Palo Alto Networks PCCSE Online Practice Questions and Exam Preparation

Palo Alto Networks PCCSE Online Questions & Answers

• Question 171:

  Prisma Cloud Compute has been installed on Onebox. After Prisma Cloud Console has been accessed. Defender is disconnected and keeps returning the error "No console connectivity" in the logs. What could be causing the disconnection between Console and Defender in this scenario?

  A. Port 8083 is not open for Console and Defender communication.
  B. The license key provided to the Console is invalid.
  C. Onebox script installed an older version of the Defender.
  D. Port 8084 is not open for Console and Defender communication.
  D. Port 8084 is not open for Console and Defender communication.

  ---

  Explanation

  By default, Defender is configured to communicate with Console on port 8084. If port 8084 is closed, then Defender cannot communicate with Console. https://knowledgebase.paloaltonetworks.com/KCSArticleDetail? id=kA10g000000PNWXCA4#:~:text=If%20port%208084%20is%20closed%2C%20then%20Defender%20cannot%20communicate%20with%20Console.andtext=Resolve%20the% 20issue%20by%20setting,%3E%20Load%20Balancer%20%3E %20Defender).

• Question 172:

  Which field is required during the creation of a custom config query?

  A. resource status
  B. api.name
  C. finding.type
  D. cloud.type
  B. api.name

  ---

  Explanation

  During the creation of a custom config query in Prisma Cloud, the "api.name" field is required. This field specifies the API endpoint that the query will target, essentially defining the scope of the query within the cloud environment. The "api.name" serves as a critical identifier that allows the query to retrieve specific information or perform actions related to the chosen API endpoint. By specifying the "api.name," users can create tailored queries that address their specific security, compliance, or governance needs, enabling more precise and effective management of cloud resources and security posture. https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-rql-reference/rql-reference/configquery/config-query-attributes#id192IG0J098M

• Question 173:

  What are the three states of the Container Runtime Model? (Choose three.)

  A. Initiating
  B. Learning
  C. Active
  D. Running
  E. Archived
  B. Learning
  C. Active
  E. Archived

  ---

  Explanation

  The Container Runtime Model in Prisma Cloud typically includes states such as Learning, Active, and Archived. The Learning state is where Prisma Cloud observes container behaviors to understand normal operations and establish a baseline. During this phase, the system is not actively enforcing security policies but is learning the typical behaviors and patterns of container activity. The Active state is where the system actively enforces security policies based on the learned behaviors and detected anomalies. Containers that exhibit suspicious or malicious activity that deviates from the baseline may trigger alerts or actions based on configured policies. The Archived state refers to containers that are no longer active but whose data and activity logs are retained for historical analysis or compliance purposes. https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/runtime_defense/runtime_defense_containers

• Question 174:

  Which three fields are mandatory when authenticating the Prisma Cloud plugin in the IntelliJ application? (Choose three.)

  A. Secret Key
  B. Prisma Cloud API URL
  C. Tags
  D. Access Key
  E. Asset Name
  A. Secret Key
  B. Prisma Cloud API URL
  D. Access Key

  ---

  Explanation

  https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud- admin/prisma-cloud-devops-security/use-the-prisma-cloud-plugin-for-intellij.html

  When authenticating the Prisma Cloud plugin in the IntelliJ application, the mandatory fields are the Secret Key, Prisma Cloud API URL, and Access Key. These credentials are required to securely authenticate and enable the plugin to communicate with the Prisma Cloud API, ensuring that the plugin can perform its intended functions within the development environment.

• Question 175:

  Where are Top Critical CVEs for deployed images found?

  Vulnerabilities Code Repositories

  A. Defend Vulnerabilities Code Repositories
  B. Defend Vulnerabilities Images
  C. Monitor Vulnerabilities Vulnerabilities Explorer
  D. Monitor Vulnerabilities Images
  C. Monitor Vulnerabilities Vulnerabilities Explorer

  ---

  Explanation

  https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/vulnerability_management/vuln_explorer

• Question 176:

  Which component of a Kubernetes setup can approve, modify, or reject administrative requests?

  A. Kube Controller
  B. Terraform Controller
  C. Admission Controller
  D. Control plane
  C. Admission Controller

  ---

  Explanation

  In a Kubernetes environment, the Admission Controller is a critical component responsible for approving, modifying, or rejecting administrative requests before they are processed by the Kubernetes API server. The Admission Controller acts as a gatekeeper, enforcing governance and policy controls by evaluating requests against a set of predefined rules and policies. It can validate and mutate requests, ensuring that only compliant and authorized changes are allowed to proceed. This capability is vital for maintaining the security and integrity of the Kubernetes cluster, as it can prevent unauthorized or potentially harmful actions from being executed, thus playing a key role in the cluster's overall security posture.

• Question 177:

  Web-Application and API Security (WAAS) provides protection for which two protocols? (Choose two.)

  A. HTTP
  B. SSH
  C. Tomcat Web Connector via AJP
  D. TLS
  A. HTTP
  D. TLS

  ---

  Explanation

  Web-Application and API Security (WAAS) is a feature within Prisma Cloud that focuses on protecting web applications and APIs from various threats and vulnerabilities. The primary protocols it provides protection for are HTTP (Hypertext Transfer Protocol) and TLS (Transport Layer Security). HTTP is the foundation of data communication for the World Wide Web, and TLS is a cryptographic protocol designed to provide communications security over a computer network. While SSH (Secure Shell) is a protocol for secure remote login and other secure network services, and Tomcat Web Connector via AJP (Apache JServ Protocol) is used for Tomcat server communication, they are not the primary focus of WAAS protection.

• Question 178:

  Which intensity setting for anomaly alerts is used for the measurement of 100 events over 30 days?

  A. High
  B. Medium
  C. Low
  D. Very High
  B. Medium

  ---

  Explanation

  In the context of setting anomaly alert intensities in Prisma Cloud, an intensity setting of "Medium" could be used for the measurement of 100 events over 30 days. This setting indicates a moderate level of anomaly detection sensitivity, which

  is suitable for environments where there is a need to balance between detecting potential security issues and minimizing false positives.

  https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/manage-prisma-cloud-administrators/de ne-prisma-cloud-enterprise-settings.html

• Question 179:

  Which two elements are included in the audit trail section of the asset detail view? (Choose two).

  A. Configuration changes
  B. Findings
  C. Overview
  D. Alert and vulnerability events
  A. Configuration changes
  D. Alert and vulnerability events

  ---

  Explanation

  The audit trail section of an asset's detail view in Prisma Cloud typically includes a log of configuration changes and alert and vulnerability events associated with the asset. These elements are crucial for tracking the history of modifications to an asset's configuration and the security incidents that have affected it. This information is instrumental in understanding the security posture of the asset over time and in conducting thorough investigations after a security event has been detected.

• Question 180:

  A customer is interested in PCI requirements and needs to ensure that no privilege containers can start in the environment. Which action needs to be set for `do not use privileged containers`?

  A. Prevent
  B. Alert
  C. Block
  D. Fail
  C. Block

  ---

  Explanation

  Block-Defender stops the entire container if a process that violates your policy attempts to run.

  https://docs.prismacloudcompute.com/docs/enterprise_edition/runtime_defense/runtime_defense_containers.html#_effect