• Home
  • Articles
  • Get Ready with PCCSE Exam Dumps (2022) [Q19-Q42]

Get Ready with PCCSE Exam Dumps (2022) [Q19-Q42]

Share

Get Ready with PCCSE Exam Dumps (2022)

Realistic PCCSE Dumps are Available for Instant Access


Palo Alto PCCSE Exam Topics:

SectionWeightObjectives
Web Application and API Security5%- Configure CNAF policies
Prisma Cloud Administration -include Compute15%- Onboard accounts
  • Onboarding cloud accounts.
  • Configure account groups.

- Configure RBAC

  • Differentiate between Prisma Cloud and Compute roles.
  • Configure Prisma Cloud and Compute roles.

- Configure admission controller

  • Configure defender as an admission controller.
  • Create OPA policies

- Configure logging

  • Familiarize with audit logging.
  • Enable defender logging.

- Manage enterprise settings

  • Differentiate UEBA settings.
  • Configure idle timeout.
  • Set autoenable policies.
  • Set mandatory dismissal reason(s).
  • Enable user attribution.

- Understand third-party integrations

  • Understand inbound and outbound notifications.
  • Configure third-party integration for alerts.

- Leverage Compute APIs

  • Authenticate with APIs.
  • Locate API documentation.
  • List policies by API.
  • Manage alerts using APIs.
  • Create reports using APIs.
  • Download vulnerability results via API.
Data Loss Prevention9%- Onboarding
  • Configure CloudTrail and SNS.
  • Configure Scan options.

- Use Data Dashboard features

  • Classify objects.
  • List object permissions for visibility.
  • Viewing Data inventory.
  • Viewing Resource Explorer.
  • List Object Identifiers.
  • Knowing Object exposure states.

- Assess Data Policies and Alerts

  • Differentiate differences between malware and regular policies.
  • Understand the scope of alert notifications.
Cloud Workload Protection Platform22%- Monitor and Protect Against Image Vulnerabilities
  • Understand how to Investigate Image Vulnerabilities.
  • Configure Image Vulnerability Policy.

- Monitor and Protect Host Vulnerabilities

  • Understand how to Investigate Host Vulnerabilities.
  • Configure Host Vulnerability Policy.

- Monitor and Enforce Image/Container Compliance

  • Understand how to Investigate Image and Container Compliance.
  • Configure Image and Container Compliance Policy.

- Monitor and Enforce Host Compliance

  • Understand how to Investigate Host Compliance.
  • Configure Host Compliance Policy.

- Monitor and Enforce Container Runtime

  • Understand container models.
  • Configure container runtime policies.
  • Understand container runtime audits.
  • Investigate incidents using Incident Explorer.
- Configure cloud native application firewalls
  • Configure cloud native application firewall policies.
- Monitor and Protect Against Serverless Vulnerabilities
  • Understand how to Investigate Serverless Vulnerabilities.
  • Configure Serverless Vulnerability Policy.
  • Configure Serverless Auto-Protect functionality.
Dev SecOps Security (Shift-Left)11%- Implement scanning for IAC templates
  • Differentiate between Terraform and Cloudformation scanning configurations.
  • List OOTB IAC scanning integrations.
  • Configure API scanning for IAC templates.

- Configure policies in Console for IAC scanning

  • Review OOTB policies for IAC scanning.
  • Configure custom build policies for IAC scanning.

- Integrate Compute scans into CI/CD pipeline

  • Integrate container scans into CI/CD pipeline.
  • Integrate serverless scans into CI/CD pipeline.
  • Identify different options for scanning: Twistclip and plugins.

- Configure CI policies for Compute scanning

  • Review default CI policies for Compute scanning.
  • Configure custom CI policies for Compute scanning.

 

NEW QUESTION 19
Which two fields are required to configure SSO in Prisma Cloud? (Choose two.)

  • A. Prisma Cloud Access SAML URL
  • B. Certificate
  • C. Identity Provider Logout URL
  • D. Identity Provider Issuer

Answer: A,D

 

NEW QUESTION 20
A customer has configured the JIT, and the user created by the process is trying to log in to the Prisma Cloud console. The user encounters the following error message:

What is the reason for the error message?

  • A. The role is not assigned for the user.
  • B. The user does not exist.
  • C. The attribute name is not set correctly in JIT settings.
  • D. The user entered an incorrect password

Answer: C

 

NEW QUESTION 21
Which step is included when configuring Kubernetes to use Prisma Cloud Compute as an admission controller?

  • A. create a new namespace in Kubernetes called admission-controller.
  • B. copy the Console address and set the config map for the default namespace.
  • C. copy the admission controller configuration from the Console and apply it to Kubernetes.
  • D. enable Kubernetes auditing from the Defend > Access > Kubernetes page in the Console.

Answer: C

Explanation:
Explanation
https://docs.paloaltonetworks.com/prisma/prisma-cloud/20-04/prisma-cloud-compute-edition-admin/access_cont step 2

 

NEW QUESTION 22
A S3 bucket within AWS has generated an alert by violating the Prisma Cloud Default policy "AWS S3 buckets are accessible to public" The policy definition follows:
config where cloud type = 'aws' AND api name='aws-s3api-get-bucket-acr AND json.rule="((((acl grants{?(@ grantee='AllUsers')] size > 0) or policyStatusisPubiic is true) and publicAccessBlockConfiguration does not exist) or ((ad.grantsp(@ grantee=='AII Users')] size > 0) and publicAccessBlockConfiguration ignorePubhcAds is false) or (policyStatus isPublic is true and publicAccessBlockConfiguration.restrictPublicBuckets is false)) and websiteConfiguration does not exist" Why did this alert get generated?

  • A. network traffic to the S3 bucket
  • B. configuration of the S3 bucket
  • C. anomalous behaviors
  • D. an event within the cloud account

Answer: C

 

NEW QUESTION 23
Order the steps involved in onboarding an AWS Account for use with Data Security feature.

Answer:

Explanation:

Explanation
Table Description automatically generated with medium confidence

 

NEW QUESTION 24
A customer is interested in PCI requirements and needs to ensure that no privilege containers can start in the environment.
Which action needs to be set for "do not use privileged containers"?

  • A. Prevent
  • B. Fail
  • C. Block
  • D. Alert

Answer: A

 

NEW QUESTION 25
The security team wants to protect a web application container from an SQLi attack. Which type of policy should the administrator create to protect the container?

  • A. Compliance
  • B. CNAF
  • C. CNNF
  • D. Runtime

Answer: B

 

NEW QUESTION 26
Which port should a security team use to pull data from Console's API?

  • A. 0
  • B. 1
  • C. 2
  • D. 3

Answer: D

 

NEW QUESTION 27
What is the order of steps in a Jenkins pipeline scan?
(Drag the steps into the correct order of occurrence, from the first step to the last.)

Answer:

Explanation:

Explanation
Table Description automatically generated with medium confidence

 

NEW QUESTION 28
Which statement is true regarding CloudFormation templates?

  • A. Scan support does not currently exist tor nested references, macros, or intrinsic functions.
  • B. Scan support is provided for JSON. HTML and YAML formats.
  • C. A single template or a zip archive of template files cannot be scanned with a single API request.
  • D. Request-Header-Field 'cloudformation-version' is required to request a scan.

Answer: A

 

NEW QUESTION 29
An administrator needs to write a script that automatically deactivates access keys that have not been used for 30 days.
In which order should the API calls be used to accomplish this task? (Drag the steps into the correct order from the first step to the last.) Select and Place:

Answer:

Explanation:

 

NEW QUESTION 30
An S3 bucket within AWS has generated an alert by violating the Prisma Cloud Default policy "AWS S3 buckets are accessible to public". The policy definition follows:
config where cloud.type = 'aws' AND api.name='aws-s3api-get-bucket-acl' AND json.rule="((((acl.grants[? (@.grantee=='AllUsers')] size > 0) or policyStatus.isPublic is true) and publicAccessBlockConfiguration does not exist) or ((acl.grants[?(@.grantee=='AllUsers')] size > 0) and publicAccessBlockConfiguration.ignorePublicAcis is false) or (policyStatus.isPublic is true and publicAccessBlockConfiguration.restrictPublicBuckets is false)) and websiteConfiguration does not exist" Why did this alert get generated?

  • A. anomalous behaviors
  • B. network traffic to the S3 bucket
  • C. configuration of the S3 bucket
  • D. an event within the cloud account

Answer: B

 

NEW QUESTION 31
You wish to create a custom policy with build and run subtypes.
Match the query types for each example.
(Select your answer from the pull-down list. Answers may be used more than once or not at all.)

Answer:

Explanation:

 

NEW QUESTION 32
Console is running in a Kubernetes cluster, and you need to deploy Defenders on nodes within this cluster.
Which option shows the steps to deploy the Defenders in Kubernetes using the default Console service name?

  • A. From the deployment page in Console, choose twistlock-console for Console identifier, generate DaemonSet file, and apply DaemonSet to the twistlock namespace.
  • B. From the deployment page in Console, choose twistlock-console for Console identifier, and run the curl
    | bash script on the master Kubernetes node.
  • C. From the deployment page in Console, choose pod name for Console identifier, generate DaemonSet file, and apply the DaemonSet to twistlock namespace.
  • D. From the deployment page configure the cloud credential in Console and allow cloud discovery to auto-protect the Kubernetes nodes.

Answer: A

 

NEW QUESTION 33
Which options show the steps required after upgrade of Console?

  • A. Update the Console image in the Twistlock hosted registry
    Update the Defender image in the Twistlock hosted registry
    Uninstall Defenders
  • B. Uninstall Defenders
    Upgrade Jenkins Plugin
    Upgrade twistcli where applicable
    Allow the Console to redeploy the Defender
  • C. Upgrade Defenders
    Upgrade Jenkins Plugin
    Upgrade twistcli where applicable
  • D. Update the Console image in the Twistlock hosted registry
    Update the Defender image in the Twistlock hosted registry
    Redeploy Console

Answer: B

 

NEW QUESTION 34
A Prisma Cloud administrator is tasked with pulling a report via API The Prisma Cloud tenant is located on app2.pnsmacfoudjo. What is the correct API endpoint?

  • A. https://api pnsmacloud.cn
  • B. https //api2-prismacloud io
  • C. https://api.prismactoud.io
  • D. https://api2eu-prismacioud.io

Answer: D

 

NEW QUESTION 35
Which type of compliance check is available for rules under Defend > Compliance > Containers and Images
> CI?

  • A. Host
  • B. Container
  • C. Functions
  • D. Image

Answer: A

 

NEW QUESTION 36
The security team wants to enable the "block" option under compliance checks on the host.
What effect will this option have if it violates the compliance check?

  • A. Containers on a host will be stopped.
  • B. The host will be taken offline.
  • C. No containers will be allowed to start on that host.
  • D. Additional hosts will be prevented form starting.

Answer: D

 

NEW QUESTION 37
You have onboarded a public cloud account into Prisma Cloud Enterprise Configuration Resource ingestion is visible in the Asset Inventory for the onboarded account, but no alerts are being generated for the configuration assets in the account Config policies are enabled in the Prisma Cloud Enterprise tenant, with those policies associated to existing alert rules RQL statements on the Investigate matching those policies return config resource results successfully Why are no alerts being generated''

  • A. The public cloud account is not associated with an alert notification.
  • B. The public cloud account does not have audit trail ingestion enabled.
  • C. The public cloud account is not associated with an alert rule
  • D. The public cloud account does not have access to configuration resources.

Answer: A

 

NEW QUESTION 38
A security team is deploying Cloud Native Application Firewall (CNAF) on a containerized web application.
The application is running an NGINX container. The container is listening on port 8080 and is mapped to host port 80.
Which port should the team specify in the CNAF rule to protect the application?

  • A. 0
  • B. 1
  • C. 2
  • D. 3

Answer: B

 

NEW QUESTION 39
An administrator sees that a runtime audit has been generated for a host.
The audit message is:
'Service postfix attempted to obtain capability SHELL by executing /bin/sh /usr/libexec/postfix/postfix-script stop. Low severity audit event is automatically added to the runtime mode'' Which runtime host policy rule is the root cause for this runtime audit?

  • A. Default rule that alerts on capabilities
  • B. Custom rule with specific configuration for file integrity
  • C. Default rule that alerts on suspicious runtime behavior
  • D. Custom rule with specific configuration for networking

Answer: C

 

NEW QUESTION 40
Which authentication mechanism is supported by Prisma Cloud?

  • A. Certificate-based authentication for the Console Ul and the API
  • B. Certificate-based authentication only for the API
  • C. Certificate-based authentication only for the Console Ul
  • D. SAML-based authentication for the API

Answer: A

 

NEW QUESTION 41
Which three types of buckets exposure are available in the Data Security module? (Choose three.)

  • A. Differential
  • B. International
  • C. Public
  • D. Conditional
  • E. Private

Answer: A,B,D

 

NEW QUESTION 42
......


How to book the Palo-Alto-Networks PCCSE: Prisma Certified Cloud Security Engineer Exam

These are following steps for registering the Palo Alto Networks PCCSE exam.

  • Step 1: Visit to Pearson VUE Exam Registration
  • Step 2: Signup/Login to Pearson VUE account
  • Step 3: Search for Palo Alto Networks PCCSE Exam Certifications Exam
  • Step 4: Select Date, time and confirm with payment method

 

Download Exam PCCSE Practice Test Questions with 100% Verified Answers: https://www.itcertmagic.com/Palo-Alto-Networks/real-PCCSE-exam-prep-dumps.html

Share Latest PCCSETest Practice Test Questions, Exam Dumps: https://drive.google.com/open?id=1L6t__KkIk-rMRpCvrdNh1l8VgBrwVWdd

Related Articles

more
Palo Alto Networks PCCSE Certification Practice Exam