Palo Alto Networks Prisma Certified Cloud Security Engineer PCCSE Exam Practice Test

Answer : B

'you can also create configuration policies to scan your Infrastructure as Code (IaC) templates that are used to deploy cloud resources. The policies used for scanning IaC templates use a JSON query instead of RQL.'

https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/prisma-cloud-policies/create-a-policy

Answer : A, B

In the SecOps dashboard of a cloud security platform like Prisma Cloud, filters such as Time range and Account Groups are essential for narrowing down the data or security alerts based on specific time periods or organizational structures. The Time range filter allows users to view incidents or compliance data for a particular timeframe, facilitating trend analysis and focusing on recent events. The Account Groups filter enables the segregation of data based on different cloud accounts or organizational units, making it easier for security teams to manage and prioritize security tasks according to the business structure or cloud architecture.

Answer : A

When automated remediation is enabled in Prisma Cloud, it is designed to address all applicable open alerts, regardless of when they were generated. The system automatically applies remediation actions to resolve the identified security issues or compliance violations that triggered the alerts. Once the remediation actions are successfully completed, the system updates the status of the affected alerts to 'resolved,' indicating that the security issues have been addressed. This feature helps streamline the remediation process, reducing the manual effort required by security teams and ensuring that security issues are promptly resolved to maintain the integrity and security of the cloud environment.

Answer : A, C

For a custom config Resource Query Language (RQL) in Prisma Cloud, two essential attributes are 'json.rule' and 'api.name.' The 'json.rule' attribute allows users to specify the JSON structure that defines the criteria or conditions of the query, essentially dictating what the query is looking for within the cloud environment. The 'api.name' attribute identifies the specific API endpoint that the query will target, providing context and scope for the query. Together, these attributes enable users to craft precise and targeted queries that can assess the configuration and security posture of cloud resources, aiding in compliance checks, security assessments, and other governance tasks.

Answer : B

An automatically correlated set of individual events generated by the firewall and runtime sensors to identify unfolding attacks is known as an 'incident'. Incidents provide a consolidated view of related security events, making it easier for administrators to understand the scope and potential impact of an attack, and to take appropriate response actions.

Answer : C

The protection in the runtime rule that would cause the audit message indicating '/bin/ls launched and is explicitly blocked in the runtime rule' is related to 'Processes'. In container security, a runtime rule set to monitor and restrict processes can block specific executables or commands from running within a container. If the rule is triggered, it indicates that a process that is explicitly denied by the policy attempted to execute, which in this case is the 'ls' command.

https://docs.paloaltonetworks.com/prisma/prisma-cloud/22-12/prisma-cloud-compute-edition-admin/runtime_defense/runtime_audits

Answer : C

The data security default policy capable of scanning for vulnerabilities is 'Objects containing Malware'. In cloud security, malware scanning is an essential feature of CSPM tools that allows for the identification of malicious software within objects stored in the cloud. A policy that scans for objects containing malware ensures that any files or code bases in the cloud environment are examined for potential threats, protecting the cloud resources from being compromised.