Practice Free Palo Alto Networks PCCSE Exam Questions Online, PCCSE Free Demo

Question 1 Selectable Answer

A customer is interested in PCI requirements and needs to ensure that no privilege containers can start in the environment.
Which action needs to be set for “do not use privileged containers”?

A. Prevent
B. Alert
C. Block
D. Fail

Answer:
Explanation:
Block―Defender stops the entire container if a process that violates your policy attempts to run.
https://docs.prismacloudcompute.com/docs/enterprise_edition/runtime_defense/runtime_defense_containers.html#_effect

Question 2 Selectable Answer

The security team wants to enable the “block” option under compliance checks on the host.
What effect will this option have if it violates the compliance check?

A. The host will be taken offline.
B. Additional hosts will be prevented form starting.
C. Containers on a host will be stopped.
D. No containers will be allowed to start on that host.

Answer:
Explanation:
Reference: https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/runtime_defense/runtime_defense_containers.html

Question 3 Selectable Answer

Which two of the following are required to be entered on the IdP side when setting up SSO in Prisma Cloud? (Choose two.)

A. Username
B. SSO Certificate
C. Assertion Consumer Service (ACS) URL
D. SP (Service Provider) Entity ID

Answer:
Explanation:
Reference: https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/manage-prisma-cloud-administrators/setup-sso-integration-on-prisma-cloud.html

Question 4 Selectable Answer

Which port should a security team use to pull data from Console’s API?

A. 53
B. 25
C. 8084
D. 8083

Answer:

Question 5 Selectable Answer

A customer has a requirement to terminate any Container from image topSecret:latest when a process named ransomWare is executed.
How should the administrator configure Prisma Cloud Compute to satisfy this requirement?

A. set the Container model to manual relearn and set the default runtime rule to block for process protection.
B. set the Container model to relearn and set the default runtime rule to prevent for process protection.
C. add a new runtime policy targeted at a specific Container name, add ransomWare process into the denied process list, and set the action to “prevent”.
D. choose “copy into rule” for the Container, add a ransomWare process into the denied process list, and set the action to “block”.

Answer:

Question 6 Selectable Answer

Given this information:
The Console is located at https://prisma-console.mydomain.local The username is: cluster
The password is: password123
The image to scan is: myimage:latest
Which twistcli command should be used to scan a Container for vulnerabilities and display the details about each vulnerability?

A. twistcli images scan --console-address https://prisma-console.mydomain.local -u cluster -p password123 -- details myimage:latest
B. twistcli images scan --console-address prisma-console.mydomain.local -u cluster -p password123 -- vulnerability-details myimage:latest
C. twistcli images scan --address prisma-console.mydomain.local -u cluster -p password123 --vulnerability- details myimage:latest
D. twistcli images scan --address https://prisma-console.mydomain.local -u cluster -p password123 --details myimage:latest

Answer:

Question 7 Selectable Answer

Which two filters are available in the SecOps dashboard? (Choose two.)

A. Time range
B. Account Groups
C. Service Name
D. Cloud Region

Answer:

Question 8 Selectable Answer

A customer is deploying Defenders to a Fargate environment. It wants to understand the vulnerabilities in the image it is deploying.
How should the customer automate vulnerability scanning for images deployed to Fargate?

A. Set up a vulnerability scanner on the registry
B. Embed a Fargate Defender to automatically scan for vulnerabilities
C. Designate a Fargate Defender to serve a dedicated image scanner
D. Use Cloud Compliance to identify misconfigured AWS accounts

Answer:
Explanation:
Reference: https://blog.paloaltonetworks.com/prisma-cloud/securing-aws-fargate-tasks/

Question 9 Selectable Answer

Which field is required during the creation of a custom config query?

A. resource status
B. api.name
C. finding.type
D. cloud.type

Answer:

Question 10 Selectable Answer

An administrator has been tasked with a requirement by your DevSecOps team to write a script to continuously query programmatically the existing users, and the user’s associated permission levels, in a Prisma Cloud Enterprise tenant.
Which public documentation location should be reviewed to help determine the required attributes to carry out this step?

A. Prisma Cloud Administrator’s Guide (Compute)
B. Prisma Cloud API Reference
C. Prisma Cloud Compute API Reference
D. Prisma Cloud Enterprise Administrator’s Guide

Answer:
Explanation:
Reference: https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin.html

Question 11 Selectable Answer

A DevOps lead reviewed some system logs and notices some odd behavior that could be a data exfiltration attempt. The DevOps lead only has access to vulnerability data in Prisma Cloud Compute, so the DevOps lead passes this information to SecOps.
Which pages in Prisma Cloud Compute can the SecOps lead use to investigate the runtime aspects of this attack?

A. The SecOps lead should investigate the attack using Vulnerability Explorer and Runtime Radar.
B. The SecOps lead should use Incident Explorer and Compliance Explorer.
C. The SecOps lead should use the Incident Explorer page and Monitor > Events > Container Audits.
D. The SecOps lead should review the vulnerability scans in the CI/CD process to determine blame.

Answer:
Explanation:
Reference: https://docs.paloaltonetworks.com/prisma/prisma-cloud/19-11/prisma-cloud-compute-edition-admin/runtime_defense/incident_explorer.html

Question 12 Selectable Answer

A customer wants to scan a serverless function as part of a build process.
Which twistcli command can be used to scan serverless functions?

A. twistcli function scan <SERVERLESS_FUNCTIO
B. ZIP>
C. twistcli scan serverless <SERVERLESS_FUNCTIO
D. ZIP>
E. twistcli serverless AWS <SERVERLESS_FUNCTIO
F. ZIP>
G. twiscli serverless scan <SERVERLESS_FUNCTIO
H. ZIP>

Answer:
Explanation:
The twistcli command is a CLI tool used to scan serverless functions as part of a build process. The command takes a serverless function as an argument, which should be provided in the form of a ZIP archive. By running the command, the serverless function will be scanned for any potential vulnerabilities.

Question 13 Selectable Answer

Which two statements apply to the Defender type Container Defender - Linux?

A. It is implemented as runtime protection in the userspace.
B. It is deployed as a service.
C. It is deployed as a container.
D. It is incapable of filesystem runtime defense.

Answer:

Question 14 Selectable Answer

Which two options may be used to upgrade the Defenders with a Console v20.04 and Kubernetes deployment? (Choose two.)

A. Run the provided curl | bash script from Console to remove Defenders, and then use Cloud Discovery to automatically redeploy Defenders.
B. Remove Defenders DaemonSet, and then use Cloud Discovery to automatically redeploy the Defenders.
C. Remove Defenders, and then deploy the new DaemonSet so Defenders do not have to automatically update on each deployment.
D. Let Defenders automatically upgrade.

Answer:
Explanation:
Reference: https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/install/defender_types.html

Question 15 Selectable Answer

A security team has been asked to create a custom policy.
Which two methods can the team use to accomplish this goal? (Choose two.)

A. add a new policy
B. clone an existing policy
C. disable an out-of-the-box policy
D. edit the query in the out-of-the-box policy

Answer:
Explanation:
Reference: https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/prisma-cloud-policies/manage-prisma-cloud-policies

Test Online Free Palo Alto Networks PCCSE Exam Questions and Answers