Palo Alto Networks PCCSE Online Practice Questions and Exam Preparation

Palo Alto Networks PCCSE Online Questions & Answers

• Question 181:

  Which categories does the Adoption Advisor use to measure adoption progress for Cloud Security Posture Management?

  A. Visibility, Compliance, Governance, and Threat Detection and Response
  B. Network, Anomaly, and Audit Event
  C. Visibility, Workload Scanning, and Compliance
  D. Foundations, Advanced, and Optimize
  A. Visibility, Compliance, Governance, and Threat Detection and Response

  ---

  Explanation

  https://www.paloaltonetworks.com/blog/prisma-cloud/operationalize-prisma-cloud-adoption-advisor/

• Question 182:

  Which two variables must be modified to achieve automatic remediation for identity and access management (IAM) alerts in Azure cloud? (Choose two.)

  A. API_ENDPOINT
  B. SQS_QUEUE_NAME
  C. SB_QUEUE_KEY
  D. YOUR_ACCOUNT_NUMBER
  A. API_ENDPOINT
  C. SB_QUEUE_KEY

  ---

  Explanation

  https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/prisma-cloud-iam-security/remediate-alerts-for-iam-security

• Question 183:

  DRAG DROP

  Move the steps to the correct order to set up and execute a serverless scan using AWS DevOps.

  Select and Place:

  

  

• Question 184:

  Who can access saved searches in a cloud account?

  A. Administrators
  B. Users who can access the tenant
  C. Creators
  D. All users with whom the saved search has been shared
  A. Administrators

  ---

  Explanation

  https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/manage-prisma-cloud-administrators/prisma-cloud-admin-permissions

• Question 185:

  Which two of the following are required to be entered on the IdP side when setting up SSO in Prisma Cloud? (Choose two.)

  A. Username
  B. SSO certificate
  C. Assertion Consumer Service (ACS) URL
  D. SP (Service Provider) Entity ID
  B. SSO certificate
  D. SP (Service Provider) Entity ID

  ---

  Explanation

• Question 186:

  A DevOps lead reviewed some system logs and notices some odd behavior that could be a data exfiltration attempt. The DevOps lead only has access to vulnerability data in Prisma Cloud Compute, so the DevOps lead passes this information to SecOps.

  Which pages in Prisma Cloud Compute can the SecOps lead use to investigate the runtime aspects of this attack?

  A. The SecOps lead should investigate the attack using Vulnerability Explorer and Runtime Radar.
  B. The SecOps lead should use Incident Explorer and Compliance Explorer.
  C. The SecOps lead should use the Incident Explorer page and Monitor > Events > Container Audits.
  D. The SecOps lead should review the vulnerability scans in the CI/CD process to determine blame.
  C. The SecOps lead should use the Incident Explorer page and Monitor > Events > Container Audits.

  ---

  Explanation

  To investigate the runtime aspects of a potential data exfiltration attempt, the SecOps lead in Prisma Cloud Compute should focus on areas that provide insights into runtime activity and potential threats.

  C. The SecOps lead should use the Incident Explorer page and Monitor > Events > Container Audits. These sections provide detailed information on security incidents and container-level activities, enabling a thorough investigation into the runtime behavior that might indicate a security issue.

  https://docs.paloaltonetworks.com/prisma/prisma-cloud/19-11/prisma-cloud-compute-edition-admin/runtime_defense/incident_explorer.html

• Question 187:

  A customer finds that an open alert from the previous day has been resolved. No auto-remediation was Configured.

  Which two reasons explain this change in alert status? (Choose two.)

  A. user manually changed the alert status.
  B. policy was changed.
  C. resource was deleted.
  D. alert was sent to an external integration.
  B. policy was changed.
  C. resource was deleted.

  ---

  Explanation

  https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000004OQ2CAM

• Question 188:

  A Prisma Cloud Administrator onboarded an AWS cloud account with agentless scanning enabled successfully to Prisma Cloud.

  Which item requires deploying defenders to be able to inspect the risk on the onboarded AWS account?

  A. Host vulnerability risks
  B. Container vulnerability risks
  C. Container runtime risks
  D. Host compliances risks
  C. Container runtime risks

  ---

  Explanation

• Question 189:

  Which API endpoint is used to onboard an AWS account into Prisma Cloud Enterprise?

  A. https://api.prismacloud.io/cloud/aws
  B. https://api.prismacloud.io/account/aws
  C. https://api.aws.prismacloud.com/onboard
  D. https://api.prismacloud.io/aws/add
  A. https://api.prismacloud.io/cloud/aws

  ---

  Explanation

  The correct API endpoint for adding AWS accounts to Prisma Cloud is /cloud/aws.

• Question 190:

  What is the behavior of Defenders when the Console is unreachable during upgrades?

  A. Defenders continue to alert, but not enforce, using the policies and settings most recently cached before upgrading the Console.
  B. Defenders will fail closed until the web-socket can be re-established.
  C. Defenders will fail open until the web-socket can be re-established.
  D. Defenders continue to alert and enforce using the policies and settings most recently cached before upgrading the Console.
  D. Defenders continue to alert and enforce using the policies and settings most recently cached before upgrading the Console.

  ---

  Explanation

  When the Console is unreachable during upgrades, Defenders continue to alert and enforce using the policies and settings most recently cached before the upgrade (option D). This behavior ensures that security enforcement remains active and consistent, even when the central management console is temporarily unavailable. The cached policies enable Defenders to maintain the security posture based on the last known configuration, ensuring continuous protection against threats and compliance with established security policies. This approach reflects Prisma Cloud's design principle of ensuring uninterrupted security enforcement, thereby safeguarding the environment against potential vulnerabilities during maintenance periods.

  https://docs.paloaltonetworks.com/prisma/prisma-cloud/20-09/prisma-cloud-compute-edition-admin/upgrade/upgrade_process.html