Palo Alto Networks Palo Alto Networks Certifications PCCSE Questions & Answers

• Question 111:

  Which two of the following are required to be entered on the IdP side when setting up SSO in Prisma Cloud? (Choose two.)

  A. Username

  B. SSO certificate

  C. Assertion Consumer Service (ACS) URL

  D. SP (Service Provider) Entity ID

  Correct Answer: BD

• Question 112:

  An administrator sees that a runtime audit has been generated for a container.

  The audit message is:

  "/bin/ls launched and is explicitly blocked in the runtime rule. Full command: ls -latr"

  Which protection in the runtime rule would cause this audit?

  A. Networking

  B. File systems

  C. Processes

  D. Container

  Correct Answer: C

• Question 113:

  Given the following RQL:

  event from cloud.audit_logs where operation IN (`CreateCryptoKey', `DestroyCryptoKeyVersion', `v1.compute.disks.createSnapshot')

  Which audit event snippet is identified?

  

  A. Option A

  B. Option B

  C. Option C

  D. Option D

  Correct Answer: A

• Question 114:

  A customer has serverless functions that are deployed in multiple clouds.

  Which serverless cloud provider is covered be "overly permissive service access" compliance check?

  A. Alibaba

  B. GCP

  C. AWS

  D. Azure

  Correct Answer: C

• Question 115:

  A customer has a requirement to restrict any container from resolving the name www.evil-url.com.

  How should the administrator Configure Prisma Cloud Compute to satisfy this requirement?

  A. Choose "copy into rule" for any Container, set www.evil-url.com as a blocklisted DNS name in the Container policy and set the policy effect to alert.

  B. Set www.evil-url.com as a blocklisted DNS name in the default Container runtime policy, and set the effect to block.

  C. Choose "copy into rule" for any Container, set www.evil-url.com as a blocklisted DNS name, and set the effect to prevent.

  D. Set www.evil-url.com as a blocklisted DNS name in the default Container policy and set the effect to prevent.

  Correct Answer: D

• Question 116:

  Which API calls can scan an image named myimage: latest with twistcli and then retrieve the results from Console?

  A. $ twistcli images scan \ --address \ --user \ --password \ --verbose \ myimage: latest

  B. $ twistcli images scan \ --address \ --user \ --password \ --details \ myimage: latest

  C. $ twistcli images scan \ --address \ --user \ --password \ myimage: latest

  D. $ twistcli images scan \ --address \ --user \ --password \ --console \ myimage: latest

  Correct Answer: B

• Question 117:

  One of the resources on the network has triggered an alert for a Default config policy.

  Given the following resource JSON snippet:

  

  Which RQL detected the vulnerability?

  

  A. Option A

  B. Option B

  C. Option C

  D. Option D

  Correct Answer: B

• Question 118:

  A customer has multiple violations in the environment including:

  User namespace is enabled An LDAP server is enabled SSH root is enabled

  Which section of Console should the administrator use to review these findings?

  A. Manage

  B. Vulnerabilities

  C. Radar

  D. Compliance

  Correct Answer: A

• Question 119:

  An administrator needs to detect and alert on any activities performed by a root account. Which policy type should be used?

  A. config-run

  B. config-build

  C. network

  D. audit event

  Correct Answer: D

  https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/prisma-cloud-policies/prisma-cloud-threat-detection

• Question 120:

  What is the maximum number of access keys a user can generate in Prisma Cloud with a System Admin role?

  A. 1

  B. 2

  C. 3

  D. 4

  Correct Answer: B