A customer has multiple violations in the environment including:
User namespace is enabled
An LDAP server is enabled
SSH root is enabled
Which section of Console should the administrator use to review these findings?
Answer : D
The correct section of the Console that the administrator should use to review findings such as 'User namespace is enabled', 'An LDAP server is enabled', and 'SSH root is enabled' is 'Compliance'.
The 'Compliance' section in CSPM tools like Prisma Cloud provides an overview of the current compliance posture against various regulatory standards and best practices. It can help identify configurations that do not adhere to best practices or that may violate compliance requirements, such as enabling the user namespace, which could be a security risk, or having an LDAP server and SSH root enabled, which may not comply with certain security standards.
Reference to the use of the 'Compliance' section can be found in CSPM documentation, where it details how compliance checks are used to assess the security and configuration of cloud resources against established benchmarks and standards, allowing organizations to maintain compliance and improve their security posture.
What is the behavior of Defenders when the Console is unreachable during upgrades?
Answer : D
When the Console is unreachable during upgrades, Defenders continue to alert and enforce using the policies and settings most recently cached before the upgrade (option D). This behavior ensures that security enforcement remains active and consistent, even when the central management console is temporarily unavailable. The cached policies enable Defenders to maintain the security posture based on the last known configuration, ensuring continuous protection against threats and compliance with established security policies. This approach reflects Prisma Cloud's design principle of ensuring uninterrupted security enforcement, thereby safeguarding the environment against potential vulnerabilities during maintenance periods.
An administrator of Prisma Cloud wants to enable role-based access control for Docker engine.
Which configuration step is needed first to accomplish this task?
Answer : B
https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/access_control/rbac
What are two built-in RBAC permission groups for Prisma Cloud? (Choose two.)
Answer : A, C
Prisma Cloud includes built-in Role-Based Access Control (RBAC) permission groups to manage user access and permissions efficiently. Among the options, Group Membership Admin and Account Group Admin are two built-in RBAC permission groups. Group Membership Admins are responsible for managing user memberships within groups, while Account Group Admins have administrative privileges over specific account groups, allowing them to manage resources and policies within those groups. These roles help in delegating administrative tasks and enforcing the principle of least privilege.
Which type of RQL query should be run to determine if AWS Elastic Compute Cloud (EC2) instances without encryption was enabled?
Answer : C
To determine if AWS EC2 instances are running without encryption enabled, the appropriate RQL (Resource Query Language) type to use is CONFIG. CONFIG queries in Prisma Cloud are designed to inspect the configuration states of cloud resources and identify compliance with best practices or specific security requirements. By running a CONFIG query, administrators can assess the configuration settings of EC2 instances, including whether encryption features are enabled or not. This type of query allows for deep inspection of resource configurations within cloud environments, making it the ideal choice for identifying unencrypted EC2 instances and thereby helping to ensure data protection and compliance with security policies.
When configuring SSO how many IdP providers can be enabled for all the cloud accounts monitored by Prisma Cloud?
Answer : C
Prisma Cloud supports configuring Single Sign-On (SSO) with Identity Providers (IdPs) to streamline user authentication processes. However, for all the cloud accounts monitored by Prisma Cloud, only one IdP provider can be enabled at any given time. This limitation ensures a unified authentication mechanism across the platform, reducing complexity and potential security risks associated with managing multiple IdP configurations.
In which two ways can Prisma Cloud images be retrieved in Prisma Cloud Compute Self-Hosted Edition? (Choose two.)
Answer : B, C
In Prisma Cloud Compute Self-Hosted Edition, images can be retrieved by first authenticating with the Prisma Cloud registry and then pulling the images from the Prisma Cloud registry. This process ensures secure access to Prisma Cloud images, as authentication is required to access the registry. By using authentication, Prisma Cloud ensures that only authorized users can retrieve and deploy Prisma Cloud images, maintaining the security and integrity of the deployment.