Which three types of buckets exposure are available in the Data Security module? (Choose three.)
You have onboarded a public cloud account into Prisma Cloud Enterprise. Configuration Resource ingestion is visible in the Asset Inventory for the onboarded account, but no alerts are being generated for the configuration assets in the account.
Config policies are enabled in the Prisma Cloud Enterprise tenant, with those policies associated to existing alert rules. ROL statements on the investigate matching those policies return config resource results successfully.
Why are no alerts being generated?
Which three OWASP protections are part of Prisma Cloud Web-Application and API Security (WAAS) rule? (Choose three.)
A Prisma Cloud administrator is tasked with pulling a report via API. The Prisma Cloud tenant is located on app2.prismacloud.io.
What is the correct API endpoint?
How many CLI remediation commands can be added in a custom policy sequence?
On which cloud service providers can you receive new API release information for Prisma Cloud?
The security team wants to protect a web application container from an SQLi attack. Which type of policy should the administrator create to protect the container?
What is the default namespace created by Defender DaemonSet during deployment?
Which command correctly outputs scan results to stdout in tabular format and writes scan results to a JSON file while still sending the results to Console?
A)
B)
C)
D)
What factor is not used in calculating the net effective permissions for a resource in AWS?
In which Console menu would an administrator verify whether a custom compliance check is failing or passing?
An administrator needs to write a script that automatically deactivates access keys that have not been used for 30 days.
In which order should the API calls be used to accomplish this task? (Drag the steps into the correct order from the first step to the last.) Select and Place:
Which action would be applicable after enabling anomalous compute provisioning?
An administrator wants to enforce a rate limit for users not being able to post five (5) .tar.gz files within five (5) seconds.
What does the administrator need to configure?
Which policy type should be used to detect and alert on cryptominer network activity?
Which three actions are required in order to use the automated method within Azure Cloud to streamline the process of using remediation in the identity and access management (IAM) module? (Choose three.)
Which command should be used in the Prisma Cloud twistcli tool to scan the nginx:latest image for vulnerabilities and compliance issues?
A)
B)
C)
D)
An organization wants to be notified immediately to any “High Severity” alerts for the account group “Clinical Trials” via Slack.
Which option shows the steps the organization can use to achieve this goal?
A customer has a requirement to scan serverless functions for vulnerabilities.
Which three settings are required to configure serverless scanning? (Choose three.)
What are the three states of the Container Runtime Model? (Choose three.)
Per security requirements, an administrator needs to provide a list of people who are receiving e-mails for Prisma Cloud alerts.
Where can the administrator locate this list of e-mail recipients?
Which step is included when configuring Kubernetes to use Prisma Cloud Compute as an admission controller?
Given this information:
The Console is located at The username is: cluster
The password is: password123
The image to scan is: myimage:latest
Which twistcli command should be used to scan a Container for vulnerabilities and display the details about each vulnerability?
Order the steps involved in onboarding an AWS Account for use with Data Security feature.
The administrator wants to review the Console audit logs from within the Console.
Which page in the Console should the administrator use to review this data, if it can be reviewed at all?
Put the steps involved to configure and scan using the IntelliJ plugin in the correct order.
What is the behavior of Defenders when the Console is unreachable during upgrades?
Which options show the steps required to upgrade Console when using projects?
Which statement accurately characterizes SSO Integration on Prisma Cloud?
Which three types of runtime rules can be created? (Choose three.)
Review this admission control policy:
match[{"msg": msg}] { input.request.operation == "CREATE" input.request.kind.kind == "Pod" input.request.resource.resource == "pods"
input.request.object.spec.containers[_].securityContext.privileged msg := "Privileged"
}
Which response to this policy will be achieved when the effect is set to “block”?
In Prisma Cloud Software Release 22.06 (Kepler), which Registry type is added?
What is the most reliable and extensive source for documentation on Prisma Cloud APIs?
Which of the below actions would indicate – “The timestamp on the compliance dashboard?
The Compute Console has recently been upgraded, and the administrator plans to delay upgrading the Defenders and the Twistcli tool until some of the team’s resources have been rescaled. The Console is currently one major release ahead.
What will happen as a result of the Console upgrade?
Where are Top Critical CVEs for deployed images found?
When an alert notification from the alarm center is deleted, how many hours will a similar alarm be suppressed by default?
An administrator sees that a runtime audit has been generated for a container.
The audit message is:
“/bin/ls launched and is explicitly blocked in the runtime rule. Full command: ls -latr”
Which protection in the runtime rule would cause this audit?
Which options show the steps required after upgrade of Console?
Which policy type in Prisma Cloud can protect against malware?
A customer has a requirement to scan serverless functions for vulnerabilities.
What is the correct option to configure scanning?
Which step should a SecOps engineer implement in order to create a network exposure policy that identifies instances accessible from any untrusted internet sources?
Which two statements apply to the Defender type Container Defender - Linux?
Which action must be taken to enable a user to interact programmatically with the Prisma Cloud APIs and for a nonhuman entity to be enabled for the access keys?
An administrator of Prisma Cloud wants to enable role-based access control for Docker engine.
Which configuration step is needed first to accomplish this task?
A user from an organization is unable to log in to Prisma Cloud Console after having logged in the previous day.
Which area on the Console will provide input on this issue?
Which two elements are included in the audit trail section of the asset detail view? (Choose two).
The Prisma Cloud administrator has configured a new policy.
Which steps should be used to assign this policy to a compliance standard?
The security team wants to target a CNAF policy for specific running Containers. How should the administrator scope the policy to target the Containers?
Which two options may be used to upgrade the Defenders with a Console v20.04 and Kubernetes deployment? (Choose two.)
Given the following audit event activity snippet:
Which RQL will be triggered by the audit event?
A)
B)
C)
D)
An administrator sees that a runtime audit has been generated for a Container. The audit message is “DNS resolution of suspicious name wikipedia.com. type A”.
Why would this message appear as an audit?
Given the following RQL:
event from cloud.audit_logs where operation IN (‘CreateCryptoKey’, ‘DestroyCryptoKeyVersion’, ‘v1.compute.disks.createSnapshot’)
Which audit event snippet is identified?
A)
B)
C)
D)
A customer wants to monitor the company’s AWS accounts via Prisma Cloud, but only needs the resource configuration to be monitored for now.
Which two pieces of information do you need to onboard this account? (Choose two.)
Given an existing ECS Cluster, which option shows the steps required to install the Console in Amazon ECS?
What must be created in order to receive notifications about alerts generated when the operator is away from the Prisma Cloud Console?
What is the order of steps in a Jenkins pipeline scan?
(Drag the steps into the correct order of occurrence, from the first step to the last.)
Which two bot types are part of Web Application and API Security (WAAS) bot protection? (Choose two.)
Which two integrations enable ingesting host findings to generate alerts? (Choose two.)
If you are required to run in an air-gapped environment, which product should you install?
A customer has a requirement to restrict any container from resolving the name
How should the administrator configure Prisma Cloud Compute to satisfy this requirement?
A customer wants to monitor its Amazon Web Services (AWS) accounts via Prisma Cloud, but only needs the resource configuration to be monitored at present.
Which two pieces of information are needed to onboard this account? (Choose two.)
The security auditors need to ensure that given compliance checks are being run on the host. Which option is a valid host compliance policy?
Which two integrated development environment (IDE) plugins are supported by Prisma Cloud as part of its Code Security? (Choose two.)
Anomaly policy uses which two logs to identify unusual network and user activity? (Choose two.)
What will happen when a Prisma Cloud Administrator has configured agentless scanning in an environment that also has Host and Container Defenders deployed?
Which statement is true about obtaining Console images for Prisma Cloud Compute Edition?
Which statement is true regarding CloudFormation templates?
A customer has a requirement to terminate any Container from image topSecret:latest when a process named ransomWare is executed.
How should the administrator configure Prisma Cloud Compute to satisfy this requirement?
Given a default deployment of Console, a customer needs to identify the alerted compliance checks that are set by default.
Where should the customer navigate in Console?
What should be used to associate Prisma Cloud policies with compliance frameworks?
Which two required request headers interface with Prisma Cloud API? (Choose two.)
Under which tactic is “Exploit Public-Facing Application” categorized in the ATT&CK framework?
Taking which action will automatically enable all severity levels?
Which type of query is used for scanning Infrastructure as Code (laC) templates?