1. An administrator has access to a Prisma Cloud Enterprise
What are the steps to deploy a single container Defender on an ec2 node? Execute the curl | bash script on the ec2 node. Configure the cloud credential in the console and allow cloud discovery to auto-protect the ec2 node Pull the Defender image to the ec2 node, copy and execute the curl | bash script, and start the Defender to ensure it is running. Generate DaemonSet file and apply DaemonSet to the twistlock namespace.
The development team wants to block Cross Site Scripting attacks from pods its environment. Create a Container CNAF policy, targeted at a specific resource, check the box for XSS attack protection and set the action to alert create a Host CNAF policy targeted at a specific resource, check the box for XSS attack protection and set the action to "prevent" create a Container CNAF policy, targeted at a specific resource, check the box for XSS attack protection and set the action to prevent create a Container CNAF policy, targeted at a specific resource, and they should set "Explicitly allowed inbound IP sources" to the IP address of the pod.
A security team is deploying Cloud Native Application Firewall (CNAF) on a containerized web application. The application is running an NGINX container. The container is listening on port 8080 and is mapped to host port 80.
Which port should the team specify in the CNAF rule to protect the application? 80 8080 443 8888.
An administrator sees that a runtime audit has been generated for a Container. The audit message is DNS resolution of suspicious name wikipedia.com. type A". The Layer7 firewall detected this as anomalous behavior This is a DNS known to be a source of malware The process calling out to this domain was not part of the Container model. The DNS was not learned as part of the Container model or added to the DNS allow list.
Which three types of classifications are available in the Data Security module? (Choose three) Malicious IP Compliance standard Financial information Malware Personally identifiable information.
A customer finds that an open alert from the previous day has been resolved No auto-remediation was configured.
Which two reasons explain this change in alert status? (Choose two) alert was sent to an external integration resource was deleted. user manually changed the alert status policy was changed.
What is the behavior of Defenders when the Console is unreachable during upgrades? Defenders will fail open until the web-socket can be reestablished. Defenders will fail closed until the web-socket can be re-established Defenders continue to alert, but not enforce, using the policies and settings most recently cached before upgrading the Console. Defenders continue to alert and enforce using the policies and settings most recently cached before upgrading the Console.
A customer has a requirement to automatically protect all Lambda functions with runtime protection .
What is the process to automatically protect all the Lambda functions? Configure serverless radar from the Defend/Compliance/Cloud Platforms page Configure a function scan policy from the Defend/Vulnerabilities/Functions page Configure a manually embedded Lambda Defender. Configure a serveriess auto-protect rule for the functions.
You have onboarded a public cloud account into Prisma Cloud Enterprise Configuration Resource ingestion is visible in the Asset Inventory for the onboarded account, but no alerts are being generated for the configuration assets in the account.
Config policies are enabled in the Prisma Cloud Enterprise tenant, with those policies associated to existing alert rules RQL statements on the Investigate matching those policies return config resource results successfully.
Why are no alerts being generated'' The public cloud account does not have audit trail ingestion enabled. The public cloud account is not associated with an alert notification
The public cloud account does not have access to configuration resources. The public cloud account is not associated with an alert rule.
Which statement is true regarding CloudFormation templates? Scan support does not currently exist tor nested references, macros, or intrinsic functions. A single template or a zip archive of template files cannot be scanned with a single API request. Scan support is provided for JSO,HTML and YAML formats. Request-Header-Field 'cloudformation-version' is required to request a scan.
An administrator has deployed Console into a Kubernetes cluster running in AWS. The administrator also has configured a load balancer in TCP passthrough mode to listen on the same ports as the default Prisma Compute Console configuration.
In the build pipeline, the administrator wants twistcli to talk to Console over HTTPS
Which port will twistcli need to use to access the Prisma Compute APIs? 8081 443 8084 8083.
A customer has a requirement to scan serverless functions for vulnerabilities .
Which three settings are required to configure serverless scanning? (Choose three) Defender Name Credential Provider Console Address Region.
Which step is included when configuring Kubernetes to use Prisma Cloud Compute as an admission controller? copy the admission controller configuration from the Console and apply it to Kubernetes enable Kubernetes auditing from the Defend > Access > Kubernetes page in the Console copy the Console address and set the config map for the default namespace create a new namespace in Kubernetes called admission-controller.
A S3 bucket within AWS has generated an alert by violating the Prisma Cloud Default policy "AWS S3 buckets are accessible to public".
The policy definition follows:
config where cloud type = 'aws' AND api name='aws-s3api-get-bucket-acr AND json.rule="((((acl grants{?(@ grantee='AllUsers')] size > 0) or policyStatusisPubiic is true) and publicAccessBlockConfiguration does not exist) or ((ad.grantsp(@ grantee=='AII Users')] size > 0) and publicAccessBlockConfiguration ignorePubhcAds is false) or (policyStatus isPublic is true and publicAccessBlockConfiguration.restrictPublicBuckets is false)) and websiteConfiguration does not exist"
Why did this alert get generated? anomalous behaviors network traffic to the S3 bucket configuration of the S3 bucket an event within the cloud account.
Which three Options are selectable in a CI policy for image scanning with Jenkins or twistcli? (Choose three.) Scope - Scans run on a particular host Grace Period Failure threshold Credential Apply rule only when vendor fixes are available.
Which two statements are true about the differences between build and run config policies? (Choose two.) Build and Audit Events policies belong to the configuration policy set Run policies monitor resources, and check for potential issues after these cloud resources are deployed
Run policies monitor network activities in your environment, and check for potential issues during runtime. Build policies enable you to check for security misconfigurations in the laC templates and ensure that these issues do not get into production. Run and Network policies belong to the configuration policy set.
Which component(s), if any will Palo Alto Networks host and run when a customer purchases Prisma Cloud Enterprise Edition? Defenders twistcli Console Jenkins.
Which type of compliance check is available for rules under Defend > Compliance > Containers and Images > CI? Container Image Host Functions.
A customer wants to scan a serverless function as part of a build process.
Which twistcli command can be used to scan serverless functions? twistcli serverless AWS <SERVERLESS_FUNCTION ZIP> twistcli serverless scan <SERVERLESS_FUNCTION ZIP>
twistcli scan serverless <SERVERLESS_FUNCTION Z1P> twistcli function scan <SERVERLESS_FUNCT10N ZIP>.
Given an existing ECS Cluster, which option shows the steps required to install the Console in Amazon ECS? Download and extract the release tarball Ensure that each node has it own storage for Console data Create the Console task definition Deploy the task definition Download and extract release tarball
Download task from AWS.
Which options show the steps required after upgrade of Console? Update the Console image in the Twistlock hosted registry Update the Defender image in the Twistlock hosted registry Redeploy Console Uninstall Defenders Upgrade Jenkins Plugin.
The compliance team needs to associate Prisma Cloud policies with compliance frameworks .
Which option should the team select to perform this task? Compliance Policies Alert Rules Custom Compliance.
The administrator wants to review the Console audit logs from within the Console.
Which page in the Console should the administrator use to review this data, if it can be reviewed at all? The audit logs can be viewed only externally to the Console Navigate to Monitor > Events > Host Log Inspection Navigate to Manage > View Logs > History Navigate to Manage > Defenders > View Log.
The security team wants to target a CMAF policy for specific running Containers How should the administrator scope the policy to target the Containers? scope the policy to Image names scope the policy to namespaces scope the policy to Defender names. scope the policy to Host names.
Which policy type has the built-in CLI command for remediation? Network Anomaly Config Audit Event.
Which authentication mechanism is supported by Prisma Cloud? Certificate-based authentication for the Console Ul and the API Certificate-based authentication only for the API Certificate-based authentication only for the Console Ul SAML-based authentication for the API.
Which method should be used to authenticate to Prisma Cloud Enterprise programmatically? SAML access key basic authentication SSO.
A customer is interested in PCI requirements and needs to ensure that no privilege containers can start in the environment .
Which action needs to be set for "do not use privileged containers? Alert Prevent Fail Block.
Which "kind" of Kubernetes object that is configured to ensure that Defender is acting as the admission controller? PodSecurityPolicies DestinationRules ValidatingWebhookConfiguration MutatingWebhookConfiguration.
Which option identifies the Prisma Cloud Compute Edition? Plugin to Prisma Cloud Downloadable, self-hosted software Software-as-a-Service (SaaS) Package installed with APT.
The Unusual protocol activity (Internal) network anomaly is generating too many alerts An
administrator has been asked to tune it to the option that will generate the least number of events
without disabling it entirely.
Which strategy should the administrator use to achieve this goal? Change the Training Threshold to Low Set the Alert Disposition to Conservative Disable the policy Set Alert Disposition to Aggressive.
A customer is deploying Defenders to a Fargate environment It wants to understand the vulnerabilities in the images it is deploying. How should the customer automate vulnerability scanning for images deployed to Fargate? Embed a Fargate Defender to automatically scan for vulnerabilities Use Cloud Compliance to identify misconfigured AWS accounts Set up a vulnerability scanner on the registry Designate a Fargate Defender to serve a dedicated image scanner.
A DevOps lead reviewed some system logs and notices some odd behavior that could be a data exfiltration attempt The DevOps lead only has access to vulnerability data in Prisma Cloud Compute, so the DevOps lead passes this information to SecOps
Which pages in Prisma Cloud Compute can the SecOps lead use to investigate the runtime aspects of this attack? The SecOps lead should use the Incident Explorer page and Monitor > Events > Container Audits The SecOps lead should review the vulnerability scans in the CI/CD process to determine blame The SecOps lead should investigate the attack using Vulnerability Explorer and Runtime Radar The SecOps lead should use Incident Explorer and Compliance Explorer.
A customer is reviewing Container audits, and an audit has identified a cryptominer attack. Which three options could have generated this audit? (Choose three.) The mined currency is associated with a user token. The value of the mined currency exceeds $100. High CPU usage over time for the container is detected. Common cryptominer port usage was found. Common cryptominer process name was found.
A security team has a requirement to ensure the environment is scanned for vulnerabilities. What are three options for configuring vulnerability policies? (Choose three.) customize message on blocked requests individual actions based on package type output verbosity for blocked requests apply policy only when vendor fix is available individual grace periods for each severity level.
The development team wants to fail CI jobs where a specific CVE is contained within the image. How should the development team configure the pipeline or policy to produce this outcome? Set the specific CVE exception as an option using the magic string in the Console Set the specific CVE exception in Console's CI policy Set the specific CVE exception as an option in Defender running the scan. Set the specific CVE exception as an option in Jenkins or twistcli.
An organization wants to be notified immediately to any "High Seventy" alerts for the account group "Clinical Trials" via Slack Which option shows the steps should the organization can use to achieve this goal? 1 Configure Slack Integration
2. Create an alert rule
3. Under the 'Select Policies' tab, filter on seventy and select 'High'
4. Under the Set Alert Notification tab- choose Slack and populate the channel
5. Set Frequency to 'As it Happens' 1. Configure Slack Integration
2 Create an alert rule and select 'Clinical Trials' as the account group
3. Under the 'Select Policies' tab filter on seventy and select 'High'
4. Under the Set Alert Notification tab choose Slack and populate the channel
5. Set Frequency to 'As it Happens' 1. Create an alert rule and select 'Clinical Trials' as the account group
2. Under the 'Select Policies' tab filter on seventy and select 'High'
3. Under the Set Alert Notification tab choose Slack and populate the channel
4. Set Frequency to 'As it Happens'
5. Set up the Slack Integration to complete the configuration 1. Under the 'Select Policies' tab filter on seventy and select 'High'
2. Under the Set Alert Notification tab choose Slack and populate the
3. Set Frequency to 'As it Happens'
4. Configure Slack Integration
5. Create an Alert rule.
Which order of steps map a policy to a custom compliance standard? Click on Compliance standard Create the custom compliance standard add the custom compliance standard from the drop down menu edit the policy.
|
