A customer has Prisma Cloud Enterprise and host Defenders deployed.
What are two options that allow an administrator to upgrade Defenders? (Choose two.)
Taking which action will automatically enable all severity levels?
What is the primary purpose of Prisma Cloud Code Security?
An administrator wants to install the Defenders to a Kubernetes cluster. This cluster is running the console on the default service endpoint and will be exporting to YAML.
Console Address: $CONSOLE_ADDRESS Websocket Address: $WEBSOCKET_ADDRESS User: $ADMIN_USER
Which command generates the YAML file for Defender install?
Which order of steps map a policy to a custom compliance standard?
(Drag the steps into the correct order of occurrence, from the first step to the last.)
Which type of query is used for scanning Infrastructure as Code (laC) templates?
A customer wants to monitor the company’s AWS accounts via Prisma Cloud, but only needs the resource configuration to be monitored for now.
Which two pieces of information do you need to onboard this account? (Choose two.)
How are the following categorized?
Backdoor account access Hijacked processes Lateral movement
Port scanning
You have onboarded a public cloud account into Prisma Cloud Enterprise. Configuration Resource ingestion is visible in the Asset Inventory for the onboarded account, but no alerts are being generated for the configuration assets in the account.
Config policies are enabled in the Prisma Cloud Enterprise tenant, with those policies associated to existing alert rules. ROL statements on the investigate matching those policies return config resource results successfully.
Why are no alerts being generated?
Which three actions are available for the container image scanning compliance rule? (Choose three.)
Which RQL query type is invalid?
Web-Application and API Security (WAAS) provides protection for which two protocols? (Choose two.)
In which Console menu would an administrator verify whether a custom compliance check is failing or passing?
Which three steps are involved in onboarding an account for Data Security? (Choose three.)
Which statement applies to Adoption Advisor?
Which three public cloud providers are supported for VM image scanning? (Choose three.)
What is the behavior of Defenders when the Console is unreachable during upgrades?
Which two actions are required in order to use the automated method within Amazon Web Services (AWS) Cloud to streamline the process of using remediation in the identity and access management (IAM) module? (Choose two.)
Which two processes ensure that builds can function after a Console upgrade? (Choose two.)
Which three AWS policy types and identities are used to calculate the net effective permissions? (Choose three).
Which ban for DoS protection will enforce a rate limit for users who are unable to post five (5) “. tar.gz" files within five (5) seconds?
What must be created in order to receive notifications about alerts generated when the operator is away from the Prisma Cloud Console?
Which three actions are required in order to use the automated method within Azure Cloud to streamline the process of using remediation in the identity and access management (IAM) module? (Choose three.)
An administrator needs to write a script that automatically deactivates access keys that have not been used for 30 days.
In which order should the API calls be used to accomplish this task? (Drag the steps into the correct order from the first step to the last.) Select and Place:
An administrator has been tasked with a requirement by your DevSecOps team to write a script to continuously query programmatically the existing users, and the user’s associated permission levels, in a Prisma Cloud Enterprise tenant.
Which public documentation location should be reviewed to help determine the required attributes to carry out this step?
An organization wants to be notified immediately to any “High Severity” alerts for the account group “Clinical Trials” via Slack.
Which option shows the steps the organization can use to achieve this goal?
A customer wants to monitor its Amazon Web Services (AWS) accounts via Prisma Cloud, but only needs the resource configuration to be monitored at present.
Which two pieces of information are needed to onboard this account? (Choose two.)
An administrator wants to enforce a rate limit for users not being able to post five (5) .tar.gz files within five (5) seconds.
What does the administrator need to configure?
Which two integrated development environment (IDE) plugins are supported by Prisma Cloud as part of its Code Security? (Choose two.)
A DevOps lead reviewed some system logs and notices some odd behavior that could be a data exfiltration attempt. The DevOps lead only has access to vulnerability data in Prisma Cloud Compute, so the DevOps lead passes this information to SecOps.
Which pages in Prisma Cloud Compute can the SecOps lead use to investigate the runtime aspects of this attack?
Which Defender type performs registry scanning?
Which Prisma Cloud policy type can protect against malware?
Prisma Cloud supports which three external systems that allow the import of vulnerabilities and provide additional context on risks in the cloud? (Choose three.)
Which two services require external notifications to be enabled for policy violations in the Prisma Cloud environment? (Choose two.)
An administrator sees that a runtime audit has been generated for a host. The audit message is:
“Service postfix attempted to obtain capability SHELL by executing /bin/sh /usr/libexec/postfix/postfix- script.stop. Low severity audit, event is automatically added to the runtime model”
Which runtime host policy rule is the root cause for this runtime audit?
An S3 bucket within AWS has generated an alert by violating the Prisma Cloud Default policy “AWS S3 buckets are accessible to public”. The policy definition follows:
config where cloud.type = 'aws' AND api.name='aws-s3api-get-bucket-acl' AND json.rule="((((acl.grants[? (@.grantee=='AllUsers')] size > 0) or policyStatus.isPublic is true) and publicAccessBlockConfiguration does not exist) or ((acl.grants[?(@.grantee=='AllUsers')] size > 0) and publicAccessBlockConfiguration.ignorePublicAcis is false) or (policyStatus.isPublic is true and publicAccessBlockConfiguration.restrictPublicBuckets is false)) and websiteConfiguration does not exist"
Why did this alert get generated?
Which two variables must be modified to achieve automatic remediation for identity and access management (IAM) alerts in Azure cloud? (Choose two.)
During the Learning phase of the Container Runtime Model, Prisma Cloud enters a “dry run” period for how many hours?
Which categories does the Adoption Advisor use to measure adoption progress for Cloud Security Posture Management?
Which alert deposition severity must be chosen to generate low and high severity alerts in the Anomaly settings when user wants to report on an unknown browser and OS, impossible time travel, or both due to account hijacking attempts?
A customer has a large environment that needs to upgrade Console without upgrading all Defenders at one time.
What are two prerequisites prior to performing a rolling upgrade of Defenders? (Choose two.)
What are the three states of the Container Runtime Model? (Choose three.)
Which statement is true regarding CloudFormation templates?
Match the correct scanning mode for each given operation.
(Select your answer from the pull-down list. Answers may be used more than once or not at all.)
Which two roles have access to view the Prisma Cloud policies? (Choose two.)
Which policy type in Prisma Cloud can protect against malware?
The development team is building pods to host a web front end, and they want to protect these pods with an application firewall.
Which type of policy should be created to protect this pod from Layer7 attacks?
Which role does Prisma Cloud play when configuring SSO?
A Prisma Cloud administrator is onboarding a single GCP project to Prisma Cloud. Which two steps can be performed by the Terraform script? (Choose two.)
What is the correct method for ensuring key-sensitive data related to SSNs and credit card numbers cannot be viewed in Dashboard > Data view during investigations?
Which serverless cloud provider is covered by the "overly permissive service access" compliance check?
Which statement accurately characterizes SSO Integration on Prisma Cloud?
Which three types of buckets exposure are available in the Data Security module? (Choose three.)
Which two proper agentless scanning modes are supported with Prisma Cloud? (Choose two).
Which action must be taken to enable a user to interact programmatically with the Prisma Cloud APIs and for a nonhuman entity to be enabled for the access keys?
What are the two ways to scope a CI policy for image scanning? (Choose two.)
Which three incident types will be reflected in the Incident Explorer section of Runtime Defense? (Choose three.)
Which two integrations enable ingesting host findings to generate alerts? (Choose two.)
Which command should be used in the Prisma Cloud twistcli tool to scan the nginx:latest image for vulnerabilities and compliance issues?
A)
B)
C)
D)
A customer wants to turn on Auto Remediation.
Which policy type has the built-in CLI command for remediation?
Who can access saved searches in a cloud account?
What is an automatically correlated set of individual events generated by the firewall and runtime sensors to identify unfolding attacks?
When configuring SSO how many IdP providers can be enabled for all the cloud accounts monitored by Prisma Cloud?
Which two information types cannot be seen in the data security dashboard? (Choose two).
What is the order of steps to create a custom network policy?
(Drag the steps into the correct order of occurrence, from the first step to the last.)
Where can Defender debug logs be viewed? (Choose two.)
Move the steps to the correct order to set up and execute a serverless scan using AWS DevOps.
An administrator of Prisma Cloud wants to enable role-based access control for Docker engine.
Which configuration step is needed first to accomplish this task?
Given the following RQL:
event from cloud.audit_logs where operation IN (‘CreateCryptoKey’, ‘DestroyCryptoKeyVersion’, ‘v1.compute.disks.createSnapshot’)
Which audit event snippet is identified?
A)
B)
C)
D)
During an initial deployment of Prisma Cloud Compute, the customer sees vulnerabilities in their environment.
Which statement correctly describes the default vulnerability policy?
Which two statements are true about the differences between build and run config policies? (Choose two.)
Given the following RQL:
Which audit event snippet is identified by the RQL?
A)
B)
C)
D)
Which data security default policy is able to scan for vulnerabilities?
A customer wants to scan a serverless function as part of a build process. Which twistcli command can be used to scan serverless functions?
A customer is reviewing Container audits, and an audit has identified a cryptominer attack. Which three options could have generated this audit? (Choose three.)