Palo Alto Networks PAN-CSP Online Practice Questions and Exam Preparation

Palo Alto Networks PAN-CSP Online Questions & Answers

• Question 121:

  While writing a custom RQL with array objects in the investigate page, which type of auto-suggestion a user can leverage?

  A. Auto-suggestion for array objects that are useful for comparing between arrays
  B. Auto-suggestion is not available for array objects
  C. Auto-suggestion for array objects that are useful for categorization of resource parameters
  D. Auto-suggestion for array objects that are useful for comparing between array elements
  B. Auto-suggestion is not available for array objects

  ---

  Explanation

  https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-rql-reference/rql-reference/event-query/event-query-attributes

• Question 122:

  DRAG DROP

  Which order of steps map a policy to a custom compliance standard?

  (Drag the steps into the correct order of occurrence, from the first step to the last.)

  Select and Place:

  

  

• Question 123:

  An administrator sees that a runtime audit has been generated for a Container. The audit message is `DNS resolution of suspicious name wikipedia.com. type A`.

  Why would this message appear as an audit?

  A. The DNS was not learned as part of the Container model or added to the DNS allow list.
  B. This is a DNS known to be a source of malware.
  C. The process calling out to this domain was not part of the Container model.
  D. The Layer7 firewall detected this as anomalous behavior.
  A. The DNS was not learned as part of the Container model or added to the DNS allow list.

  ---

  Explanation

  The runtime audit message indicating "DNS resolution of suspicious name wikipedia.com. type A" would appear as an audit because the DNS was not learned as part of the Container model or added to the DNS allow list (option A). In cloud security platforms like Prisma Cloud, runtime protection policies monitor the behavior of running containers and compare it against a learned model of expected behavior. If a container attempts to resolve a DNS name that was not observed during the learning phase or specifically allowed, it triggers an audit event to alert security teams of potentially malicious activity.

• Question 124:

  Which action must be taken to enable a user to interact programmatically with the Prisma Cloud APIs and for a nonhuman entity to be enabled for the access keys?

  A. Create a role with System Admin and generate access keys.
  B. Create a user with a role that has minimal access.
  C. Create a role with Account Group Read Only and assign it to the user.
  D. Create a role and assign it to the Service Account.
  D. Create a role and assign it to the Service Account.

  ---

  Explanation

  To enable a user to interact programmatically with Prisma Cloud APIs and for a nonhuman entity to access keys, the correct action is to create a role and assign it to the Service Account (D). Service accounts in Prisma Cloud are designed for programmatic access by applications or automated tools, allowing these entities to interact with Prisma Cloud APIs securely. By creating a specific role with the necessary permissions and assigning it to a service account, administrators can ensure that the entity has the appropriate level of access required for its operations, aligning with the principle of least privilege and enhancing the security posture of API interactions.

• Question 125:

  How often do Defenders share logs with Console?

  A. Every 10 minutes
  B. Every 30 minutes
  C. Every 1 hour
  D. Real time
  B. Every 30 minutes

  ---

  Explanation

  https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/audit/log_rotation

• Question 126:

  A security team is deploying Cloud Native Application Firewall (CNAF) on a containerized web application. The application is running an NGINX container. The container is listening on port 8080 and is mapped to host port 80.

  Which port should the team specify in the CNAF rule to protect the application?

  A. 443
  B. 80
  C. 8080
  D. 8888
  C. 8080

  ---

  Explanation

  References:

  https://docs.paloaltonetworks.com/prisma/prisma-cloud/19-11/prisma-cloud-compute-edition-admin/rewalls/deploy_cnaf.html

• Question 127:

  In Prisma Cloud for Azure Net Effective Permissions Calculation, the following Azure permission levels are supported by which three permissions? (Choose three.)

  A. Resources
  B. Tenant
  C. Subscription
  D. Resource groups
  E. Management Group
  C. Subscription
  D. Resource groups
  E. Management Group

• Question 128:

  Creation of a new custom compliance standard that is based on other individual custom compliance standards needs to be automated.

  Assuming the necessary data from other standards has been collected, which API order should be used for this new compliance standard?

  A. 1. https://api.prismacloud.io/compliance/add2. https://api.prismacloud.io/compliance/requirementld/section3. https://api.prismacloud.io/compliance/complianceld/requirement
  B. 1. https://api.prismacloud.io/compliance2. https://api.prismacloud.io/compliance/complianceld/requirement3. https://api.prismacloud.io/compliance/requirementld/section
  C. 1. https://api.prismacloud.io/compliance/add2. https://api.prismacloud.io/compliance/complianceld/requirement3. https://api.prismacloud.io/compliance/requirementld/section
  D. 1. https://api.prismacloud.io/compliance2. https://api.prismacloud.io/compliance/requirementld/section3. https://api.prismacloud.io/compliance/complianceld/requirement
  B. 1. https://api.prismacloud.io/compliance2. https://api.prismacloud.io/compliance/complianceld/requirement3. https://api.prismacloud.io/compliance/requirementld/section

  ---

  Explanation

  https://api.prismacloud.io/compliance

  Add Compliance Standard

  https://api.prismacloud.io/compliance/complianceld/requirement

  Add Compliance Requirement

  https://api.prismacloud.io/compliance/requirementld/section

  Add Compliance Requirement Section

  https://pan.dev/prisma-cloud/api/cspm/get-all-standards/

• Question 129:

  Which two attributes are required for a custom config RQL? (Choose two.)

  A. json.rule
  B. cloud.account
  C. api.name
  D. tag
  A. json.rule
  C. api.name

  ---

  Explanation

  For a custom config Resource Query Language (RQL) in Prisma Cloud, two essential attributes are "json.rule" and "api.name." The "json.rule" attribute allows users to specify the JSON structure that defines the criteria or conditions of the query, essentially dictating what the query is looking for within the cloud environment. The "api.name" attribute identifies the specific API endpoint that the query will target, providing context and scope for the query. Together, these attributes enable users to craft precise and targeted queries that can assess the configuration and security posture of cloud resources, aiding in compliance checks, security assessments, and other governance tasks.

  https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/prisma-cloud-policies/create-a-policy

• Question 130:

  Which two options may be used to upgrade the Defenders with a Console v20.04 and Kubernetes deployment? (Choose two.)

  A. Run the provided curl | bash script from Console to remove Defenders, and then use Cloud Discovery to automatically redeploy Defenders.
  B. Remove Defenders DaemonSet, and then use Cloud Discovery to automatically redeploy the Defenders.
  C. Remove Defenders, and then deploy the new DaemonSet so Defenders do not have to automatically update on each deployment.
  D. Let Defenders automatically upgrade.
  A. Run the provided curl | bash script from Console to remove Defenders, and then use Cloud Discovery to automatically redeploy Defenders.
  B. Remove Defenders DaemonSet, and then use Cloud Discovery to automatically redeploy the Defenders.