Free Palo Alto Networks PCCSE Exam Dumps and PCCSE Exam Questions

Question No: 21

MultipleChoice

The security team wants to target a CMAF policy for specific running Containers How should the administrator scope the policy to target the Containers?

Options

Ascope the policy to Image names

Bscope the policy to namespaces

Cscope the policy to Defender names.

Dscope the policy to Host names

Question No: 22

MultipleChoice

Given this information:

The password is: password123

The image to scan is: myimage:latest

Which twistcli command should be used to scan a Container for vulnerabilities and display the details about each vulnerability?

Options

Atwistcli images scan --console-address https://prisma-console.mydomain.local -u cluster -p password123 -- details myimage:latest

Btwistcli images scan --console-address prisma-console.mydomain.local -u cluster -p password123 -- vulnerability-details myimage:latest

Ctwistcli images scan --address prisma-console.mydomain.local -u cluster -p password123 --vulnerability- details myimage:latest

Dtwistcli images scan --address https://prisma-console.mydomain.local -u cluster -p password123 --details myimage:latest

Question No: 23

MultipleChoice

Review this admission control policy:

Which response to this policy will be achieved when the effect is set to "block"?

Options

AThe policy will replace Defender with a privileged Defender

BThe policy will block the creation of a privileged pod

CThe policy will block all pods on a Privileged host

DThe policy will alert only the administrator when a privileged pod is created

Question No: 24

MultipleChoice

What are two ways to scan container images in Jenkins pipelines? (Choose two )

Options

ACompute Jenkins plugin

BJenkins Docker plugin

CCompute Azure DevOps plugin

DPrisma Cloud Visual Studio Code plugin with Jenkins integration

Etwistcli

Question No: 25

MultipleChoice

The security team wants to protect a web application container from an SQLi attack? Which type of policy should the administrator create to protect the container?

Options

ACompliance

BRuntime

CCNAF

DCNNF

Question No: 26

MultipleChoice

An administrator sees that a runtime audit has been generated for a Container The audit message is DNS resolution of suspicious name wikipedia.com. type A".

Why would this message appear as an audit?

Options

AThe Layer7 firewall detected this as anomalous behavior

BThis is a DNS known to be a source of malware

CThe process calling out to this domain was not part of the Container model.

DThe DNS was not learned as part of the Container model or added to the DNS allow list

Question No: 27

MultipleChoice

A S3 bucket within AWS has generated an alert by violating the Prisma Cloud Default policy "AWS S3 buckets are accessible to public" The policy definition follows:

config where cloud type = 'aws' AND api name='aws-s3api-get-bucket-acr AND json.rule="((((acl grants{?(@ grantee='AllUsers')] size > 0) or policyStatusisPubiic is true) and publicAccessBlockConfiguration does not exist) or ((ad.grantsp(@ grantee=='AII Users')] size > 0) and publicAccessBlockConfiguration ignorePubhcAds is false) or (policyStatus isPublic is true and publicAccessBlockConfiguration.restrictPublicBuckets is false)) and websiteConfiguration does not exist" Why did this alert get generated?

Options

Aanomalous behaviors

Bnetwork traffic to the S3 bucket

Cconfiguration of the S3 bucket

Dan event within the cloud account

Question No: 28

MultipleChoice

Which three types of bucket exposure are available in the Data Security module? (Choose three.)

Options

ADifferential

BPublic

CConditional

DPrivate

EInternational

Question No: 29

MultipleChoice

Which "kind" of Kubernetes object that is configured to ensure that Defender is acting as the admission controller?

Options

APodSecurityPolicies

BDestinationRules

CValidatingWebhookConfiguration

DMutatingWebhookConfiguration

Question No: 30

MultipleChoice

Which component(s), if any will Palo Alto Networks host and run when a customer purchases Prisma Cloud Enterprise Edition?

Options

ADefenders

Btwistcli

CConsole

DJenkins