Download Free Palo Alto Networks PCCSE Exam Questions & Answer
Online VALID PCCSE Exam Dumps File Instantly
Who should take the Palo-Alto-Networks PCCSE: Prisma Certified Cloud Security Engineer Exam
The Palo Alto PCCSE Exam is an internationally recognized validation that identifies persons who earn it as possessing skilled in Palo Alto Networks Certified Network Security Engineer Certification. If candidates want significant improvement in career growth needs enhanced knowledge, skills, and talents. The Palo Alto Networks Certified Network Security Engineer certification provides proof of this advanced knowledge and skill. If a candidate has knowledge of associated technologies and skills that are required to pass the Palo Alto PCCSE Exam then he should take this exam.
This exam is for:
- Networking engineers searching to learn Palo Alto
- Students trying to obtain the PCCSE
- Students trying to learn the Palo Alto Firewall
NEW QUESTION 68
The security auditors need to ensure that given compliance checks are being run on the host. Which option is a valid host compliance policy?
- A. Ensure functions are not overly permissive.
- B. Ensure compliant Docker daemon configuration
- C. Ensure images are created with a non-root user
- D. Ensure host devices are not directly exposed to containers.
Answer: C
NEW QUESTION 69
The development team is building pods to host a web front end, and they want to protect these pods with an application firewall.
Which type of policy should be created to protect this pod from Layer7 attacks?
- A. The development team should create a WAAS rule for the host where these pods will be running.
- B. The development team should create a runtime policy with networking protections.
- C. The development team should create a WAAS rule targeted at all resources on the host.
- D. The development team should create a WAAS rule targeted at the image name of the pods.
Answer: C
NEW QUESTION 70
An administrator sees that a runtime audit has been generated for a Container The audit message is DNS resolution of suspicious name wikipedia.com. type A".
Why would this message appear as an audit?
- A. The process calling out to this domain was not part of the Container model.
- B. This is a DNS known to be a source of malware
- C. The Layer7 firewall detected this as anomalous behavior
- D. The DNS was not learned as part of the Container model or added to the DNS allow list
Answer: B
NEW QUESTION 71
What are the two ways to scope a CI policy for image scanning? (Choose two.)
- A. hostname
- B. container name
- C. image name
- D. image labels
Answer: C,D
NEW QUESTION 72
What is the function of the external ID when onboarding a new Amazon Web Services (AWS) account in Prisma Cloud?
- A. It is the default name of the PrismaCloudApp stack.
- B. It is a unique identifier needed only when Monitor & Protect mode is selected.
- C. It is a UUID that establishes a trust relationship between the Prisma Cloud account and the AWS account in order to extract data.
- D. It is the resource name for the Prisma Cloud Role.
Answer: C
NEW QUESTION 73
A customer wants to turn on Auto Remediation.
Which policy type has the built-in CLI command for remediation?
- A. Config
- B. Network
- C. Audit Event
- D. Anomaly
Answer: A
NEW QUESTION 74
A customer is interested in PCI requirements and needs to ensure that no privilege containers can start in the environment.
Which action needs to be set for "do not use privileged containers"?
- A. Alert
- B. Fail
- C. Block
- D. Prevent
Answer: C
Explanation:
Block-Defender stops the entire container if a process that violates your policy attempts to run.
https://docs.prismacloudcompute.com/docs/enterprise_edition/runtime_defense/runtime_defense_containers.html#_effect
NEW QUESTION 75
The Prisma Cloud administrator has configured a new policy.
Which steps should be used to assign this policy to a compliance standard?
- A. Edit the policy, go to step 3 (Compliance Standards), click + at the bottom, select the compliance standard, fill in the other boxes, and then click Confirm.
- B. Create the Compliance Standard from Compliance tab, and then select Add to Policy.
- C. Custom policies cannot be added to existing standards.
- D. Open the Compliance Standards section of the policy, and then save.
Answer: B
NEW QUESTION 76
Console is running in a Kubernetes cluster, and you need to deploy Defenders on nodes within this cluster.
Which option shows the steps to deploy the Defenders in Kubernetes using the default Console service name?
- A. From the deployment page in Console, choose twistlock-console for Console identifier, generate DaemonSet file, and apply DaemonSet to the twistlock namespace.
- B. From the deployment page in Console, choose pod name for Console identifier, generate DaemonSet file, and apply the DaemonSet to twistlock namespace.
- C. From the deployment page in Console, choose twistlock-console for Console identifier, and run the curl
| bash script on the master Kubernetes node. - D. From the deployment page configure the cloud credential in Console and allow cloud discovery to auto-protect the Kubernetes nodes.
Answer: A
NEW QUESTION 77
The Unusual protocol activity (Internal) network anomaly is generating too many alerts. An administrator has been asked to tune it to the option that will generate the least number of events without disabling it entirely.
Which strategy should the administrator use to achieve this goal?
- A. Change the Training Threshold to Low
- B. Disable the policy
- C. Set the Alert Disposition to Conservative
- D. Set Alert Disposition to Aggressive
Answer: A
Explanation:
Section: (none)
Explanation
NEW QUESTION 78
Which three steps are involved in onboarding an account for Data Security? (Choose three.)
- A. Enable Flow Logs
- B. Create a Cloudtrail with SNS Topic
- C. Create a read-only role with in-line policies
- D. Enter the RoleARN and SNSARN
- E. Create a S3 bucket
Answer: A,C,D
NEW QUESTION 79
Which resource and policy type are used to calculate AWS Net Effective Permissions? (Choose two.)
- A. Lambda Function
- B. Amazon Resource Names (ARNs) using Wild Cards
- C. Service Linked Roles
- D. AWS Service Control Policies (SCPs)
Answer: B,D
NEW QUESTION 80
Given the following JSON query:
$.resource[*].aws_s3_bucket exists
Which tab is the correct place to add the JSON query when creating a Config policy?
- A. Remediation
- B. Compliance Standards
- C. Details
- D. Build Your Rule (Run tab)
- E. Build Your Rule (Build tab)
Answer: E
Explanation:
The JSON query must be added to the "Build Your Rule" section in the "Build" tab when creating a Config policy. The "Build" tab is located under the "Configurations" section in the Config Console. In the "Build" tab, you can add a JSON query in the "Build Your Rule" section, which will allow you to specify which AWS S3 buckets the policy should apply to.
NEW QUESTION 81
Put the steps involved to configure and scan using the IntelliJ plugin in the correct order.
Answer:
Explanation:
NEW QUESTION 82
A security team is deploying Cloud Native Application Firewall (CNAF) on a containerized web application. The application is running an NGINX container. The container is listening on port 8080 and is mapped to host port 80.
Which port should the team specify in the CNAF rule to protect the application?
- A. 0
- B. 1
- C. 2
- D. 3
Answer: C
NEW QUESTION 83
Which port should a security team use to pull data from Console's API?
- A. 0
- B. 1
- C. 2
- D. 3
Answer: D
NEW QUESTION 84
Which step is included when configuring Kubernetes to use Prisma Cloud Compute as an admission controller?
- A. enable Kubernetes auditing from the Defend > Access > Kubernetes page in the Console.
- B. create a new namespace in Kubernetes called admission-controller.
- C. copy the admission controller configuration from the Console and apply it to Kubernetes.
- D. copy the Console address and set the config map for the default namespace.
Answer: C
Explanation:
Explanation
https://docs.paloaltonetworks.com/prisma/prisma-cloud/20-04/prisma-cloud-compute-edition-admin/access_cont step 2
NEW QUESTION 85
Which method should be used to authenticate to Prisma Cloud Enterprise programmatically?
- A. SAML
- B. access key
- C. single sign-on
- D. basic authentication
Answer: B
Explanation:
Explanation
Prisma Cloud requires an API access key to enable programmatic access to the REST API. By default, only the System Admin has API access and can enable API access for other administrators. To generate an access key, see Create and Manage Access Keys. After you obtain an access key, you can submit it in a REST API request to generate a JSON Web Token (JWT). The JWT is then used to authenticate all subsequent REST API requests on Prisma Cloud.
https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/get-started-with-prisma-cloud/acce
NEW QUESTION 86
Which container image scan is constructed correctly?
- A. twistcii images scan -docker-address https://us-west1 cloud twistlock com/us-3-123456?89 myimage/latest
- B. twistcii images scan -address https7/us-west1 cloud.twistlockxom/us-3-123456789 myimage/latest
- C. twistcli images scan -address https://us-west1. cloud.twistlock.com/us-3-123456789 -container myimage/latest -details
- D. twistcli images scan -address https //us-west1 cloud twistlock com/us-3-123456789 -container myimage/latest
Answer: B
NEW QUESTION 87
Given the following RQL:
event from cloud.audit_logs where operation IN ('CreateCryptoKey', 'DestroyCryptoKeyVersion', 'v1.compute.disks.createSnapshot') Which audit event snippet is identified?
- A.

- B.

- C.

- D.

Answer: B
NEW QUESTION 88
Which two required request headers interface with Prisma Cloud API? (Choose two.)
- A. Content-type:application/xml
- B. Content-type:application/json
- C. >x-redlock-request-id
- D. x-redlock-auth
Answer: B,D
NEW QUESTION 89
The development team wants to block Cross Site Scripting attacks from pods in its environment. How should the team construct the CNAF policy to protect against this attack?
- A. create a Container CNAF policy, targeted at a specific resource, check the box for XSS protection, and set the action to prevent.
- B. create a Host CNAF policy, targeted at a specific resource, check the box for XSS attack protection, and set the action to "prevent".
- C. create a Container CNAF policy, targeted at a specific resource, and they should set "Explicitly allowed inbound IP sources" to the IP address of the pod.
- D. create a Container CNAF policy, targeted at a specific resource, check the box for XSS attack protection, and set the action to alert.
Answer: B
NEW QUESTION 90
Which policy type in Prisma Cloud can protect against malware?
- A. Config
- B. Network
- C. Event
- D. Data
Answer: D
NEW QUESTION 91
Which statement accurately characterizes SSO Integration on Prisma Cloud?
- A. An administrator can configure different Identity Providers (IdP) for all the cloud accounts that Prisma Cloud monitors.
- B. Prisma Cloud supports IdP initiated SSO, and its SAML endpoint supports the POST and GET methods.
- C. Okta, Azure Active Directory, PingID, and others are supported via SAML.
- D. An administrator who needs to access the Prisma Cloud API can use SSO after configuration.
Answer: B
Explanation:
Section: (none)
Explanation
NEW QUESTION 92
A user from an organization is unable to log in to Prisma Cloud Console after having logged in the previous day.
Which area on the Console will provide input on this issue?
- A. Access Control
- B. SSO
- C. Audit Logs
- D. Users & Groups
Answer: C
NEW QUESTION 93
......
How to book the Palo-Alto-Networks PCCSE: Prisma Certified Cloud Security Engineer Exam
These are following steps for registering the Palo Alto Networks PCCSE exam.
- Step 1: Visit to Pearson VUE Exam Registration
- Step 2: Signup/Login to Pearson VUE account
- Step 3: Search for Palo Alto Networks PCCSE Exam Certifications Exam
- Step 4: Select Date, time and confirm with payment method
PCCSE Exam Dumps For Certification Exam Preparation: https://www.fast2test.com/PCCSE-premium-file.html
100% Pass Guaranteed Download Cloud Security Engineer Exam PDF Q&A: https://drive.google.com/open?id=1NWStVkIVcP6QOLKEq44EaZwuyduD16q5