Free Prisma Certified Cloud Security Engineer Exam PCCSE Exam Practice Test

The development team is building pods to host a web front end, and they want to protect these pods with an application firewall.Which type of policy should be created to protect this pod from Layer7 attacks?

• The development team should create a WAAS rule for the host where these pods will be running.
• The development team should create a WAAS rule targeted at all resources on the host.
• The development team should create a runtime policy with networking protections.
• The development team should create a WAAS rule targeted at the image name of the pods.

A Prisma Cloud Administrator onboarded an AWS cloud account with agentless scanning enabled successfully to Prisma Cloud. Which item requires deploying defenders to be able to inspect the risk on the onboarded AWS account?

• Host compliances risks
• Container runtime risks
• Container vulnerability risks
• Host vulnerability risks

What is the function of the external ID when onboarding a new Amazon Web Services (AWS) account in Prisma Cloud?

• It is a unique identifier needed only when Monitor & Protect mode is selected.
• It is the resource name for the Prisma Cloud Role.
• It is a UUID that establishes a trust relationship between the Prisma Cloud account and the AWS account in order to extract data.
• It is the default name of the PrismaCloudApp stack.

An organization wants to be notified immediately to any ''High Severity'' alerts for the account group ''Clinical Trials'' via Slack.Which option shows the steps the organization can use to achieve this goal?

• 1. Configure Slack Integration 2. Create an alert rule and select ''Clinical Trials'' as the account group 3. Under the ''Select Policies'' tab, filter on severity and select ''High'' 4. Under the Set Alert Notification tab, choose Slack and populate the channel 5. Set Frequency to ''As it Happens''
• 1. Create an alert rule and select ''Clinical Trials'' as the account group 2. Under the ''Select Policies'' tab, filter on severity and select ''High'' 3. Under the Set Alert Notification tab, choose Slack and populate the channel 4. Set Frequency to ''As it Happens'' 5. Set up the Slack Integration to complete the configuration
• 1. Configure Slack Integration 2. Create an alert rule 3. Under the ''Select Policies'' tab, filter on severity and select ''High'' 4. Under the Set Alert Notification tab, choose Slack and populate the channel 5. Set Frequency to ''As it Happens''
• 1. Under the ''Select Policies'' tab, filter on severity and select ''High'' 2. Under the Set Alert Notification tab, choose Slack and populate the channel 3. Set Frequency to ''As it Happens'' 4. Configure Slack Integration 5. Create an Alert rule

Which role must be assigned to DevOps users who need access to deploy Container and Host Defenders in Compute?

• Cloud Provisioning Admin
• Build and Deploy Security
• System Admin
• Developer

What is the default namespace created by Defender DaemonSet during deployment?

• Redlock
• Defender
• Twistlock
• Default

Which RQL will trigger the following audit event activity?

• event from cloud.audit_logs where operation ConsoleLogin AND user = 'root'
• event from cloud.audit_logs where operation IN ('cloudsql.instances.update','cloudsql.sslCerts.create', cloudsql.instances.create','cloudsq
• event from cloud.audit_logs where cloud.service = s3.amazonaws.com' AND json.rule = $.userAgent contains 'parrot1
• event from cloud.audit_logs where operation IN ( 'GetBucketWebsite', 'PutBucketWebsite', 'DeleteBucketWebsite')

The development team wants to fail CI jobs where a specific CVE is contained within the image. How should the development team configure the pipeline or policy to produce this outcome?

• Set the specific CVE exception as an option in Jenkins or twistcli.
• Set the specific CVE exception as an option in Defender running the scan.
• Set the specific CVE exception as an option using the magic string in the Console.
• Set the specific CVE exception in Console's CI policy.

An administrator sees that a runtime audit has been generated for a container.The audit message is:''/bin/ls launched and is explicitly blocked in the runtime rule. Full command: ls -latr''Which protection in the runtime rule would cause this audit?

• Networking
• File systems
• Processes
• Container

Which options show the steps required after upgrade of Console?

• Uninstall Defenders Upgrade Jenkins Plugin Upgrade twistcli where applicable Allow the Console to redeploy the Defender
• Update the Console image in the Twistlock hosted registry Update the Defender image in the Twistlock hosted registry Uninstall Defenders
• Upgrade Defenders Upgrade Jenkins Plugin Upgrade twistcli where applicable
• Update the Console image in the Twistlock hosted registry Update the Defender image in the Twistlock hosted registry Redeploy Console