for receiving daily alerts about policy violations.

upvoted 0 times

...

Nikita

15 days ago

Option D seems straightforward and meets the requirement. Selecting 'All Policies' and setting the email notification to repeat daily should do the trick.

upvoted 0 times

...

Marge

2 months ago

I agree with Virgina, option B seems to meet the requirement effectively by sending daily alerts for specific policies.

upvoted 0 times

...

Virgina

2 months ago

I think option B is the best choice because it allows for daily email alerts for high risk severity policies.

upvoted 0 times

...