Free Prisma Certified Cloud Security Engineer Exam PCCSE Exam Practice Test

Which three AWS policy types and identities are used to calculate the net effective permissions? (Choose three).

• AWS service control policies (SCPs)
• AWS IAM group
• AWS IAM role
• AWS IAM User
• AWS IAM tag policy

In Prisma Cloud Software Release 22.06 (Kepler), which Registry type is added?

• Azure Container Registry
• Google Artifact Registry
• IBM Cloud Container Registry
• Sonatype Nexus

Which three types of runtime rules can be created? (Choose three.)

• Processes
• Network-outgoing
• Filesystem
• Kubernetes-audit
• Waas-request

A customer has a large environment that needs to upgrade Console without upgrading all Defenders at one time.What are two prerequisites prior to performing a rolling upgrade of Defenders? (Choose two.)

• manual installation of the latest twistcli tool prior to the rolling upgrade
• all Defenders set in read-only mode before execution of the rolling upgrade
• a second location where you can install the Console
• additional workload licenses are required to perform the rolling upgrade
• an existing Console at version n-1

A DevOps lead reviewed some system logs and notices some odd behavior that could be a data exfiltration attempt. The DevOps lead only has access to vulnerability data in Prisma Cloud Compute, so the DevOps lead passes this information to SecOps.Which pages in Prisma Cloud Compute can the SecOps lead use to investigate the runtime aspects of this attack?

• The SecOps lead should investigate the attack using Vulnerability Explorer and Runtime Radar.
• The SecOps lead should use Incident Explorer and Compliance Explorer.
• The SecOps lead should use the Incident Explorer page and Monitor > Events > Container Audits.
• The SecOps lead should review the vulnerability scans in the CI/CD process to determine blame.

Which policy type in Prisma Cloud can protect against malware?

• Data
• Config
• Network
• Event

Where are Top Critical CVEs for deployed images found?

• Defend Vulnerabilities Code Repositories
• Defend Vulnerabilities Images
• Monitor Vulnerabilities Vulnerabilities Explorer
• Monitor Vulnerabilities Images

You have onboarded a public cloud account into Prisma Cloud Enterprise. Configuration Resource ingestion is visible in the Asset Inventory for the onboarded account, but no alerts are being generated for the configuration assets in the account.Config policies are enabled in the Prisma Cloud Enterprise tenant, with those policies associated to existing alert rules. ROL statements on the investigate matching those policies return config resource results successfully.Why are no alerts being generated?

• The public cloud account is not associated with an alert notification.
• The public cloud account does not have audit trail ingestion enabled.
• The public cloud account does not access to configuration resources.
• The public cloud account is not associated with an alert rule.

A customer is deploying Defenders to a Fargate environment. It wants to understand the vulnerabilities in the image it is deploying.How should the customer automate vulnerability scanning for images deployed to Fargate?

• Set up a vulnerability scanner on the registry
• Embed a Fargate Defender to automatically scan for vulnerabilities
• Designate a Fargate Defender to serve a dedicated image scanner
• Use Cloud Compliance to identify misconfigured AWS accounts

The attempted bytes count displays?

• traffic that is either denied by the security group or firewall rules or traffic that was reset by a host or virtual machine that received the packet and responded with a RST packet.
• traffic that is either denied by the security group or firewall rules.
• traffic that is either denied by the firewall rules or traffic that was reset by a host or virtual machine that received the packet and responded with a RST packet.
• traffic denied by the security group or traffic that was reset by a host or virtual machine that received the packet and responded with a RST packet.