Prisma Certified Cloud Security Engineer Questions and Answers
The security auditors need to ensure that given compliance checks are being run on the host. Which option is a valid host compliance policy?
What is the maximum number of access keys a user can generate in Prisma Cloud with a System Admin role?
Which step should a SecOps engineer implement in order to create a network exposure policy that identifies instances accessible from any untrusted internet sources?
Prisma Cloud cannot integrate which of the following secrets managers?
What is the order of steps in a Jenkins pipeline scan?
(Drag the steps into the correct order of occurrence, from the first step to the last.)
Which method should be used to authenticate to Prisma Cloud Enterprise programmatically?
Which intensity setting for anomaly alerts is used for the measurement of 100 events over 30 days?
A customer has a large environment that needs to upgrade Console without upgrading all Defenders at one time.
What are two prerequisites prior to performing a rolling upgrade of Defenders? (Choose two.)
Which two fields are required to configure SSO in Prisma Cloud? (Choose two.)
Which Defender type performs registry scanning?
Which order of steps map a policy to a custom compliance standard?
(Drag the steps into the correct order of occurrence, from the first step to the last.)
A customer has a development environment with 50 connected Defenders. A maintenance window is set for Monday to upgrade 30 stand-alone Defenders in the development environment, but there is no maintenance window available until Sunday to upgrade the remaining 20 stand-alone Defenders.
Which recommended action manages this situation?
Which two required request headers interface with Prisma Cloud API? (Choose two.)
Given the following RQL:
Which audit event snippet is identified by the RQL?
A)
B)
C)
D)
What are two built-in RBAC permission groups for Prisma Cloud? (Choose two.)
Which ROL query is used to detect certain high-risk activities executed by a root user in AWS?
Which two statements are true about the differences between build and run config policies? (Choose two.)
In Azure, what permissions need to be added to Management Groups to allow Prisma Cloud to calculate net effective permissions?
Which Prisma Cloud policy type detects port scanning activities in a customer environment?
Which Prisma Cloud policy type can protect against malware?
How is the scope of each rule determined in the Prisma Cloud Compute host runtime policy?
Which two roles have access to view the Prisma Cloud policies? (Choose two.)
Which two statements apply to the Defender type Container Defender - Linux?
Taking which action will automatically enable all severity levels?
A user from an organization is unable to log in to Prisma Cloud Console after having logged in the previous day.
Which area on the Console will provide input on this issue?
Which container image scan is constructed correctly?
Put the steps of integrating Okta with Prisma Cloud in the right order in relation to CIEM or SSO okra integration.
What is the purpose of Incident Explorer in Prisma Cloud Compute under the "Monitor" section?
The Prisma Cloud administrator has configured a new policy.
Which steps should be used to assign this policy to a compliance standard?
A customer has a requirement to restrict any container from resolving the name
How should the administrator configure Prisma Cloud Compute to satisfy this requirement?
An administrator for Prisma Cloud needs to obtain a graphical view to monitor all connections, including connections across hosts and connections to any configured network objects.
Which setting does the administrator enable or configure to accomplish this task?
An administrator sees that a runtime audit has been generated for a host. The audit message is:
“Service postfix attempted to obtain capability SHELL by executing /bin/sh /usr/libexec/postfix/postfix- script.stop. Low severity audit, event is automatically added to the runtime model”
Which runtime host policy rule is the root cause for this runtime audit?
When would a policy apply if the policy is set under Defend > Vulnerability > Images > Deployed?
Which IAM Azure RQL query would correctly generate an output to view users who have sufficient permissions to create security groups within Azure AD and create applications?
Which two proper agentless scanning modes are supported with Prisma Cloud? (Choose two).
A DevOps lead reviewed some system logs and notices some odd behavior that could be a data exfiltration attempt. The DevOps lead only has access to vulnerability data in Prisma Cloud Compute, so the DevOps lead passes this information to SecOps.
Which pages in Prisma Cloud Compute can the SecOps lead use to investigate the runtime aspects of this attack?
A customer wants to harden its environment from misconfiguration.
Prisma Cloud Compute Compliance enforcement for hosts covers which three options? (Choose three.)
What is a benefit of the Cloud Discovery feature?
What are two ways to scan container images in Jenkins pipelines? (Choose two.)
In which two ways can Prisma Cloud images be retrieved in Prisma Cloud Compute Self-Hosted Edition? (Choose two.)
How are the following categorized?
Backdoor account access Hijacked processes Lateral movement
Port scanning
Given the following JSON query:
$.resource[*].aws_s3_bucket exists
Which tab is the correct place to add the JSON query when creating a Config policy?
An administrator has been tasked with a requirement by your DevSecOps team to write a script to continuously query programmatically the existing users, and the user’s associated permission levels, in a Prisma Cloud Enterprise tenant.
Which public documentation location should be reviewed to help determine the required attributes to carry out this step?
Which options show the steps required after upgrade of Console?
What are the three states of the Container Runtime Model? (Choose three.)
Which two offerings will scan container images in Jenkins pipelines? (Choose two.)
The development team wants to block Cross Site Scripting attacks from pods in its environment. How should the team construct the CNAF policy to protect against this attack?
A customer has a requirement to scan serverless functions for vulnerabilities.
What is the correct option to configure scanning?
A customer has serverless functions that are deployed in multiple clouds.
Which serverless cloud provider is covered be “overly permissive service access” compliance check?
Which statement is true about obtaining Console images for Prisma Cloud Compute Edition?
Given the following audit event activity snippet:
Which RQL will be triggered by the audit event?
A)
B)
C)
D)
Move the steps to the correct order to set up and execute a serverless scan using AWS DevOps.
Which three incident types will be reflected in the Incident Explorer section of Runtime Defense? (Choose three.)
In WAAS Access control file upload controls, which three file types are supported out of the box? (Choose three.)
Which of the following is not a supported external integration for receiving Prisma Cloud Code Security notifications?
Which two processes ensure that builds can function after a Console upgrade? (Choose two.)
Given an existing ECS Cluster, which option shows the steps required to install the Console in Amazon ECS?
A customer wants to turn on Auto Remediation.
Which policy type has the built-in CLI command for remediation?
A manager informs the SOC that one or more RDS instances have been compromised and the SOC needs to make sure production RDS instances are NOT publicly accessible.
Which action should the SOC take to follow security best practices?
Which two of the following are required to be entered on the IdP side when setting up SSO in Prisma Cloud? (Choose two.)
What are two alarm types that are registered after alarms are enabled? (Choose two.)
Which two attributes of policies can be fetched using API? (Choose two.)
The compliance team needs to associate Prisma Cloud policies with compliance frameworks. Which option should the team select to perform this task?
A customer is deploying Defenders to a Fargate environment. It wants to understand the vulnerabilities in the image it is deploying.
How should the customer automate vulnerability scanning for images deployed to Fargate?
Which three fields are mandatory when authenticating the Prisma Cloud plugin in the IntelliJ application? (Choose three.)
Which resource and policy type are used to calculate AWS Net Effective Permissions? (Choose two.)
Which two variables must be modified to achieve automatic remediation for identity and access management (IAM) alerts in Azure cloud? (Choose two.)
Which action must be taken to enable a user to interact programmatically with the Prisma Cloud APIs and for a nonhuman entity to be enabled for the access keys?
Which policy type should be used to detect and alert on cryptominer network activity?
Which statement applies to Adoption Advisor?
Order the steps involved in onboarding an AWS Account for use with Data Security feature.
A customer wants to monitor the company’s AWS accounts via Prisma Cloud, but only needs the resource configuration to be monitored for now.
Which two pieces of information do you need to onboard this account? (Choose two.)
When an alert notification from the alarm center is deleted, how many hours will a similar alarm be suppressed by default?
An administrator needs to detect and alert on any activities performed by a root account.
Which policy type should be used?
Which field is required during the creation of a custom config query?