PSE Prisma Cloud
Which two RQL operators can be used to parse through JSON arrays? (Choose two.) Select All Correct Responses ? # % @
# @
What handles scanning of the container registry?
A defender, or a pool of defenders
Which three cloud service providers are supported with a Prisma Cloud and Tenable integration? (Choose three.) OCI AWS GCP Azure Alibaba Cloud
AWS GCP Azure
Which two integrations support outbound alert notifications? (Choose two.) AWS SQS AWS Inspector Splunk Tenable
AWS SQS Splunk
Which operation can be performed from Settings > Access Keys? Secret Key can be updated Access Key can be updated Secret Key can be displayed for a previously created key Access Key can be imported
Access Key can be updated
Which two requirements are needed for automatic remediation? (Choose two.) Alert rule that includes a policy that supports remediation Policy that incorporates CLI commands that can remediate a policy violation Cloud account role with read permissions System admin account configured for Prisma Cloud
Alert rule that includes a policy that supports remediation Policy that incorporates CLI commands that can remediate a policy violation
Which type of authentication token is used for API calls? OAuth 2.0 Bearer Token API Key Digest Auth
Bearer Token
What is the principle of least privilege? All users are set to a minimum default privilege when their accounts are created. Only a limited number of users can set user privileges. All users have only the minimum level of access needed to perform their job functions. To ensure that no users have too little privilege.
All users have only the minimum level of access needed to perform their job functions.
Which two integrations are performed during the cloud account onboarding process in Prisma Cloud? (Choose two.) Jira Amazon GuardDuty Amazon Inspector PagerDuty
Amazon GuardDuty Amazon Inspector
Which statement accurately describes the integration between Prisma Cloud and Amazon GuardDuty? Amazon GuardDuty is not supported in Prisma Cloud. Amazon GuardDuty integration is performed during the Prisma Cloud onboarding process. Amazon GuardDuty requires an SSO connection to integrate into Prisma Cloud. Amazon GuardDuty requires read and write access into Prisma Cloud.
Amazon GuardDuty integration is performed during the Prisma Cloud onboarding process.
Which is an example of an external integration that performs an inbound (pull) of data into Prisma Cloud? Amazon GuardDuty Amazon SQS Amazon EC2 AWS Security Hub
Amazon Guardduty
IAM is under which area of the Prisma Cloud Native Security Platform? Cloud Security Posture Management Cloud Workload Protection Cloud Network Security Cloud Infrastructure Entitlement Management
Cloud Infrastructure Entitlement Management
CNAF?
Cloud Native Application Firewall
Which two charts are supported from the Compliance Dashboard? (Choose two.) Top Compliance Violations Compliance Coverage Sunburst Compliance Risk Rating Compliance Trendline
Compliance Coverage Sunburst Compliance Trendline
If auto-remediation is not working on your GCP account, which role should you review first? Folder Viewer Compute Security Admin Organization Role Viewer Dataflow Admin
Compute Security Admin
Prisma Cloud Data Security categorizes exposure levels into which three categories? (Choose three.) Conditional Public Accessible Private Confidential
Conditional Public Private
Which alert type uses RQL for policy enforcement? Intrusion Anomaly Config UEBA
Config
What are the three key data types? (Choose three.) config event integration network identity
Config Event Network
RQL supports which two query types? (Choose two) Config User Database Network
Config Network
Which RQL query type supports using joins? config from compound from event from network from
Config from
Which query is properly formatted using the RQL syntax? Config from cloud.resource where cloud.type = 'aws' Config where cloud.resource from cloud.type = 'aws' Config cloud.resource where cloud.type = from 'aws' Config cloud.resource = cloud.type = 'aws'
Config from cloud.resource where cloud.type = 'aws'
Alerts are created from which event? Resource config is updated from the cloud console Network traffic exceeds the configured threshold User activity is recorded in the Audit log Config scanner finds a resource in violation of a policy
Config scanner finds a resource in violation of a policy
Which alert type does not use RQL? Event Anomaly Config Network
Anomaly
Which alert type does not use RQL? Config Anomaly Event Network
Anomoly
Which two methods of automation are supported for deploying Prisma Cloud Compute Edition? (Choose two.) Powershell Prometheus Ansible Terraform
Ansible Terraform
Which Defender type must be upgraded manually? Container Image App Embedded Host
App Embedded
What is it called when a CNAF is embedded in the container it protects?
App Embedded Defender
What is the recommended first step after activating the IAM Security module? Review permissions for roles and groups. Create a new IAM policy based on high-risk identity use cases. Review your compliance requirements. Apply the out-of-the-box policies to determine if there are overly permissive
Apply the out-of-the-box policies to determine if there are overly permissive
What kinds of process violations are detectable by process defense?
Crypto Miners Lateral Movement (like netcat) Parent-Child process relationships Explicit Deny/Allows
Which option is available for uploading logs in the Prisma Cloud Compute Edition? Audit logs to SOC Debug logs to SOC Audit logs to Prisma Cloud support Debug logs to Prisma Cloud support
Debug logs to Prisma Cloud support
To download Defender logs, you follow which navigation path? View Logs > Manage > Defenders Defenders > Manage > Defenders Defenders > Deploy > Defenders System > Manage > Defenders
Defenders > Manage > Defenders
Which method is used to upgrade Defenders after a console upgrade? Uninstall and reinstall each Defender. Defenders are auto-upgraded. Defenders do not require an upgrade because they are backward compatible. Navigate to the Defender / Manage view and click Upgrade for each Defender.
Defenders are auto-upgraded.
When troubleshooting SAML integration issues, where would you locate the last 5 SAML failures? Settings > Audit Logs > Last 5 SAML Failures Settings > Access Keys > Last 5 SAML Failures Settings > Cloud Accounts > Status > Last 5 SAML Failures Settings > SSO > Last 5 SAML Failures
Settings > SSO > Last 5 SAML Failures
What is the name of the feature that allows you to declare, by policy, which registries, repositories or images you trust?
Trusted Images
Which two sets of credentials can be used to authenticate when using the Login API call? (Choose two.) Select All Correct Responses username and password Access Key and password Access Key and Secret Key username and JSON Web Token
Username and Password Access Key and Secret Key
Which three entities are considered a source? (choose three.) a region an IdP user a public cloud account a Lambda function an EC2 instance
an IdP user a Lambda function an EC2 instance
In the Alert Mechanism, what are the three constructs? (Choose three.) a. Alert Profile b. Ignore specific CVEs or tags (allow). c. Alert Channel d. Alert Trigger
a. Alert Profile c. Alert Channel d. Alert Trigger
Which two rules exceptions can be configured on Prisma Cloud ? (Choose two.) a. Alert or block on specific CVEs or tags (deny). b. Ignore specific CVEs or tags (allow). c. Container is running as root. d. Running as non-privileged host.
a. Alert or block on specific CVEs or tags (deny). b. Ignore specific CVEs or tags (allow).
Which dashboard provides a snapshot of the current state of all cloud resources or assets that you are monitoring and securing using Prisma Cloud? a. Asset Inventory b. Compliance Reports c. Radar d. Prisma Cloud DevOps Inventory
a. Asset Inventory
Which two Dashboards are used to investigate detected policy violation? (Choose two.) a. Asset Inventory b. Vulnerability c. Compliance Dashboard d. DevOps Dashboard
a. Asset Inventory c. Compliance Dashboard
Select Prisma Cloud software Alert remediation type? (Choose three.) a. Automated Remediation b. Identity Security c. Manual Remediation d. Monitor Alerts
a. Automated Remediation c. Manual Remediation d. Monitor Aler
1. What are two types of alert reports that can be generated to inform stakeholders about the status of the cloud assets and how they are doing against Prisma Cloud security and compliance policy checks? (Choose two.) a. Cloud Security Assessment Report b. Compliance Report c. Business Unit Report d. AWS e. GCP
a. Cloud Security Assessment Report c. Business Unit Report
Which Dashboard can also view or download historic reports so that you can see your compliance trend. ? a. Asset Inventory dashboard b. Compliance Reports dashboard c. Radar d. Prisma Cloud DevOps Inventory
b. Compliance Reports dashboard
Which two components does Prisma Cloud Compute use? (Choose two.) a. NOC b. Console c. Controller d. Defender
b. Console d. Defender
Select the three anomaly policies that are predefined and marked as Prisma Cloud Default policies. (Choose three.) a. Application Enumeration b. Excessive login failures c. Unusual user activity d. Network evasion and resource misuse
b. Excessive login failures c. Unusual user activity d. Network evasion and resource misuse
Which event requires that rules and policies be tuned? a. Apps are added to a CVE. b. Existing apps are upgraded. c. Existing apps are removed. d. New apps are announced.
b. Existing apps are upgraded.
Select three CSPM Platform functions. (Choose three.) a. Threat Management b. Identity Security c. Network Security d. Policies and DevOps
b. Identity Security c. Network Security d. Policies and DevOps
What are the two Runtime defense principal object types? (Choose two.) a. Defenders b. Models c. Console d. Rules e. API
b. Models d. Rules
Which two methods can be used to authenticate API calls? (Choose two.) basic HTTP auth single Sign-On authentication token openID Connect
basic HTTP auth Authentication Tokens
When is Prisma Cloud monitoring and correlation of data from cloud vendors activated? a. Data correlation begins as soon as the cloud account is onboarded. b. Specific Prisma Cloud Alerts must be enabled for correlation of data. c. Alert notifications must be configured. d. Third-party technologies must be integrated.
a. Data correlation begins as soon as the cloud account is onboarded.
What are three tools provided by Palo Alto Networks firewalls used to segment traffic? (Choose three.) a. Define different Zones b. Dynamic Address Groups c. Air Gap d. UserID
a. Define different Zones b. Dynamic Address Groups d. UserID
What are two groups in which tasks are categorized to facilitate automation? (Choose two.) a. Deploy b. Dynamic c. Configure d. Containers
a. Deploy c. Configure
Select the two cloud types for compliance supported by Prisma Cloud. (Choose two.) a. GCP b. Rackspace c. Cisco d. AWS
a. GCP d. AWS
. Select the three correct type of defenders to select from? (Choose three.) a. Host Defender b. Container Defender c. Serverless Defender d. Agentless Defender
a. Host Defender b. Container Defender c. Serverless Defender
What are two predefined Prisma Cloud Default anomaly policies? (Choose two.) a. Network evasion and resource misuse b. Network reconnaissance c. Network DoS d. Excessive logins
a. Network evasion and resource misuse b. Network reconnaissance
Prisma Cloud supports which two orchestrators? (Choose two.) a. OpenShift b. OpenCloud c. Pivotal Cloud Foundry d. Apache Mesos
a. OpenShift c. Pivotal Cloud Foundry
Why is Panorama essential to bootstrapping in Complete Mode? a. Panorama needs to generate the VM auth key. b. Panorama is not required. c. Panorama is not required. d. None of the above.
a. Panorama needs to generate the VM auth key.
Which two statements reflect the Prisma Cloud Functionality of Asset Inventory? (Choose two.) a. Prisma Cloud is the only solution in the market that provides continuous monitoring of security misconfigurations consistently across clouds and throughout the application lifecycle. b. Prisma Cloud is the only solution in the industry that offers critical network security requirements across cloud providers. c. Prisma Cloud empowers customers to gain a deeper understanding of their cloud environments by leveraging native cloud provider APIs and continuously analyzing all cloud assets for changes. d. Prisma Cloud provides consistent data classification for cloud storage services across cloud providers. With 300+ data profiles, it is able to provide policy controls over commonly found data patterns and ensures that customers meet their compliance requirements.
a. Prisma Cloud is the only solution in the market that provides continuous monitoring of security misconfigurations consistently across clouds and throughout the application lifecycle. c. Prisma Cloud empowers customers to gain a deeper understanding of their cloud environments by leveraging native cloud provider APIs and continuously analyzing all cloud assets for changes.
Prisma Cloud keeps CVE data for which operating system base layer? a. SUSE b. Fedora c. PCLinuxOS d. Linux Mint
a. SUSE
Which is best applied for apps that need to be ready to perform tasks but don't always need to be running? a. Serverless b. Containers c. Virtual Machines d. Hosts
a. Serverless
What are two stages of the CI/CD pipeline? (Choose two.) peer review fork build unit test
build unit test
Twistcli can scan an image that is in the system from which two sources? (Choose two.) downloaded via FTP build on the host pulled from a registry backed up on a mirror site
build on the host pulled from a registry
In the Learning Mode, how does it stay to complete the model? a. 2 hr b. 24 hrs c. 1 hr d. 3 hr
c. 1 hr
Which increments are Prisma Cloud Credits sold in? a. 10 b. 50 c. 100 d. 500
c. 100
How many nodes of CN-NGFW pods can a pair of CN-MGMT pods connect to and manage within a cluster? a. 2 b. 20 c. 30 d. 100
c. 30
Which Firewall designed for both container or vm can be used to filter Layer 7 traffic to and from the app? a. CNNF b. NGFW c. CNAF d. IP tables
c. CNAF
If a "config where" query is used or a policy, which two options are available? (Choose two.) a. api.name b. api.source c. cloud.region d. cloud account type
a. api.name c. cloud.region
Which two details are included in a Prisma Cloud alert payload? (Choose two.) a. compliance standard b. CVE c. cloud account d. cloud status
a. compliance standard c. cloud account
When deployed with a GWLB, you can use the VM-Series firewall to protect the inbound traffic. What is the traffic originating? a. traffic originating outside the VPC and destined to resources within your application VPC, such as web servers b. traffic originating within the application VPCs and destined to external resources on the Internet c. in a transit gateway environment, East-West traffic refers to Inter-VPC traffic, such as the traffic between source and destination workloads in two different application VPCs yes d. none of the above
a. traffic originating outside the VPC and destined to resources within your application VPC, such as web servers
Which two attributes do network queries support? (Choose two.) anomaly.type accepted.bytes source.country operation
accepted.bytes source.country
How are standalone Prisma Cloud Defenders installed on hosts that do not run Docker? a. The Defenders are installed in the registry. b. The Defenders are run with a different orchestrator. c. The Defenders are run as a service. d. The Defenders are run on virtual machines.
c. The Defenders are run as a service.
Which logs helps to visualize flow information for resources deployed in your GCP projects? a. Syslog b. Event Viewer c. VPC logs d. all of the above
c. VPC logs
What are the four Prisma Cloud systems to bring online and operationalize. (Choose four.) a. IaaS b. Aws c. Vulnerability Management d. GCP e. Compliance f. Runtime Defense g. Firewall
c. Vulnerability Management e. Compliance f. Runtime Defense g. Firewall
In which mode can a networking rule place a Defender? a. deny b. alarm c. block d. permit
c. block
When Prisma Cloud detects an outgoing connection that deviates from your runtime policy, Prisma Cloud Defender can take action. Networking rules let you put Defender into one of three modes. Which mode is supported? a. deny b. alarm c. block d. permit
c. block
Which mode is the phase in which Prisma Cloud performs either static or dynamic analysis? a. archived b. active c. learning d. passive
c. learning
Which kind of platform is Kubernetes? a. automation b. Docker c. orchestration d. cluster
c. orchestration
API access is enabled for which role? a. default role b. configuration role c. system admin role d. root user role
c. system admin role
Which two protocols support authentication for Prisma Cloud Compute Edition? (Choose two.) OAuth OpenLDAP SQRL CTAP
OAuth OpenLDAP
Which feature provides granular visibility into each object's metadata and data profile information? Data Inventory Resource Explorer Data Dashboard Object Explorer
Object Explorer
Which two services does GitHub provide to developers? (Choose two.) Offers cloud-based hosting that is used to manage repositories provides a high-quality version control system allows you to share your code with others makes codebase and history available on every developer's local machine
Offers cloud-based hosting that is used to manage repositories allows you to share your code with others
Which version of Compute Console is hosted by Palo Alto Networks? Prisma Cloud SaaS Prisma Cloud Enterprise Edition Prisma Cloud Compute Edition Prisma Cloud Access
Prisma Cloud Enterprise Edition
How are "Dangerous Domains" detected?
Prisma Cloud Intelligence Stream (known bad domains) Behavioural Container Models - detects new/anomalous DNS requests that vary from the first initial runtime.
Which two benchmark standards are included in compliance checks? (Choose two.) Prisma Cloud Labs WildFire GDPR CIS Benchmarks
Prisma Cloud Labs CIS Benchmarks
What is the interface that is the default view when you first log into Prisma Cloud Console?
Prisma Cloud Radar
An administrator does not see incoming messages from a newly integrated third-party service. What is most likely the problem? Prisma Cloud license for third-party integration service is not enabled. Prisma Cloud has not performed its periodic polling from the third-party service. Prisma Cloud is not configured with a policy to accept incoming messages. Prisma Cloud has an Alert Rule with a deny-all rule for incoming messages.
Prisma Cloud has not performed its periodic polling from the third-party service.
What is most likely to cause a connection issue between Prisma Cloud and an externally connected service? Prisma Cloud's IP address or stack is flagged as malicious and is blocked. Prisma Cloud policies are rerouting traffic. The FQDN or IP address has changed on Prisma Cloud. The direct connection between Prisma Cloud and the datacenter or region is down.
Prisma Cloud's IP address or stack is flagged as malicious and is blocked.
Which two permission methods can be used with an Azure Service Bus Queue integration? (Choose two.) Shared Access Signature Service Principal Credentials Azure Active Directory (Azure AD) Shared Access Signatures (SAS)
Shared Access Signature Service Principal Credentials
Prisma Cloud Compute supports which two third-party integrations? (Choose two.) Slack Tenable.io PagerDuty WordPress
Slack PagerDuty
Which Prisma Cloud security module incorporates container security? cloud security posture management cloud workload protection cloud infrastructure entitlement management Cloud Network Security
cloud workload protection
What are two areas that the IAM Security module addresses? (Choose two.) complex entitlement layers overly permissive roles role-based access control authentication
complex entitlement layers overly permissive roles
Which two query types does RQL support? (Choose two.) config anomaly event hostfinding
config event
A config query can start with which two expressions? (Choose two.) config where source IP = config from cloud.resource config from iam config where CRUD =
config from cloud.resource config from iam
Which RQL query is a legitimate query in Prisma Cloud? config where cloud.resource from api.name = 'aws-ec2-describe-instances' config cloud.resource from where api.name = 'aws-ec2-describe-instances' config where from api.name = 'aws-ec2-describe-instances' config from cloud.resource where api.name = 'aws-ec2-describe-instances'
config from cloud.resource where api.name = 'aws-ec2-describe-instances'
Which RQL query is used by the Resource Explorer? config from cloud.resource where cloud.service = 'Amazon S3' config from cloud.resource where cloud.type = 'Amazon S3' event from cloud.resource where cloud.service = 'Amazon S3' config from cloud.resource where cloud.service = 'AWS S3'
config from cloud.resource where cloud.service = 'Amazon S3'
What are the RQL parameters for starting an IAM query? event from iam where network from iam where config from iam where none of the above
config from iam where
Which two operators can make queries more computationally efficient? (Choose two.) contains exists @ ?
contains exists
What are two common use cases that the IAM Security module addresses? (Choose two.) users with write database access cross-account permissions groups with excessive users resources that the public can access
cross-account permissions resources that the public can access
. What is the average number of days to detect a breach in Microsoft Azure? a. 30 b. 60 c. 100 d. 200
d. 200
For every 100 compliance issues, we should expect: [Blank]% of issues are caused by your apps. Since you have full control over your apps, meet with your developers and remediate them. [Blank]% of issues are caused by infrastructure issues. Half of these issues will be due to the vendor configuration, which you can't change. Create rules to ignore these issues. The other half will be due to insecure defaults. Remediate them. Select the Values for the Blanks a. 16% and 84% b. 33% and 67% c. 84% and 16% d. 67% and 33%
d. 67% and 33%
Select two roles of Panorama? (Choose two.) a. license management and configuration management b. manage your Kubernetes clusters, apps, and firewall services c. monitor your clusters and leverage Kubernetes labels that you use to organize Kubernetes objects d. Provide the VM Auth Key so the bootstrapped firewall can register running as nonprivileged host
d. Provide the VM Auth Key so the bootstrapped firewall can register running as nonprivileged host
Prisma Cloud lets you surface critical policy breaches by sending alerts to automate security response, Which channel can you send to? a. Email b. Pager Alerts c. Compliance Dashboard d. XSOAR
d. XSOAR
Which installation method is used to deploy a Defender when using OpenShift? installed as a Daemon service installed as a global service deployed as a service deployed as a DaemonSet
deployed as a DaemonSet
What does IAM stand for? identity, authentication, and management inadequate authentication management infrastructure access management identity and access management
identity and access management
Which actions are supported for compliance checks? alert, log, and block alert, block, and remediate ignore, alert, and block ignore, report, and block
ignore, alert, and block
When integrating AWS Inspector, which role permissions are required on the Prisma Cloud role? inspector:List* and inspector:Get* inspector:Describe* and inspector:List* guardduty:List* and guardduty:Get* guardduty:Describe* and guardduty:List*AWS Security Hub
inspector:List* and inspector:Get* inspector:Describe* and inspector:List*
The REST API enables which two capabilities? (Choose two.) discovery integration remediation automation
integration automation
Which Prisma Cloud component provides for static defense in the CI/ CD pipeline? compiler plugin IDE machine learning
plugin
Which two protections are included in runtime defense? (Choose two.) predictive threat-based catalogued itemized
predictive threat-based
What are two of the four key IAM attributes? (Choose two.) source action resource cloud
source action
Which two outputs are supported by event logging? (Choose two.) log analyzer stdout snmp syslog
stdout syslog
Which two outputs are supported by event logging? (Choose two.) Select All Correct Responses log analyzer stdout snmp syslog
stdout syslog
Which two components are included in the Compliance Explorer? (Choose two.) top-ten compliance violations open compliance alerts table of compliance issues roll-up charts
table of compliance issues roll-up charts
True or False? With Postman you can import an API schema as a collection? true false
True
True or false? A cloud account must be configured with the monitor and protect mode to perform auto-remediation of policy violations. true false
True
True or false? Alerts can be forwarded to third-party integrations in Prisma Cloud True False
True
True or false? Alerts can be forwarded to third-party integrations in Prisma Cloud. True False
True
True or false? Defenders enforce the policy created in Console. True False
True
True or false? Net-effective permissions are the true permissions after all identity privileges are combined. True False
True
True or false? Prisma Cloud can access the data generated by Amazon GuardDuty and Inspector True False
True
Which two cloud service providers are supported with a Prisma Cloud and Qualys integration? (Choose two.) OCI Alibaba Cloud GCP AWS Azure
AWS Azure
Which two enforcement actions can be configured for a WAAS rule? (Choose two.) Pause Ban Alert Ignore
Ban Alert
True or false? Prisma Cloud offers protection for the entire CI/ PD pipeline. True False
True
Which two HTTP methods are used to interact with the Prisma Cloud REST API? (Choose two.) POST HEAD COPY DELETE
POST DELETE
What are two common HTTP methods used to send API calls to Prisma Cloud? (Choose two.) POST STATUS GET UPDATE
POST GET
Defender communicates with Console using which default port value? 8080 84 8083 8084
8084
Which two RQL operators can be used to parse through JSON arrays? (Choose two.) Select All Correct Responses ? # % @
? @
What are three advantages of Prisma Cloud WAAS? (Choose three.) -provides unified protection across applications deployed on hosts, VMs, containers, and serverless -segments microservices at the container level -auto scales with your cloud applications through an agent-based (RASP) deployment -provides a single solution to all your cloud security needs -provides a filter to protect against path traversal attacks
-provides unified protection across applications deployed on hosts, VMs, containers, and serverless -auto scales with your cloud applications through an agent-based (RASP) deployment -provides a single solution to all your cloud security needs
Which RQL syntax is used to iterate through a set of objects? [?.(@.Effect == 'Allow'] [*]. Key == Compliance && @.Effect == 'Allow' .*[?(@.Type == 'AWS::S3::Bucket'
.*[?(@.Type == 'AWS::S3::Bucket'
Which two attacks does the web application firewall protect against when deploying CNAF for serverless functions? (Choose two.) a. local file system inclusion (LFI) b. DoS c. cross-site scripting d. embedded code registry
A & C - LFI and Cross Site Scripting
What is the maximum number of Access Keys that can be created for a Prisma Cloud role? Two Three Four Five
2
Which version upgrade path represents a maintenance release? 20.09.162 to 20.09.162-1 20.04.162 to 20.09.162 20.09.162 to 20.09.362 19.11.162 to 20.04.162
20.09.162 to 20.09.362
Which two ports can be used for connecting to Prisma Cloud Compute Edition console? (Choose two.) 80 8083 8081 443
8083 8081
Which two scenarios would the IAM Security module flag? (Choose two.) A user has both Okta and group privileges to a cloud account. A user has not made a database API call in three months but has write access. A user is not using two-factor authentication to log in. A public server has read access to a cloud account.
A user has not made a database API call in three months but has write access. A public server has read access to a cloud account.
Prisma Cloud WAAS provides which three types of protection? (Choose three.) hybrid cloud environment only API file upload false positives access control based on IP address or geo location
API file upload access control based on IP address or geo location
Which webpage is accessible using a link from the Prisma Cloud Compute API Reference? Compute console API reference page API technical docs API endpoint
API reference page
Which two settings are used to configure Role-Based Access Control (RBAC)? (Choose two.) account user role clearance
Account Role
Which two filters can be applied in the Compliance Dashboard? (Choose two.) Account Group Time Range Policy Type Compliance Section
Account Group Compliance Section
If no alerts are being triggered in Prisma Cloud, what most likely is the problem? Account Groups are not included in an alert rule. Alerts are not enabled in the global settings. No users are configured with the alerts permission. Alerts are being blocked by policy configurations.
Account Groups are not included in an alert rule
What 4 anomaly types are predefined in Prisma Cloud Compute?
Account Hijacking Attempts Excessive number of login failures Unusual user activity Network Evasion and Resource misuse
Which two UEBA policies are supported in Prisma Cloud? (Choose two.) brute-force attacks account hijacking attempts excessive login failures creation of super users
Account Hijacking attempts Excessive Login Failures
Which two states can a model be in? (Choose two.) active logging learning rebooting
Active Learning
Which workflow describes adding an external integration to Prisma Cloud? Add a GCP account to Prisma Cloud Create a new Alert Rule for AWS in Prisma Cloud Add AWS Security Hub to Prisma Cloud Create a custom policy for an Account Group
Add AWS Security Hub to Prisma Cloud
What is the effect for the default runtime rule? Block Prevent Disabled Alert
Alert
What dashboard provides a snapshot of the current state of all cloud resources or assets that you are monitoring with Prisma Cloud?
Asset Inventory Dashboard
Which element in RQL is used to narrow the scope of the search? operators expressions attributes conjunctions
Attributes
Which two tabs are used to configure Access Control? (Choose two.) Authentication Network Controls File Uploads User Authorization
Authentication User Authorization
Name 4 Key Differentiators between Prisma Cloud and competitors
Auto Remediation Unified view for multi cloud environment Visualize cloud environments with Radar Merged CSPM and CWPP provide more value
Which two requirements does a new alert rule need to fulfill to support Automated Remediation? (Choose two.) Automated Remediation is enabled for the Alert Rule. The resource triggering the alert has remediation enabled. The policies in the alert rule include the required CLI commands for remediation. The cloud account is public and not private.
Automated Remediation is enabled for the Alert Rule. The policies in the alert rule include the required CLI commands for remediation.
Which two requirements does a new alert rule need to support Automated Remediation (Choose two)? Automated Remediation is enabled for the Alert Rule. The resource triggering the alert has remediation enabled. The policies in the alert rule include the required CLI commands for remediation. The cloud account is public and not private.
Automated Remediation is enabled for the Alert Rule. The policies in the alert rule include the required CLI commands for remediation.
Which action enables you to cloak sensitive data? A. Data Pattern Masking B. Snippet Masking C. Data Profile Masking D. Snippet Disabling
B. Snippet Masking
Prisma Cloud Data Security combines the power of which two Palo Alto Networks products to discover and protect data in public cloud environments? (Choose two.) A. Prisma SaaS B. Wildfire C. Palo Alto Networks DLP D. Autofocus
B. Wildfire C. Palo Alto Networks DLP
What are the four built-in data profiles that Palo Alto Networks Enterprise DLP provides with the integration of Prisma Cloud Data Security? (Choose four.) A. assets B. healthcare C. PII D. employment E. financial information F. intellectual property
B. healthcare C. PII E. financial information F. intellectual property
Which two types of protections are offered by WAAS? (Choose two.) duplicate web address malformed request spoofed MAC address brute force
Brute Force Malformed Request
Which two methods can be used to manage cost when using Prisma Cloud Data Security? (Choose two.) Enable CloudTrail for Read-and-Write events Bucket lifecycle policy of one-month TTL Select only buckets that require scanning Disable client-side rate throttling
Bucket lifecycle policy of one-month TTL Select only buckets that require scanning
.Which RQL query will produce a custom report that lists the S3 buckets accessible to the public through bucket ACLs? a. config where api.name='aws-s3api-get-bucket-acl' AND cli.rule="(acl.grants[?(@.grantee=='AllUsers')] size > 0)" b. config where api.name='aws-s3api-get-bucket-nsg' AND json.rule="(acl.grants[?(@.grantee=='AllUsers')] size > 0)" c. config where api.name='aws-s3api-get-bucket-acl' AND json.rule="(acl.grants[?(@.grantee=='AllUsers')] size > 0)" d. config where api.name='aws-s3api-get-bucket-acl' AND python.rule="(acl.grants[?(@.grantee=='AllUsers')] size > 0)"
C
After an image is removed from a registry, the scan results are purged after which period has elapsed? a. 12 hours b. 24 hours c. 30 days d. 60 days
C - 30 Days
Which tool would be useful for performing a bulk upload of cloud accounts? CLI Tool API Import Library GitHub Postman
CLI Tool
Which two limitations exist when RQL is used? (Choose two.) The scope of the query is based on all cloud accounts. Can't join config, event, and network queries together. Not all operators can be used in array brackets. Resources that have been created in the past can never be included in a search.
Can't join config, event, and network queries together. Not all operators can be used in array brackets.
What are two Alert Disposition options for Prisma Cloud? (Choose two.) a. Conservative b. Progressive c. Aggressive d. Medium
Conservative and Agressive Third type is Moderate
Which component needs to be installed first when deploying Prisma Cloud Compute? Console Defender twistcli Jenkins plugin
Console
Which component needs to be upgraded first when upgrading Prisma Cloud Compute? Defender Jenkins plugin twistcli Console
Console
Which two security guardrails are built into Defender? (Choose two.) Console and Defender do not trust each other. Defender deployment includes a self-healing capability. Defenders incorporate an automatic shutdown feature. Risk is limited to the system where Defender is deployed.
Console and Defender do not trust each other. Risk is limited to the system where Defender is deployed.
Which two elements are evaluated together to define a resultant policy? (Choose two.) WildFire Container model Intelligence stream Runtime rules
Container model Runtime rules
Which Palo Alto Networks product can be natively integrated with Prisma Cloud? Strata DLP Security Cortex XSOAR Prisma SD-WAN Prisma SaaS
Cortex XSOAR
When enabling SSO on Prisma Cloud, what is recommended to prevent SSO lockout? Enable SSH with root access to Prisma Cloud. Create System Admin level users that are excluded from SSO login. Create a back door to the Prisma Cloud console. Create policy that allows unlimited SSO login attempts for administrator accounts.
Create System Admin level users that are excluded from SSO login.
How do you deploy a CNAF for a host?
Create a new rule and specify a host
How do you deploy CNAF for a containerized web app?
Create a new rule, specify the image name, and declare the ports where CNAF listens.
Which two severity levels are supported in vulnerability rules? (Choose two.) Critical Major Medium Highest
Critical Medium
Which Data Dashboard widget shows you the top five publicly exposed objects for the Financial Information, Healthcare, PII, and Intellectual Property data profiles? A. Total Buckets B. Total Objects C. Top Data Policy Violations D. Top Publicly Exposed Objects by Profile
D. Top Publicly Exposed Objects by Profile
Which is the best method to use when grouping clauses in RQL? commutative law associative law De Morgan's laws basic laws of algebra
De Morgan's laws
What are considered workloads on GCP?
GCEs, Cloud SQL
Which two issues with a resource may result in an alert not being generated? (Choose two.) Deleted Not configured Classified Archived
Deleted Not configured
WAAS enhances WAF protection by using which two methods? (Choose two.) inspecting traffic at Layer 3 inspecting internal (east-west) traffic deploying closer to the application using the Intelligence Stream to identify rogue apps
Deploying closer to the application Inspecting internal East-West traffic
When Prisma Cloud detects an outgoing connection that deviates from your runtime policy, Prisma Cloud Defender can take action. What are the 3 modes networking rules can put defender in?
Disable: Defender does not provide any networking protection. Alert: Defender raises alerts when targeted resources establish connections that violate your runtime policy. Block: Defender stops the container if it establishes a connection that violates your runtime policy. The options for "Explicitly allowed" and "Explicitly denied" let you customize the runtime models for known good and known bad network connections
Alerts can be in which two states? (Choose two) Dismissed Closed Resolved Unresolved
Dismissed Resolved
What are considered workloads on AWS?
EC2, RDS, ELB, Redshift, NAT Gateway
Which two steps are a part of WAAS rule creation? (Choose two.) Enable image scanner. Enable desired protections. Define rule resource. Define malware protections.
Enable desired protections. Define rule resource.
Which operation is performed by Defender once installed? Spawn a database container to store events Establish a connection to console Place its own process in the whitelist for processes Open a connection to the cluster controller
Establish a connection to console
Which two types of queries does RQL support? (Choose two.) Policy Anomaly Event Network
Event Network
1. True or false? Serverless and containers are the same. a. true b. false
False
True or false? Models are the result of autonomous learning that Prisma Cloud performs when an image is developed. True False
False
True or false? Prisma Cloud by default and with no initial setup always will generate alerts. True False
False
True or false? RQL supports filtering an unlimited number of APIs using joins. True False
False
True or false? The Dataflow Admin role is required only if you need to troubleshoot issues with your Prisma Cloud account. true false
False
What can cause an empty object classification? File too large to scan Object has sensitive info File type has extension .pptx Object is encrypted
File too large to scan
What does Prisma Cloud technical support recommend as the best way to get support? Call the Palo Alto Networks main support number. From the Prisma LIVE Community page click Create a Support Case Now. Contact your SOC administrator. Contact the RedLock AI assistant for resolution of the issue.
From the Prisma LIVE Community page click Create a Support Case Now.
Which two requirements are needed to run container Defenders? (Choose two.) Full control over the host Bash shell script to start the Defender Run in the hosts network and process namespaces A socket connection to containers running on the host
Full control over the host Run in the hosts network and process namespaces
Which two assets are included in the Prisma Cloud Asset Inventory dashboard? (Choose 2) a. Regions b. Gateways c. Security Groups d. Compute Engine Instances
Gateways and Compute Engine Instances
Which development platform is used by support for storing scripts and code projects? Appian GitHub Mendix PowerApps
GitHub
Which item indicates the RQL syntax is correct? Green checkmark Red X Popup message Query executes
Green Checkmark
Which two remediation methods does Prisma Cloud support? (Choose two.) guided scheduled manual compliant
Guided Manual
WAAS protects application using which two protocols? (Choose two.) SSH HTTPS FTP HTTP
HTTP HTTPS
Which two settings are included in an endpoint configuration? (Choose two.) HTTP Host Scan Interval Mode Path
HTTP Host Path
Which two pieces of information are returned by the command redlock-cli ping? (Choose two.) HTTP response code response metadata API response code response payload
HTTP response code response payload
Which data classifications are supported by Prisma Cloud Data Security? (Choose two.) Healthcare Sensitive PII Corporate Information
Healthcare PII
Which two tabs are supported for View Logs? (Choose two.) History Audit Console Recent
History Console
Which type of ingest data is provided by third-party integrations? host vulnerability network traffic audit log resource lifecycle
Host Vulnerability
Which two steps are required for guided remediation? (Choose two.) Obtain the necessary steps for remediation from the admin guide. Hover the pointer over the violating resource and select Remediate. Follow the remediation steps in the Quick Start Checklist. Click Execute Command to invoke remediation.
Hover the pointer over the violating resource and select Remediate. Click Execute Command to invoke remediation.
What hypervisors can run the Prisma Cloud Console?
Hyper-V VMWare Virtualbox
Every API call requires which two values? (Choose two.) IP address or hostname region cloud account version
IP address or hostname version
Which action is supported for compliance checks? Prevent Ignore Allow Suspend
Ignore
Which navigation path would display data in the image's docker layers? Image > Risk summary > Image details > Layers Image > Risk summary > Vulnerabilities > Layers Image > Risk summary > Runtime > Layers Image > Environment > Vulnerabilities > Layers
Image > Risk summary > Vulnerabilities > Layers
When adding ServiceNow to Prisma Cloud, which two service types can be configured into the integration? (Choose two.) Incident Mode Event Status
Incident Event
Which RQL component supports queries of data from multiple APIs? operators attributes conjunctions joins
JOINS
Which data format is used for resource config metadata in Prisma Cloud? JSON YAML XML CSV
JSON
Which data format is used when exported forensics data events? JSON CSV XML Plain text
JSON
Which format is used by Prisma Cloud to ingest data and update events? XML YAML JSON Text
JSON
Which format is used by Prisma Cloud to ingest data and update events? XML YAML JSON Text
JSON
Which runtime environment is required for running the interactive CLI tool on your local system? Python Perl JavaScript Ruby
Javascript
Which two alert providers are supported in Compute console? (Choose two.) JIRA Splunk Webhook Amazon SQS
Jira Webhook
Jira is not receiving alert messages from Prisma Cloud. What is most likely the cause? Prisma Cloud default policies do not send messages to Jira services. The Jira firewall is blocking incoming SNMP messages. Jira is configured with the incorrect Prisma Cloud URL for the region. Jira message threshold limit has been reached.
Jira is configured with the incorrect Prisma Cloud URL for the region.
Which two CIS benchmarks are included in Prisma Cloud compliance checks? (Choose two.) OpenLDAP Kubernetes Docker VMware server
Kubernetes Docker
On which support page can you create a support ticket? LIVEcommunity Tech Docs Knowledge Base Prisma Cloud Console
LIVEcommunity
What layer of the OSI model does the CNNF run?
Layer 4
For which duration does Prisma Cloud Enterprise DLP store objects? Less than 24 hours Less than 2 days 14 days 10 years
Less than 24 hours
Which two data fields are included in console debug logs? (Choose two.) Level Resolved Last Modified Urgency
Level Last Modified
What are considered workloads on Azure?
Load Balancers, SQL Databases, VM's
Which permission is required on Qualys when integrating with Prisma Cloud? Manager role User Agent role Auditor role Administrator role
Manager role
Which two methods does Prisma Cloud support for adding an AWS account? (Choose two.) Manual Recursive Automated Scheduled
Manual Automated
Which two methods can be used to configure API protections? (Choose two.) manual import a collection file import an OpenAPI or Swagger file API discovery
Manual Import an OpenAPI or Swagger File
You are adding a new AWS account to Prisma Cloud and want to make sure you can perform the automatic remediation function in the event of an alert. Which setting allows automatic remediation? Mode - Monitor Mode - Monitor & Protect Mode - Alert Rule Mode - Auto Remediation
Mode - Monitor and Protect
Which onboarding mode is supported by the Data Security module? Monitor and Protect Remediate Monitor Primary
Monitor
True or false? Prisma Cloud scans all images on hosts that run Defender. True False
True
Which two settings are required to configure a Collection? (Choose two.) Owner Name Description Filters
Name Filters
Which two filter options are available in the Containers view of Radar? (Choose two.) Regions Namespaces Severity threshold Cloud Provider
Namespaces Severity threshold
What step is required to add a new user to Prisma Cloud Compute Edition? Navigate to Manage > Settings and click Users Navigate to Settings > Authenticate and click Users Navigate to Manage > Authenticate and click Users Navigate to Settings and click Users
Navigate to Manage > Settings and click Users
Which two steps are required to add a new Data Profile? (Choose two.) Navigate to the Data Profile Module Upload the Data Profile Choose a Data Pattern Navigate to Investigate > Data > Data Profiles
Navigate to the Data Profile Module Choose a Data Pattern
Which two methods can be used to enable the Data Security feature? (Choose two.) Navigate to the Help icon > What's New Navigate to Subscription > Learn More Navigate to Dashboard > Data Navigate to Settings > Data Security
Navigate to the Help icon > What's New Navigate to Dashboard > Data
Which two policy types are supported in Prisma Cloud? (Choose two.) User event Network Anomaly Resource
Network Anomaly
Which circumstance may add fields to an API call? More data is needed. New features are added to Prisma Cloud Compute. The call returns additional data. The call is repeated.
New features are added to Prisma Cloud Compute.
Which two limitations exist when Prisma Cloud SSO is used? (Choose two.) Only one IdP for each tenant IdP initiated not supported Must be IdP initiated Only one IdP for each account
Only one IdP for each tenant Must be IdP initiated
Prisma Cloud supports which two onboarding options when adding a GCP account? (Choose two.) Organization Region Availability Group Project
Organization Project
Which two types of object information are provided in the Object Explorer Details Panel? (Choose two.) Owner Zone Bucket name Cloud Provider
Owner Bucket name
What is a common problem experienced with a Prisma Cloud investigation? Emails are not being received for an alert. Amazon GuardDuty is not ingesting data from Prisma Cloud. Simple queries delay the real-time ingestion of VPC flow logs. Permissions have changed.
Permissions have changed.
Which identity provider does Palo Alto Networks SSO support Ping Identity Google OneLogin Auth
Ping
Which two types of information does the network connection arrow provide in Radar? IP addresses Ports Direction Bitrate
Ports Direction
Which application can be used for accessing the REST API? Postman Mailman API Boss Call Maker
Postman
Which Windows-based application is required to execute Prisma Cloud CLI commands? PowerShell Microsoft Edge PuTTY WinSCP
Powershell
What are the 3 types of Prisma Cloud licensing editions?
Prisma Cloud Business Edition - SaaS, CSPM only Prisma Cloud Compute Edition - Self Hosted, CWPP only Prisma Cloud Enterprise Edition - SaaS, CSPM and CWPP
Which two user documents are on the Palo Alto Networks technical documentation website? (Choose two.) Prisma Cloud Compute Shift-Left Security Guide Prisma Cloud Compute Optimization Guide Prisma Cloud Compute Operationalize Guide Prisma Cloud Administrator's Guide (Compute)
Prisma Cloud Compute Operationalize Guide Prisma Cloud Administrator's Guide (Compute)
Which container orchestrator supports service account monitoring? Docker Swarm Apache Mesos Red Hat OpenShift Azure Service Fabric
Red Hat OpenShift
API calls are grouped into which two categories? (Choose two.) Indexing Rebooting Reporting Config as a code
Reporting Config as a code
What are the three primary optimization steps in Prisma Cloud? (Choose three.) Review Dashboards. Review user identity permissions. Configure external alert notifications. Investigate issues. Remediate alerts.
Review Dashboards. Investigate issues. Remediate alerts.
Which information is required for adding an Alibaba account in Prisma Cloud? RAM Role Admin Role Role ARN RAM permissions
Role ARN
Which two settings does Prisma Cloud use for RBAC? (Choose two.) Roles Permissions Organizations Account Groups
Roles Account Groups
Which level of onboarding is supported when adding an OCI account to Prisma Cloud? Root (tenancy) level Subscription level Availability Zone level Compartment level
Root (tenancy) level
When an outbound integration is set up, which two alert rule types can be configured to send alert messages? (Choose two.) Run Build POST GET
Run Build
Which protocol is used to support single sign-on for the Prisma Cloud Enterprise Edition? OpenID SAML OAuth LDAP
SAML
Which two OWASP documented attacks are protected by a serverless WAAS rule? (Choose two.) insecure deserialization broken authentication SQL injection attack cross-site scripting attack
SQL injection attack cross-site scripting attack
Prisma Cloud Compute supports which two deployments? (Choose two.) Mac OS version Windows version SaaS version self-hosted
SaaS version self-hosted
Which method of scanning is used by Forward Scan? Scan all existing objects Scan files that have known vulnerabilities Scan objects for specific users Scan all new files added or edited
Scan all new files added or edited
Which two settings are configured when defining a new custom policy for data? (Choose two.) Select a data profile Select the data patterns Select a file exposure value Select the WildFire scan interval
Select a data profile Select a file exposure value
Which two object classification types are supported in Prisma Cloud Data Security? (Choose two.) vulnerable sensitive empty malware
Sensitive Empty
Which two types of information are displayed by Data Inventory Data cards? (Choose two.) Sensitive Objects Encrypted Buckets Risky Objects Public Buckets
Sensitive Objects Public Buckets
Alerts can be in which two states? (Choose two.) Snoozed Deferred Unresolved Dismissed
Snoozed Dismissed
Which Prisma Cloud role is required to enable programmatic access to the REST APIs in Prisma Cloud? System Admin Cloud Provisioning Admin Account Group Admin Account and Cloud Provisioning Admin
System Admin
Which permission group role is used to provide full control in Prisma Cloud? System Admin Account Group Read Only Cloud Provisioning Admin Account Group Admin
System Admin
Which role in the Prisma Cloud Enterprise Edition is required to access the Compute Console web interface? Account Group Admin System Admin Build and Deploy Security Cloud Provisioning Admin
System Admin
Which two platforms support inbound integration? (Choose two.) Select All Correct Responses Tenable.io Splunk Jira Qualys
Tenable.io Qualys
Prisma Cloud supports which automated method for adding an Azure account? CloudFormation Terraform XML JSON
Terraform
Which tool can be used to automate steps when adding an Azure cloud account? Pulumi Terraform Starsheep Ansible
Terraform
What 4 Infrastructure as Code (IaC) types can Prisma Cloud scan?
Terraform Cloudformation Templates Kubernetes Manifests Helm Charts
True or false? RQL can be used to investigate an alert. True False
True
An administrator recently onboarded an AWS account, and they see a red status indicator next to Flow Logs. Which configuration is most likely the problem? The administrator did not enable AWS Inspector on the AWS account. The administrator did not enable Prisma Cloud Data Security when setting up the AWS account. The administrator did not set up CloudWatch logs on the AWS account. The administrator did not set up a NAT Gateway for Prisma Cloud to ingest logs.
The administrator did not set up CloudWatch logs on the AWS account.
True or false? Roll-up charts show overall compliance ratios. True False
True
True or false? The Data Inventory page provides information on the number of S3 storage buckets being monitored and summary data cards that provide status on how objects are exposed: public, sensitive, or malware.
True
True or false? The json.rule attribute is used to filter the JSON configuration for a resource. True False
True
What is most likely the cause of a red status indicator for an external integration? One or more templates associated with the integration are invalid. SSO authentication is expired. The integration fails validation checks for accessibility or credentials. The link is down between Prisma Cloud and the externally connected service.
The integration fails validation checks for accessibility or credentials.
What is a major benefit of having the IAM Security module integrated into the Prisma Cloud platform? The module can leverage platform features like the dashboard, alerts, and remediation. The module covers all high-risk IAM use cases. The cloud providers do not have their own IAM security services. IAM security is the next rapidly growing area in cloud security.
The module can leverage platform features like the dashboard, alerts, and remediation.
What is the most likely cause of not receiving an alert in Prisma Cloud? An RQL query was not properly configured with the proper syntax to receive an alert. An alert rule was not configured in Prisma Cloud to receive an alert. The resource does not exist on the cloud provider. The cloud provider did not generate the alert and send it to Prisma Cloud.
The resource does not exist on the cloud provider.
True or False? Prisma Cloud Data Security uses the Wildfire service to detect known and unknown malware in these objects? True or False?
True
CLI commands that are copied to the clipboard can be used in which two ways? (Choose two.) They can be manually executed at the command line for the cloud account to resolve the security violation They can then be executed in Prisma Cloud to remediate a security violation They can be used to define a new policy that includes remediation They can be used to automatically generate a Python script that will remediate the alert
They can be manually executed at the command line for the cloud account to resolve the security violation They can be used to define a new policy that includes remediation
Why are IdP-authenticated users potentially risky from an IAM security standpoint? There may be multiple IdPs providing authentication. IdP authentication tokens may be compromised. They are authenticated by a third party. They may have permissions that override internally set permissions.
They may have permissions that override internally set permissions.
True or False? Prisma Cloud supports two methods for integration data flow—push and pull. false true
True
True or False? The Prisma Cloud Terraform provider can be used for bulk, automated on-boarding of cloud accounts. true false
True
Jira is included in which category of external integrations? Collaboration Vulnerability Ticketing Cloud Native
Ticketing
Which views are supported for monitoring WAAS events? (Choose two.) timeline top ten list tabular pie chart
Timeline Tabular
Which two charts are supported from the Dashboard? (Choose two.) Top Cloud Account Violations Resource Risk Exposure Top Internet Connected Resources Alerts by Severity
Top Internet Connected Resources Alerts by Severity
Which two widgets are included in the Data Dashboard? (Choose two.) Total Buckets Total Object Owners Top Exposed Objects by Bucket Data Alerts by Severity
Total Buckets Data Alerts by Severity
Which two features are provided on the Vulnerability Explorer page? (Choose two.) Remediate button Trend charts Top critical vulnerabilities Download to a PDF file
Trend charts Top critical vulnerabilities
1. True or false? Prisma Cloud protects your containers by combining static analysis of an image with runtime analysis of the container.
True
Which data is provided by the Compliance Score? Cloud accounts that are passing or failing Score based on the cloud accounts with the fewest policy violations Score based on the compliance posture for your cloud accounts Unique resources that are passing or failing
Unique resources that are passing or failing
Which two best practices are applicable to RQL expressions? (Choose two.) Use double quotes to enclose filters. Use parentheses for clean queries. Use double quotes to enclose your entire expression. Use single quotes to enclose filters.
Use double quotes to enclose filters. Use parentheses for clean queries.
Which two methods can be used to troubleshoot an RQL expression? (Choose two.) Use CloudFormation templates to construct JSON rules for the query. Use the auto-suggest drop-down list for valid query syntax. Use values for your deployed resources. Use query elements that include quotes, spaces, and special characters.
Use the auto-suggest drop-down list for valid query syntax. Use values for your deployed resources.
Which step is a part of manual remediation? View the CLI commands for remediation. View the alarm from your cloud account console. View the alarm and select the remediate button. View the recommended steps for remediation.
View the recommended steps for remediation.
Which action resolves an alert? When the user logs in to their public cloud account and closes the alert When the user clicks the Remediate button for an open alert When the alert times out in Prisma Cloud When the system admin selects the Apply CLI Commands button
When the user clicks the Remediate button for an open alert
Which external integration can be used if your application is not natively supported on Prisma Cloud? Webhook GitHub Dropbox Internet Relay Chat
Webhook
Which service can be used to integrate with third-party platforms when receiving outbound notifications that are not supported out-of-the-box by Prisma Cloud? SNMP file transfer syslog Webhooks
Webhooks
What are three important IAM governance questions that the out-of-the-box policies might answer? (Choose three.) What are all the public resources? Where are the cross-account connections? Which entities have risky permissions? Which roles have recently had permission changes? Which users are no longer with the organization?
What are all the public resources? Where are the cross-account connections? Which entities have risky permissions?
After files are ingested and data is cached, the files are sent to which two Palo Alto Networks products for object classification and a malware verdict? (Choose two.) AutoFocus WildFire Cortex XDR Enterprise DLP
WildFire Enterprise DLP
Which data is provided by the Connections from the Internet Geography chart? Risk ratings User activities Workload types Cloud accounts
Workload Types
Which third-party application can be installed as a Chrome extension to make API calls to Prisma Cloud? YARC REST GitHub Postman
YARC
Which two functions are supported in RQL? (Choose two.) Select All Correct Responses _User.inCloudAccount _DateTime _IpAddress.inRange _CloudAccount.inAWS
_DateTime _IpAddress.inRange
When setting up an alert rule for an outbound integration, what is required to support automatic remediation? a policy that supports automatic remediation automatic remediation permissions on the Prisma Cloud role Webhook with automatic remediation a REST API with an automatic remediation call function
a policy that supports automatic remediation
Which setting is the default for Prisma Cloud backups? off automatic on demand as needed
automatic
Which two methods can be used to resolve alerts? (Choose two) automatically by configuring Automated Remediation in the alert rule selecting Automated Remediation in the Enterprise settings accessing the public cloud account and executing the necessary CLI commands selecting the alert and then clicking the resource button
automatically by configuring Automated Remediation in the alert rule accessing the public cloud account and executing the necessary CLI commands
Jenkins is an example of which type of platform? IDE for code development tool for visibility into the CI/CD pipeline tool for finding errors on code automation server for code development
automation server for code development
What are two different methods for accessing images in the cloud registry? (Choose two.) a. MFA b. Basic Authorization c. URL Authorization d. Biometrics
b. Basic Authorization c. URL Authorization
Microsegmentation of microservices can be deployed with which of the following? a. NGFW b. CN series c. VM-series d. all of the above
b. CN series
Which of the following statements reflects the Prisma Cloud Functionality of Network Security? a. Prisma Cloud is the only solution in the market that provides continuous monitoring of security misconfigurations consistently across clouds and throughout the application lifecycle. b. Prisma Cloud is the only solution in the industry that offers critical network security requirements across cloud providers. c. Prisma Cloud empowers customers to gain a deeper understanding of their cloud environments by leveraging native cloud provider APIs and continuously analyzing all cloud assets for changes. d. Prisma Cloud provides consistent data classification for cloud storage services across cloud providers. With 300+ data profiles, it is able to provide policy controls over commonly found data patterns and ensures that customers meet their compliance requirements
b. Prisma Cloud is the only solution in the industry that offers critical network security requirements across cloud providers.
Which two sections are part of the Asset Inventory dashboard? (Choose two.) a. Compliance Coverage b. Resource Summary c. Compliance Standard Table d. Asset Trend
b. Resource Summary d. Asset Trend
What are the Deployment Options available in Prisma Cloud? (Choose two.) a. IaaS Architecture in Prisma Cloud Compute Edition b. SaaS Architecture in Prisma Cloud Enterprise Edition c. Self-Hosted Architecture in Prisma Cloud Compute Edition d. PaaS Architecture in Prisma Cloud Enterprise Edition
b. SaaS Architecture in Prisma Cloud Enterprise Edition c. Self-Hosted Architecture in Prisma Cloud Compute Edition
Which is used in Prisma Cloud for setting the baseline for the machine learning (ML) models ? a. Relearning b. Training Model Threshold c. Learning d. all of the above
b. Training Model Threshold
Which option is a service that enables customers to connect their Amazon Virtual Private Clouds (VPCs) and their on-premises networks to a single gateway? a. Proxy Gateway b. Transit Gateway c. VPC Gateway d. VM Series Firewall
b. Transit Gateway
1. Which statement describes how Prisma Cloud can help with DevSecOps enablement? a. With Prisma Cloud, you can monitor compliance posture in real time and generate auditready reports with a single click. b. With Prisma Cloud, you can seamlessly implement security guardrails that provide control and prevent vulnerabilities and insecure config issues from progressing forward. c. Prisma Cloud enforces least privilege microsegmentation policies based on auto-learned network traffic flows. d. Prisma Cloud dynamically discovers new resources as soon as they are deployed in the cloud and tracks historical changes for auditing purposes.
b. With Prisma Cloud, you can seamlessly implement security guardrails that provide control and prevent vulnerabilities and insecure config issues from progressing forward.
What is the purpose of the PAN-CNI plug-in? a. manages the licenses for the CN-Series firewall b. allocation of network interfaces on every pod c. managing the configuration and licensing of the containerized firewalls d. activate the auth code and retrieve the specified number of tokens
b. allocation of network interfaces on every pod
What are two main types of integration available with Prisma Cloud? (Choose two.) a. egress b. inbound c. ingress d. outbound
b. inbound d. outbound
What are two benefits of segmentation strategy? (Choose two.) a. define different zones b. more granular access control to data center resources c. better visibility into traffic d. create VLAN
b. more granular access control to data center resources c. better visibility into traffic
What command is used to swap eth0 eth1. Eth0 becomes a data interface and eth1 becomes the management interface ? a. set system setting mgmt.-swap enable no b. set system setting mgmt.-swap enable yes c. request plugin vm_series aws gwib inspect enable yes d. request plugin vm_series aws gwib inspect enable no
b. set system setting mgmt.-swap enable yes
Which two types of timestamps are included in the image vulnerability scan? (Choose two.) CI server pull discovery date creation date published date
discovery date published date
Which component must be installed to support twistcli image scanning? PowerShell dynamic link library docker engine Bash shell
docker engine
When Prisma Cloud is operationalized, at which phase do we perform vulnerability management? a. learn b. plan c. deploy d. observe e. operationalize f. maintenance and operations
e. operationalize
Which query is used to detect non-automated activities from specific IP addresses? event from config from cloud from network from
event from
Prisma Cloud supports which two query types? (Choose two.) Select All Correct Responses cloud fromSQL event from threat from network from
event from network from
Which RQL query will locate events for Bruteforce Login attempts? event from cloud.audit_logs where anomaly.type = 'Bruteforce Login' event from iam where anomaly.type = 'Bruteforce Login' event from cloud.resource where anomaly.type = 'Bruteforce Login' event from vpc.flow_record where anomaly.type = 'Bruteforce Login'
event from cloud.audit_logs where anomaly.type = 'Bruteforce Login'
Which two operations can be performed using the interactive CLI tool? (Choose two.) download your Access Key and Secret Key fetch alerts and policies bulk onboard of cloud accounts access your public cloud account command shell
fetch alerts and policies bulk onboard of cloud accounts
Which three options are reasons why complexity and scale are considered major cloud security challenges? (Choose three.) large number of users and compute instances public access increasing use of APIs cross-account visibility lack of control of IdP authentication
large number of users and compute instances public access cross-account visibility
Which two methods are used when installing Defenders on Windows Server? (Choose two.) runs as a Windows service installed using an MSI file installed using a PowerShell script deployed as a Daemon service
runs as a Windows service installed using a PowerShell script
Which RQL expression applies the correct syntax? json.rule = (document.Statement[*].Action anyStartWith s3:' AND 'document.Statement[*]. Effect == "Allow") json.rule = (document.Statement[*].Action anyStartWith s3:' And 'document.Statement[*]. Effect == "Allow") json.rule = (document.Statement[*].Action any start with s3:) and (document.Statement[*]. Effect == "Allow") json.rule = (document.Statement[*].Action any start with s3:) + (document.Statement[*]. Effect == "Allow")
json.rule = (document.Statement[*].Action any start with s3:) and (document.Statement[*]. Effect == "Allow")
What are the three main cloud security challenges? (Choose three.) lack of visibility complexity and scale excessive users with super admin privileges phishing attacks lack of governance
lack of visibility complexity and scale lack of governance
Which attribute is provided by Collections? add resources to a specific bucket limit views to specific sets of resources combine multiple consoles in a single web interface combine container clusters into a single view
limit views to specific sets of resources
Which two principal object types does runtime defense incorporate? (Choose two.) models actions rules filters
models rules
Which RQL network query will locate resources where the destination port matches port 22? network from vpc.flow_record where source.port = 22 network from vpc.flow_record where dest.port = 22 network from vpc.flow_record where dest.ip = 22 network from vpc.flow_record where source.ip = 22
network from vpc.flow_record where dest.port = 22
Which version should you apply first when you upgrade Prisma Cloud Compute Console? next version update targeted version next major version update any higher version
next major version update
Which two optionally collected events can be enabled for forensic data? (Choose two.) on-demand network connection snapshots ongoing network firewall monitoring ongoing network collection logging network packet sniffer data
on-demand network connection snapshots ongoing network collection logging
What is the function of the grace period in a vulnerability rule? override the blocking action of a rule override logging the rule violation disable the rule suspend the rule during peak loads
override the blocking action of a rule
Which two categories of exposure are supported in Prisma Cloud Data Security? (Choose two.) sensitive public internet conditional
public conditional
Which information is provided by the Intelligence Stream? machine learning analysis real-time threat feed developer product updates data filter logging
real-time threat feed
What is the CVE system used for? whitelist for images that are safe to deploy rank vulnerabilities by severity reference publicly known vulnerabilities repository for downloading vulnerability fixes
reference publicly known vulnerabilities
Which capability does Trusted images provide? compliance check that discovers images you can trust security control that lets you declare which registries you trust compliance rule that remediates untrusted images security control that lets you configure trusted users
security control that lets you declare which registries you trust
Which two operations are performed by Defenders? (Choose two.) reboot the host when malware is detected send suspicious files to the console for analysis send event data to the Console enforce policies defined in the Console
send event data to the Console enforce policies defined in the Console
Scanned content that is classified under Financial Information, Healthcare, PII, or Intellectual Property is considered as which type of data? private sensitive confidential empty
sensitive
Which two filtering options are built into the Containers view of Radar? (Choose two.) severity threshold CI/CD pipeline data center namespaces
severity threshold namespaces
Defenders are deployed to which two environments? (Choose two.) to your workloads to your cloud databases to your CI/CD pipeline to your VPC resources
to your VPC resources to your workloads
Defenders are deployed to which two environments? (Choose two.) to your workloads to your cloud databases to your CI/CD pipeline to your VPC resources
to your workloads to your CI/CD pipeline
True or False? A failure to ingest Amazon Inspector data is most likely due to Amazon Inspector not being enabled on the AWS account or the Prisma Cloud role not having the required permissions for Amazon Inspector. false true
true
True or false? You can use an RQL Query expression to create a custom policy. True False
true
The LIVEcommunity page supports which two features? (Choose two.) contests downloads videos discussions
videos discussions
Which two data category links are available from the Risk summary tab in the Node Details panel? (Choose two.) package info vulnerabilities runtime processes
vulnerabilities runtime
What is the most important factor used when determining the risk score? vulnerability severity open ingress ports available exploit privilege of the container
vulnerability severity
What steps are included in the cybersecurity kill chain? reconnaissance, phishing, and spoofing exploitation, installation, and crypto mining delivery, blocking, and data leaks weaponization, exploitation, and command and control
weaponization, exploitation, and command and control
In Prisma Cloud, which tool secures web applications by inspecting and filtering Layer 7 traffic to and from the application? cloud native network firewall (CNNF) web application and API security (WAAS) run-time application self-protection (RASP) web application firewall (WAF)
web application and API security (WAAS)
Which two backup intervals are supported in the Console? (Choose two.) weekly hourly daily biweekly
weekly daily
Which two options does IAM Security target to improve governance? (Choose two.) the cross-account risks what machines and users can do where the resources are located the usage of machines and users
what machines and users can do the usage of machines and users
When are alerts triggered? when new user activity occurs on your system when the rules that comprise your policy are violated when a user enters an incorrect password when vulnerability thresholds are exceeded
when the rules that comprise your policy are violated
Prisma Cloud has discrete checks that cover which two options? (Choose two.) a. clusters b. images c. hypervisors d. VM operating systems
A & B
Prisma Cloud can ingest configurations and data from which two public cloud providers? (Choose two.) a. Alibaba Cloud b. IBM Cloud c. Oracle Cloud d. Google Cloud Platform
A & D - Alibaba and Google. Oracle was recently added, but might not be on the test yet
Runtime audit events are detected by which two runtime sensors? (Choose two.) a. file system b. firewall event c. DNS call d. system call
A - File System & D - System Call
What does each color circle represent in the Radar view? Blue, Black, Globe
A blue circle means the container's model is still in learning mode. A black circle means the container's model is activated. A globe symbol indicates that a container can access the Internet.
Which two configuration build phase policies are available for Amazon Web Services? (Choose two.) a. AWS CloudTrail is Enabled in All Regions b. AWS Default Security Group restricts all traffic c. AWS CloudTrail bucket is publicly accessible d. AWS ElasticSearch Cluster Not in a VPC
c. AWS CloudTrail bucket is publicly accessible d. AWS ElasticSearch Cluster Not in a VPC
.What is the template type configured to for IaC scan to support AWS CloudFormation? a. TF b. K8S c. CFT d. ATF
c. CFT
Policies used for scanning IaC templates use which type of query? a. RQL config b. RQL network c. JSON d. SQL
c. JSON
Queries for Build Policy Subtypes are written in which file type? a. .bin b. .exe c. JSON d. CFT
c. JSON
Prisma Cloud integrates with which Jira product to receive alert notifications in Jira accounts? a. Jira Standard b. Jira Hub c. Jira Cloud d. Jira Enterprise
c. Jira Cloud
Which two Kubernetes policy subtypes are rated as high severity? (Choose two.) a. containers must be run as root b. do not allow sharing host PID namespace c. containers must not be run as root d. do not share host network with containers
c. containers must not be run as root d. do not share host network with containers
. Which AWS permission is required to perform ingestion? a. "aws-apigateway-get-apis" b. "aws-apigateway-rest-apis" c. "aws-apigateway-apis" d. "aws-apigateway-get-rest-apis"
d. "aws-apigateway-get-rest-apis"
What is the maximum number of hours that tokens for accessing the Prisma Cloud API are valid? a. 1 b. 8 c. 12 d. 24
d. 24
What is the maximum password similarity level allowed by Prisma Cloud? a. 39% b. 49% c. 59% d. 69%
d. 69%
Which is the highest Prisma Cloud risk rating, which requires immediate assessment? a. A b. 1 c. 10 d. F
d. F
Istio monitoring is available for which clusters? a. OpenView b. Docker Swarm c. Marathon d. OpenShift
d. OpenShift
Which service handles user management In Prisma Cloud Enterprise Edition? a. Active Directory b. OpenLDAP c. SAML d. Prisma Cloud app
d. Prisma Cloud app
Prisma Cloud Compute is offered in which deployment option? a. Air-gap environments only b. on-premises environments c. customer's VPC environments d. SaaS from Palo Alto Networks
d. SaaS from Palo Alto Networks
Why are failed resources more likely to be shown on the Compliance Dashboard rather than on the Asset Inventory? a. The Compliance Dashboard includes all registry and container assets ingested directly from the monitored cloud accounts. b. The Asset Inventory counts only foreign entities such as SSO. c. The Asset Inventory counts only Federated Users. d. The Compliance Dashboard includes foreign entities ingested directly from the monitored cloud accounts.
d. The Compliance Dashboard includes foreign entities ingested directly from the monitored cloud accounts.
When the Cloud Native Network Firewall (CNNF) is disabled, what happens with traffic flows? a. They are assumed valid and the environment is monitored for new connections. b. They bypass inspection by the CNN. c. They are modeled but not monitored. d. They are modeled and displayed in Radar.
d. They are modeled and displayed in Radar.
Prisma Cloud requires which API to enable data flow on Google Cloud Platform? a. netflow.google.com b. dataflow.google.com c. dataflow.vpc.google.com d. dataflow.googleapi.com
d. dataflow.googleapi.com
Which twistcli tool function retrieves threat data from the Prisma Cloud Intelligence Stream and pushes the updates to an air-gapped environment? a. serverless b. support c. images d. intelligence
d. intelligence
A DevOps User has which Action Level? a. run the Continuous Integration plugin b. read-write access to all rules and data c. full read-write access to all Prisma Cloud settings and data d. read-only access to vulnerability scan data
d. read-only access to vulnerability scan data
Which method do you use when adding comments to a Prisma Cloud eval support case? a. the Post tab in the SFDC console b. the New tab in the SFDC console c. the Post tab in the Case Comments section of the Customer Support Portal d. the New tab in the Case Comments section of the Customer Support Portal
d. the New tab in the Case Comments section of the Customer Support Portal
A networking rule can place a Defender in which mode? a. Deny b. Alarm c. Block d. Permit
C - Block
What are the Prisma Cloud Console hardware requirements (Metal)
<1000 Defenders - 4 vCPUs, 8 GB RAM, 100Gb Storage 1001-10000 Defenders - 8 vCPUs, 30GB RAM, 500Gb Storage
How does Radar indicate an internet-accessible container? a. blue circle b. black circle c. globe symbol d. star symbol
C - Globe
. Which two defender actions are disabled on Windows? (Choose two.) a. export b. scan c. install d. uninstall
C&D, Install/Uninstall
RBAC Roles For Compute Rank these roles in order of access CI User Operator Administrator Devops User Access User Defender Manager
Administrator Full read-write access to all Prisma Cloud settings and data Operator Read-write access to all rules and data. Read-only access to user and group management and role assignments. Defender Manager Read-only access to all rules and data. Can install and uninstall Prisma Cloud Defenders used for automating defender installs via Bearer Token or Basic Auth Auditor Read-only access to all Prisma Cloud rules and data DevOps User Read-only access to vulnerability scan data Access User Install personal certificates required for access to Defender protected nodes CI User Run the Continuous Integration plugin. No Prisma Cloud Console access.
CNNF?
Cloud Native Network Firewall
Which licensing use data can be obtained in CSV file format for a time period greater than three days? a. hourly usage data b. hourly licensed usage data c. daily licensed usage data d. quarterly licensed usage data
a. hourly usage data
What are the 3 types of RQL Queries?
Config: Use Config Query to search for the configuration of the cloud resources. Event: Use Event Query to search and audit all the console and API access events in your cloud environment. Network: Use Network Query to search real-time network events in your environment.
What are the 3 Custom Policy Types you can create?
Configuration Policy (Build and Run) Network Policies Audit Event Policies
What are the 4 types of defenders?
Container Defender Host Defender Serverless Defender RASP Defender
Which RQL query will produce a custom report that displays the number of AWS VPCs that do not have subnets when there are more than two VPCs? a. config where cloud.type = 'aws' AND api.name = 'aws-ec2-describe-vpc' as X; config where api.name = 'aws-ec2-describe-subnets' as Y; filter 'not $.X.vpcId equals $.Y.vpcId'; show X; count(X) > 2 b. config where cloud.type = 'aws' AND api.name = 'aws-ec2-describe-vpc' as X; config where api.name = 'aws-ec2-describe-subnets' as Y; filter 'not $.X.vpcId equals $.Y.vpcId'; show X; count(X) => 2 c. config where cloud.type = 'aws' AND api.name = 'aws-ec2-describe-vpcs' as X; config where api.name = 'aws-ec2-describe-subnets' as Y; filter 'not $.X.vpcId equals $.Y.vpcId'; show X; count(X) => 2 d. config where cloud.type = 'aws' AND api.name = 'aws-ec2-describe-vpcs' as X; config where api.name = 'aws-ec2-describe-subnets' as Y; filter 'not $.X.vpcId equals $.Y.vpcId'; show X; count(X) > 2
D
With Trusted Images enabled, which Prisma Cloud action happens if an untrusted image runs? a. The container is blocked from running. b. The container is removed from the registry. c. The container is re-imaged. d. An audit is created for the container running the untrusted image.
D - Audit is created
Arrange the colors by severity in the Radar Orange Green Red Dark Red
Dark Red - Highest risk Red - Severe vulnerabilities detected Orange - Medium vulnerabilities detected Green - No vulnerabilities
What effects are possible when a violation of runtime policies are found?
Disable: Defender doesn't provide any protection for processes. Alert: Defender raises alerts when it detects process activity that deviates from your defined runtime policy. These alerts are visible in Monitor > Events > Container Audits. Prevent: Defender stops the process (and just the process) that violates your policy from executing. This action of stopping a process is known as discrete blocking. Block: Defender stops the entire container if a process that violates your policy attempts to run.
Which two risk factors can be used in Vulnerability Explorer to prioritize individual vulnerabilities for mitigation? (Choose two.) a. DoS b. system call c. container is running as root d. running as non-privileged host
DoS and Container running as Root (A & C)
What orchestrators can support Prisma Cloud?
Docker Swarm Kubernetes Openshift Tanzu Application Service ECS EKS AKS GKE
What are considered workloads on Alibaba Cloud?
ECS's
Which two entities send and receive data to the Prisma Cloud console at build time to scan the image before images get pushed to the registry? (Choose two.) a. Jenkins b. Docker c. Kubernetes d. CI server
Jenkins and CI Server (A&D)
What are the types of Runtime Policies you can create?
IP Connectivity Detect Port Scanning Raw Sockets DNS Dangerous Domains Explicit Allow & Deny
Prisma Cloud provides out of the box reports on which 3 compliance standards? A. PCI B. HIPAA C. CIS D. EULA E. PAC
PCI, HIPAA, CIS
1. Prisma Cloud uses which two runtime rules? (Choose two.) a. networking-ingoing b. processes c. files d. networking-outgoing
Processes and Networking Outgoing (b & d) Not shown is "Filesystems"
What can Serverless Defender detect?
SQL Injection Cross-Site scripting Command injection Local file system inclusion Code injection
What authentications methods are supported for the Prisma Cloud Console?
Username/Password Lightweight directory access protocol (LDAP) Security Assertion Markup Language v2.0 (SAML2.0) X.509 smart cards
In Prisma Cloud Radar each node has a numeral in a circle ... what does it represent?
The number of containers on the node
At what hourly time interval does Prisma Cloud retrieve data from Tenable? a. 1 b. 6 c. 12 d. 24
a. 1
1. What is the maximum amount of time that models built by Prisma Cloud persist after they are archived? a. 24 hours b. 30 days c. 60 days d. 90 days
a. 24 hours
Serverless radar supports which provider's service offering? a. AWS Lambda b. AWS Fargate c. GCP serverless platform d. Azure Functions
a. AWS Lambda
Which option is a licensable workload for Prisma Cloud? a. AWS NAT Gateway b. GCP NAT Gateway c. Azure NAT Gateway d. AWS NAT Load Balancer Gateway
a. AWS NAT Gateway
Prisma Cloud can send alert notifications to which third-party tool? a. AWS Security Hub b. Firebase Cloud Messaging c. Azure Notifications Hubs d. Amazon SNS
a. AWS Security Hub
Which statement is a limitation of custom rules? a. Write operations to existing files are not prevented. b. Read operations to existing files are not prevented. c. Write permission changes to existing files are not prevented. d. Read permission changes to existing files are not prevented.
a. Write operations to existing files are not prevented.
Which hosts running Container Defender are seen as eight workloads? a. hosts that run containers b. hosts that don't run containers c. AWS Fargate containers d. Google Cloud Run containers
a. hosts that run containers
Prisma Cloud integrates with which AWS service for centralized visibility and compliance risks? a. AWS Fargate b. AWS Security Hub c. AWS Compliance Hub d. AWS Lambda
b. AWS Security Hub
Prisma Cloud integrates with which two threat intelligence feeds? (Choose two.) a. AWS ThreatFeed b. Facebook ThreatExchange c. ThreatConnect d. AutoFocus
b. Facebook ThreatExchange d. AutoFocus
Which two compliance standards are supported in AWS, Azure, and GCP? (Choose two.) a. SOC 1 b. GDPR c. CIS v1.2 d. PIPEDA
b. GDPR d. PIPEDA
What is an advantage of shift-left security? a. Security first is enabled at container runtime. b. Security is built into early development stages. c. Security is available after the first alert is generated. d. Security does not interact with CI/CD processes.
b. Security is built into early development stages.
Why is it a best practice to deploy Prisma Cloud to at least one environment other than production? a. The production environment is available only after a 30-day ingestion period, b. Upgrades and new rules could incapacitate the mission-critical production environment. c. Changes must first be enabled in the pre-production environment before they are rolled into the production environment. d. The container running Prisma Cloud needs a backup.
b. Upgrades and new rules could incapacitate the mission-critical production environment.
What defines a policy in Prisma Cloud? a. a group of alerts configured to send notifications b. a set of one or more constraints or conditions that must be adhered to c. a predefined NIST best practice d. default Prisma Cloud data that cannot be modified
b. a set of one or more constraints or conditions that must be
When Docker is used, who can bypass Defender and Prisma Cloud policies? a. anyone with administrator permissions for Prisma Cloud b. anyone with direct access to the Docker daemon c. anyone with direct Kubernetes access d. anyone with Docker administrator permissions
b. anyone with direct access to the Docker daemon
Prisma Cloud ingests which two APIs for Amazon Elastic Load Balancing? (Choose two.) a. aws-elb-define-load-balancers b. aws-elbv2-target-group c. aws-elb-describe-policies d. aws-elbv2-describe-load-balancers
b. aws-elbv2-target-group d. aws-elbv2-describe-load-balancers
Which two rule types are relevant to runtime? (Choose two.) a. services b. filesystem c. processes d. networking
b. filesystem c. processes
Which state can an alert return to after it has snoozed and the timer has expired? a. dismissed b. resolved c. active d. inactive
b. resolved
Which count does the Resource Summary in the Prisma Cloud Asset Inventory contain? a. total resource types b. total unique resources c. all assets in the Asset Explorer d. all assets in the Resource Explorer
b. total unique resources
