Palo Alto Networks PCCSE 시험

Question No : 1

How are the following categorized?
Backdoor account access Hijacked processes Lateral movement
Port scanning

• A.audits
• B.incidents
• C.admission controllers
• D.models

답을 확인하기

정답:

Question No : 2

A customer has a requirement to restrict any container from resolving the name www.evil-url.com.
How should the administrator configure Prisma Cloud Compute to satisfy this requirement?

• A.Choose “copy into rule” for any Container, set www.evil-url.com as a blocklisted DNS name in the Container policy and set the policy effect to alert.
• B.Set www.evil-url.com as a blocklisted DNS name in the default Container runtime policy, and set the effect to block.
• C.Choose “copy into rule” for any Container, set www.evil-url.com as a blocklisted DNS name, and set the effect to prevent.
• D.Set www.evil-url.com as a blocklisted DNS name in the default Container policy and set the effect to prevent.

답을 확인하기

정답:

Question No : 3

A manager informs the SOC that one or more RDS instances have been compromised and the SOC needs to make sure production RDS instances are NOT publicly accessible.
Which action should the SOC take to follow security best practices?

• A.Enable “AWS S3 bucket is publicly accessible” policy and manually remediate each alert.
• B.Enable “AWS RDS database instance is publicly accessible” policy and for each alert, check that it is a production instance, and then manually remediate.
• C.Enable “AWS S3 bucket is publicly accessible” policy and add policy to an auto-remediation alert rule.
• D.Enable “AWS RDS database instance is publicly accessible” policy and add policy to an auto-remediation alert rule.

답을 확인하기

정답:

Question No : 4

Given the following RQL:
event from cloud.audit_logs where operation IN (‘CreateCryptoKey’, ‘DestroyCryptoKeyVersion’, ‘v1.compute.disks.createSnapshot’)
Which audit event snippet is identified?
A)



B)



C)



D)

• A.Option A
• B.Option B
• C.Option C
• D.Option D

답을 확인하기

정답:
Explanation:
Reference: https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-rql-reference/rql-reference/event-query/event-query-attributes.html#id192IG500ES0

Question No : 5

Which component(s), if any, will Palo Alto Networks host and run when a customer purchases Prisma Cloud Enterprise Edition?

• A.Defenders
• B.Console
• C.Jenkins
• D.twistcli

답을 확인하기

정답:

Question No : 6

Console is running in a Kubernetes cluster, and you need to deploy Defenders on nodes within this cluster.
Which option shows the steps to deploy the Defenders in Kubernetes using the default Console service name?

• A.From the deployment page in Console, choose pod name for Console identifier, generate DaemonSet file, and apply the DaemonSet to twistlock namespace.
• B.From the deployment page configure the cloud credential in Console and allow cloud discovery to auto-protect the Kubernetes nodes.
• C.From the deployment page in Console, choose twistlock-console for Console identifier, generate DaemonSet file, and apply DaemonSet to the twistlock namespace.
• D.From the deployment page in Console, choose twistlock-console for Console identifier, and run the curl | bash script on the master Kubernetes node.

답을 확인하기

정답:
Explanation:
Reference: https://cdn.twistlock.com/docs/downloads/Twistlock-Reference-Architecture.pdf

Question No : 7

Which options show the steps required to upgrade Console when using projects?

• A.Upgrade all Supervisor Consoles Upgrade Central Console
• B.Upgrade Central Console Upgrade Central Console Defenders
• C.Upgrade Defender Upgrade Central Console Upgrade Supervisor Consoles
• D.Upgrade Central Console Upgrade all Supervisor Consoles

답을 확인하기

정답:
Explanation:
Reference: https://docs.paloaltonetworks.com/prisma/prisma-cloud/20-09/prisma-cloud-compute-edition-admin/upgrade/upgrade_process.html

Question No : 8

Which two required request headers interface with Prisma Cloud API? (Choose two.)

• A.Content-type:application/json
• B.x-redlock-auth
• C.>x-redlock-request-id
• D.Content-type:application/xml

답을 확인하기

정답:
Explanation:
Reference: https://prisma.pan.dev/api/cloud/api-headers/

Question No : 9

Which option identifies the Prisma Cloud Compute Edition?

• A.Package installed with APT
• B.Downloadable, self-hosted software
• C.Software-as-a-Service (SaaS)
• D.Plugin to Prisma Cloud

답을 확인하기

정답:
Explanation:
Reference: https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/welcome/pcee_vs_pcce.html

Question No : 10

A customer has multiple violations in the environment including:
User namespace is enabled
An LDAP server is enabled
SSH root is enabled
Which section of Console should the administrator use to review these findings?

• A.Manage
• B.Vulnerabilities
• C.Radar
• D.Compliance

답을 확인하기

정답:

Question No : 11

Per security requirements, an administrator needs to provide a list of people who are receiving e-mails for Prisma Cloud alerts.
Where can the administrator locate this list of e-mail recipients?

• A.Target section within an Alert Rule.
• B.Notification Template section within Alerts.
• C.Users section within Settings.
• D.Set Alert Notification section within an Alert Rule.

답을 확인하기

정답:

Question No : 12

When would a policy apply if the policy is set under Defend > Vulnerability > Images > Deployed?

• A.when a serverless repository is scanned
• B.when a Container is started form an Image
• C.when the Image is built and when a Container is started form an Image
• D.when the Image is built

답을 확인하기

정답:
Explanation:
Reference: https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/vulnerability_management/vuln_management_rules

Question No : 13

Which method should be used to authenticate to Prisma Cloud Enterprise programmatically?

• A.single sign-on
• B.SAML
• C.basic authentication
• D.access key

답을 확인하기

정답:
Explanation:
Reference: https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/get-started-with-prisma-cloud/access-the-prisma-cloud-api.html

Question No : 14

What is the maximum number of access keys a user can generate in Prisma Cloud with a System Admin role?

• A.1
• B.2
• C.3
• D.4

답을 확인하기

정답:
Explanation:
Reference: https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/manage-prisma-cloud-administrators/create-access-keys.html#:~:text=You%20can%20enable%20API%20access,generate%20one%20access %20key%20only

Question No : 15

Which statement accurately characterizes SSO Integration on Prisma Cloud?

• A.Prisma Cloud supports IdP initiated SSO, and its SAML endpoint supports the POST and GET methods.
• B.Okta, Azure Active Directory, PingID, and others are supported via SAM
• C.An administrator can configure different Identity Providers (IdP) for all the cloud accounts that Prisma Cloud monitors.
• D.An administrator who needs to access the Prisma Cloud API can use SSO after configuration.

답을 확인하기

정답:
Explanation:
Reference: https://docs-new.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/manage-prisma-cloud-administrators/setup-sso-integration-on-prisma-cloud