Palo Alto Networks PCCSE Exam Practice Test Instant Access

Question 1

Which component(s), if any, will Palo Alto Networks host and run when a customer purchases Prisma Cloud Enterprise Edition?

ADefenders

BConsole

CJenkins

Dtwistcli

Answer : B

Question 2

Which ''kind'' of Kubernetes object is configured to ensure that Defender is acting as the admission controller?

AMutatingWebhookConfiguration

BDestinationRules

CValidatingWebhookConfiguration

DPodSecurityPolicies

Answer : C

Question 3

An administrator sees that a runtime audit has been generated for a Container. The audit message is ''DNS resolution of suspicious name wikipedia.com. type A''.

Why would this message appear as an audit?

AThe DNS was not learned as part of the Container model or added to the DNS allow list.

BThis is a DNS known to be a source of malware.

CThe process calling out to this domain was not part of the Container model.

DThe Layer7 firewall detected this as anomalous behavior.

Answer : A

Question 4

Which statement is true regarding CloudFormation templates?

AScan support does not currently exist for nested references, macros, or intrinsic functions.

BA single template or a zip archive of template files cannot be scanned with a single API request.

CRequest-Header-Field 'cloudformation-version' is required to request a scan.

DScan support is provided for JSON, HTML and YAML formats.

Answer : A

Question 5

Review this admission control policy:

match[{"msg": msg}] { input.request.operation == "CREATE" input.request.kind.kind == "Pod" input.request.resource.resource == "pods"

input.request.object.spec.containers[_].securityContext.privileged msg := "Privileged"

}

Which response to this policy will be achieved when the effect is set to ''block''?

AThe policy will block all pods on a Privileged host.

BThe policy will replace Defender with a privileged Defender.

CThe policy will alert only the administrator when a privileged pod is created.

DThe policy will block the creation of a privileged pod.

Answer : C

Question 6

The InfoSec team wants to be notified via email each time a Security Group is misconfigured. Which Prisma Cloud tab should you choose to complete this request?

ANotifications

BPolicies

CAlert Rules

DEvents

Answer : B

Question 7

The security team wants to target a CNAF policy for specific running Containers. How should the administrator scope the policy to target the Containers?

Ascope the policy to Image names.

Bscope the policy to namespaces.

Cscope the policy to Defender names.

Dscope the policy to Host names.

Answer : B

Palo Alto Networks Prisma Certified Cloud Security Engineer Exam Practice Test

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7