Download Palo Alto Networks.PCCSE.VCEplus.2021-05-15.76q.vcex

Download Exam

File Info

Exam Prisma Certified Cloud Security Engineer
Number PCCSE
File Name Palo Alto Networks.PCCSE.VCEplus.2021-05-15.76q.vcex
Size 72 KB
Posted May 15, 2021
Download Palo Alto Networks.PCCSE.VCEplus.2021-05-15.76q.vcex

How to open VCEX & EXAM Files?

Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.

Download
ProfExam Simulator

Purchase

Coupon: MASTEREXAM
With discount: 20%





Demo Questions

Question 1

Given a default deployment of Console, a customer needs to identify the alerted compliance checks that are set by default.  
Where should the customer navigate in Console?


  1. Monitor > Compliance
  2. Defend > Compliance
  3. Manage > Compliance
  4. Custom > Compliance
Correct answer: B
Explanation:
Reference: https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/compliance/manage_compliance.html
Reference: https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/compliance/manage_compliance.html



Question 2

Which container scan is constructed correctly?


  1. twistcli images scan -u api -p api --address https://us-west1.cloud.twistlock.com/us-3-123456789 --container myimage/latest
  2. twistcli images scan --docker-address https://us-west1.cloud.twistlock.com/us-3-123456789 myimage/latest
  3. twistcli images scan -u api -p api --address https://us-west1.cloud.twistlock.com/us-3-123456789 --details myimage/latest
  4. twistcli images scan -u api -p api --docker-address https://us-west1.cloud.twistlock.com/us-3-123456789 myimage/latest  
Correct answer: B



Question 3

The development team wants to fail CI jobs where a specific CVE is contained within the image.  
How should the development team configure the pipeline or policy to produce this outcome?


  1. Set the specific CVE exception as an option in Jenkins or twistcli.
  2. Set the specific CVE exception as an option in Defender running the scan.
  3. Set the specific CVE exception as an option using the magic string in the Console.
  4. Set the specific CVE exception in Console’s CI policy.
Correct answer: C



Question 4

Which three types of classifications are available in the Data Security module? (Choose three.)


  1. Personally identifiable information
  2. Malicious IP
  3. Compliance standard
  4. Financial information  
  5. Malware
Correct answer: CDE



Question 5

A customer has a requirement to terminate any Container from image topSecret:latest when a process named ransomWare is executed.  
How should the administrator configure Prisma Cloud Compute to satisfy this requirement?


  1. set the Container model to manual relearn and set the default runtime rule to block for process protection.
  2. set the Container model to relearn and set the default runtime rule to prevent for process protection.
  3. add a new runtime policy targeted at a specific Container name, add ransomWare process into the denied process list, and set the action to “prevent”.
  4. choose “copy into rule” for the Container, add a ransomWare process into the denied process list, and set the action to “block”.
Correct answer: C



Question 6

Which statement is true about obtaining Console images for Prisma Cloud Compute Edition?  


  1. To retrieve Prisma Cloud Console images using basic auth: 
    1. Access registry.paloaltonetworks.com, and authenticate using ‘docker login’.  
    2. Retrieve the Prisma Cloud Console images using ‘docker pull’. 
  2. To retrieve Prisma Cloud Console images using basic auth: 
    1. Access registry.twistlock.com, and authenticate using ‘docker login’.  
    2. Retrieve the Prisma Cloud Console images using ‘docker pull’.
  3. To retrieve Prisma Cloud Console images using URL auth: 
    1. Access registry-url-auth.twistlock.com, and authenticate using the user certificate.  
    2. Retrieve the Prisma Cloud Console images using ‘docker pull’. 
  4. To retrieve Prisma Cloud Console images using URL auth: 
    1. Access registry-auth.twistlock.com, and authenticate using the user certificate.  
    2. Retrieve the Prisma Cloud Console images using ‘docker pull’.
Correct answer: B
Explanation:
Reference: https://docs.twistlock.com/docs/compute_edition/install/twistlock_container_images.html#retrieving-prisma-cloud-images-using-basic-auth
Reference: https://docs.twistlock.com/docs/compute_edition/install/twistlock_container_images.html#retrieving-prisma-cloud-images-using-basic-auth



Question 7

Which two statements are true about the differences between build and run config policies? (Choose two.)


  1. Run and Network policies belong to the configuration policy set.
  2. Build and Audit Events policies belong to the configuration policy set.
  3. Run policies monitor resources, and check for potential issues after these cloud resources are deployed.
  4. Build policies enable you to check for security misconfigurations in the IaC templates and ensure that these issues do not get into production.
  5. Run policies monitor network activities in your environment, and check for potential issues during runtime.
Correct answer: BE



Question 8

A security team notices a number of anomalies under Monitor > Events. The incident response team works with the developers to determine that these anomalies are false positives.  
What will be the effect if the security team chooses to Relearn on this image?


  1. The model is deleted, and Defender will relearn for 24 hours.
  2. The anomalies detected will automatically be added to the model.
  3. The model is deleted and returns to the initial learning state.
  4. The model is retained, and any new behavior observed during the new learning period will be added to the existing model.
Correct answer: B
Explanation:
Reference: https://digitalguardian.com/blog/five-steps-incident-response
Reference: https://digitalguardian.com/blog/five-steps-incident-response



Question 9

A customer does not want alerts to be generated from network traffic that originates from trusted internal networks.  
Which setting should you use to meet this customer’s request?


  1. Trusted Login IP Addresses
  2. Anomaly Trusted List
  3. Trusted Alert IP Addresses
  4. Enterprise Alert Disposition
Correct answer: C
Explanation:
Reference: https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/manage-prisma-cloud-alerts/trusted-ip-addresses-on-prisma-cloud.html
Reference: https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/manage-prisma-cloud-alerts/trusted-ip-addresses-on-prisma-cloud.html



Question 10

A DevOps lead reviewed some system logs and notices some odd behavior that could be a data exfiltration attempt. 
The DevOps lead only has access to vulnerability data in Prisma Cloud Compute, so the DevOps lead passes this information to SecOps.  
Which pages in Prisma Cloud Compute can the SecOps lead use to investigate the runtime aspects of this attack?


  1. The SecOps lead should investigate the attack using Vulnerability Explorer and Runtime Radar.
  2. The SecOps lead should use Incident Explorer and Compliance Explorer.
  3. The SecOps lead should use the Incident Explorer page and Monitor > Events > Container Audits.
  4. The SecOps lead should review the vulnerability scans in the CI/CD process to determine blame.
Correct answer: B
Explanation:
Reference: https://docs.paloaltonetworks.com/prisma/prisma-cloud/19-11/prisma-cloud-compute-edition-admin/runtime_defense/incident_explorer.html
Reference: https://docs.paloaltonetworks.com/prisma/prisma-cloud/19-11/prisma-cloud-compute-edition-admin/runtime_defense/incident_explorer.html









CONNECT US

Facebook

Twitter

PROFEXAM WITH A 20% DISCOUNT

You can buy ProfExam with a 20% discount!

Get Now!


HOW TO OPEN VCEX FILES

Use ProfExam Simulator to open VCEX files