Free 2021 Cloud Security Engineer PCCSE dumps are available by Free4Torrent [Q34-Q58]

Share

Free 2021 Cloud Security Engineer PCCSE dumps are available on Google Drive shared by Free4Torrent

Welcome to download the newest Free4Torrent PCCSE PDF dumps: https://www.free4torrent.com/PCCSE-braindumps-torrent.html ( 87  Q&As)

NEW QUESTION 34
A customer has a requirement to terminate any Container from image topSecret:latest when a process named ransomWare is executed How should the administrator configure Prisma Cloud Compute to satisfy this requirement?

  • A. set the Container model to relearn and set the default runtime rule to prevent for process protection.
  • B. choose "copy into rule" for the Container add a ransomWare process into the denied process list and set the action to "block"
  • C. set the Container model to manual relearn and set the default runtime rule to block for process protection.
  • D. add a new runtime policy targeted at a specific Container name, add ransomWare process into the denied process list and set the action to "prevent".

Answer: D

 

NEW QUESTION 35
A security team has a requirement to ensure the environment is scanned for vulnerabilities. What are three options for configuring vulnerability policies? (Choose three.)

  • A. individual grace periods for each severity level
  • B. output verbosity for blocked requests
  • C. customize message on blocked requests
  • D. apply policy only when vendor fix is available
  • E. individual actions based on package type

Answer: A,B,D

 

NEW QUESTION 36
Order the steps involved in onboarding an AWS Account for use with Data Security feature.

Answer:

Explanation:

 

NEW QUESTION 37
Given an existing ECS Cluster, which option shows the steps required to install the Console in Amazon ECS?

  • A. Download and extract the release tarball
    Create an EFS file system and mount to each node in the cluster Create the Console task definition Deploy the task definition
  • B. The console cannot natively run in an ECS cluster. A onebox deployment should be used.
  • C. Download and extract release tarball Download task from AWS
    Create the Console task definition Deploy the task definition
  • D. Download and extract the release tarball
    Ensure that each node has its own storage for Console data Create the Console task definition Deploy the task definition

Answer: A

 

NEW QUESTION 38
A customer is interested in PCI requirements and needs to ensure that no privilege containers can start in the environment. Which action needs to be set for "do not use privileged containers?

  • A. Prevent
  • B. Block
  • C. Alert
  • D. Fail

Answer: C

 

NEW QUESTION 39
Which two statements are true about the differences between build and run config policies? (Choose two.)

  • A. Build policies enable you to check for security misconfigurations in the IaC templates and ensure that these issues do not get into production.
  • B. Run and Network policies belong to the configuration policy set.
  • C. Run policies monitor resources, and check for potential issues after these cloud resources are deployed.
  • D. Build and Audit Events policies belong to the configuration policy set.
  • E. Run policies monitor network activities in your environment, and check for potential issues during runtime.

Answer: D,E

 

NEW QUESTION 40
Which statement is true about obtaining Console images for Prisma Cloud Compute Edition'?
To retrieve Prisma Cloud Console images using URL auth;

  • A. 1 Access registry paloaltonetworks com. and authenticate using 'docker login'
    2 Retrieve the Prisma Cloud Console images using 'docker pull'
  • B. 1 Access registry-urt-auth twistlock com, and authenticate using the user certificate
    2. Retrieve the Prisma Cloud Console images using 'docker pull'
    To retrieve Prisma Cloud Console images using basic auth:
  • C. 1 Access registry-auth.twistlock com and authenticate using the user certificate
    2. Retrieve the Prisma Cloud Console images using 'docker pull'
    To retrieve Prisma Cloud Console images using basic auth
  • D. 1. Access registry twistlock com. and authenticate using 'docker login'
    2 Retrieve the Prisma Cloud Console images using "docker pull'
    To retrieve Prisma Cloud Console images using URL auth

Answer: C

 

NEW QUESTION 41
What are two ways to scan container images in Jenkins pipelines? (Choose two.)

  • A. twistcli
  • B. Compute Jenkins plugin
  • C. Compute Azure DevOps plugin
  • D. Prisma Cloud Visual Studio Code plugin with Jenkins integration
  • E. Jenkins Docker plugin

Answer: D,E

 

NEW QUESTION 42
A customer does not want alerts to be generated from network traffic that originates from trusted internal networks.
Which setting should you use to meet this customer's request?

  • A. Trusted Alert IP Addresses
  • B. Trusted Login IP Addresses
  • C. Enterprise Alert Disposition
  • D. Anomaly Trusted List

Answer: A

Explanation:
Section: (none)
Explanation

 

NEW QUESTION 43
An administrator sees that a runtime audit has been generated for a Container The audit message is DNS resolution of suspicious name wikipedia.com. type A".
Why would this message appear as an audit?

  • A. The Layer7 firewall detected this as anomalous behavior
  • B. This is a DNS known to be a source of malware
  • C. The process calling out to this domain was not part of the Container model.
  • D. The DNS was not learned as part of the Container model or added to the DNS allow list

Answer: B

 

NEW QUESTION 44
How are the following categorized?
* Backdoor account access
* Hijacked processes
* Lateral movement
* Port scanning

  • A. audits
  • B. models
  • C. incidents
  • D. admission controllers

Answer: A

 

NEW QUESTION 45
You have onboarded a public cloud account into Prisma Cloud Enterprise. Configuration Resource ingestion is visible in the Asset Inventory for the onboarded account, but no alerts are being generated for the configuration assets in the account.
Config policies are enabled in the Prisma Cloud Enterprise tenant, with those policies associated to existing alert rules. ROL statements on the investigate matching those policies return config resource results successfully.
Why are no alerts being generated?

  • A. The public cloud account is not associated with an alert rule.
  • B. The public cloud account does not have audit trail ingestion enabled.
  • C. The public cloud account is not associated with an alert notification.
  • D. The public cloud account does not access to configuration resources.

Answer: C

 

NEW QUESTION 46
A customer has a large environment that needs to upgrade Console without upgrading all Defenders at one time. What are two prerequisites prior to performing a rolling upgrade of Defenders? (Choose two.)

  • A. manually installation of the latest twistdi tool prior to the rolling upgrade
  • B. a second location where you can install the Console
  • C. Additional workload licenses are required to perform the rolling upgrade.
  • D. all Defenders set in read-only mode before execution of the rolling upgrade
  • E. an existing Console at version n-1

Answer: A,E

 

NEW QUESTION 47
A customer has a requirement to scan serverless functions for vulnerabilities.
Which three settings are required to configure serverless scanning? (Choose three.)

  • A. Credential
  • B. Console Address
  • C. Provider
  • D. Region
  • E. Defender Name

Answer: A,C,D

 

NEW QUESTION 48
Match the service on the right that evaluates each exposure type on the left.
(Select your answer from the pull-down list. Answers may be used more than once or not at all.)

Answer:

Explanation:

Reference:
https://www.paloaltonetworks.com/prisma/cloud/cloud-data-security

 

NEW QUESTION 49
An administrator sees that a runtime audit has been generated for a host.
The audit message is:
'Service postfix attempted to obtain capability SHELL by executing /bin/sh /usr/libexec/postfix/postfix-script stop. Low severity audit event is automatically added to the runtime mode'' Which runtime host policy rule is the root cause for this runtime audit?

  • A. Custom rule with specific configuration for networking
  • B. Custom rule with specific configuration for file integrity
  • C. Default rule that alerts on capabilities
  • D. Default rule that alerts on suspicious runtime behavior

Answer: D

 

NEW QUESTION 50
The security team wants to protect a web application container from an SQLi attack. Which type of policy should the administrator create to protect the container?

  • A. Compliance
  • B. CNAF
  • C. CNNF
  • D. Runtime

Answer: B

 

NEW QUESTION 51
What is the order of steps to create a custom network policy?
(Drag the steps into the correct order of occurrence, from the first step to the last.)

Answer:

Explanation:

Reference:
https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/prisma-cloud-policies/create-a- policy.html

 

NEW QUESTION 52
Match the correct scanning mode for each given operation.
(Select your answer from the pull-down list. Answers may be used more than once or not at all.)

Answer:

Explanation:

 

NEW QUESTION 53
A customer is interested in PCI requirements and needs to ensure that no privilege containers can start in the environment.
Which action needs to be set for "do not use privileged containers"?

  • A. Alert
  • B. Block
  • C. Prevent
  • D. Fail

Answer: C

 

NEW QUESTION 54
A S3 bucket within AWS has generated an alert by violating the Prisma Cloud Default policy "AWS S3 buckets are accessible to public" The policy definition follows:
config where cloud type = 'aws' AND api name='aws-s3api-get-bucket-acr AND json.rule="((((acl grants{?(@ grantee='AllUsers')] size > 0) or policyStatusisPubiic is true) and publicAccessBlockConfiguration does not exist) or ((ad.grantsp(@ grantee=='AII Users')] size > 0) and publicAccessBlockConfiguration ignorePubhcAds is false) or (policyStatus isPublic is true and publicAccessBlockConfiguration.restrictPublicBuckets is false)) and websiteConfiguration does not exist" Why did this alert get generated?

  • A. configuration of the S3 bucket
  • B. anomalous behaviors
  • C. network traffic to the S3 bucket
  • D. an event within the cloud account

Answer: B

 

NEW QUESTION 55
Which statement is true about obtaining Console images for Prisma Cloud Compute Edition?

  • A. To retrieve Prisma Cloud Console images using basic auth:
    1. Access registry.paloaltonetworks.com, and authenticate using 'docker login'.
    2. Retrieve the Prisma Cloud Console images using 'docker pull'.
  • B. To retrieve Prisma Cloud Console images using URL auth:
    1. Access registry-auth.twistlock.com, and authenticate using the user certificate.
    2. Retrieve the Prisma Cloud Console images using 'docker pull'.
  • C. To retrieve Prisma Cloud Console images using URL auth:
    1. Access registry-url-auth.twistlock.com, and authenticate using the user certificate.
    2. Retrieve the Prisma Cloud Console images using 'docker pull'.
  • D. To retrieve Prisma Cloud Console images using basic auth:
    1. Access registry.twistlock.com, and authenticate using 'docker login'.
    2. Retrieve the Prisma Cloud Console images using 'docker pull'.

Answer: D

Explanation:
Section: (none)
Explanation

 

NEW QUESTION 56
What is the order of steps to create a custom network policy?
(Drag the steps into the correct order of occurrence, from the first step to the last.)

Answer:

Explanation:

 

NEW QUESTION 57
You are an existing customer of Prisma Cloud Enterprise. You want to onboard a public cloud account and immediately see all of the alerts associated with this account based off ALL of your tenant's existing enabled policies. There is no requirement to send alerts from this account to a downstream application at this time.
Which options shows the steps required during the alert rule creation process to achieve this objective?

  • A. Ensure the public cloud account is assigned to an account group
    Assign the confirmed account group to alert rule
    Select one or more policies checkbox as part of the alert rule
    Confirm the alert rule
  • B. Ensure the public cloud account is assigned to an account group
    Assign the confirmed account group to alert rule
    Select "select all policies" checkbox as part of the alert rule
    Add alert notifications
    Confirm the alert rule
  • C. Ensure the public cloud account is assigned to an account group
    Assign the confirmed account group to alert rule
    Select "select all policies" checkbox as part of the alert rule
    Confirm the alert rule
  • D. Ensure the public cloud account is assigned to an account group
    Assign the confirmed account group to alert rule
    Select one or more policies as part of the alert rule
    Add alert notifications
    Confirm the alert rule

Answer: D

 

NEW QUESTION 58
......

Tested Material Used To PCCSE: https://www.free4torrent.com/PCCSE-braindumps-torrent.html

Following are some new PCCSE Real Exam Questions!: https://drive.google.com/open?id=15BMKY7OjwuSc2_PblPjJWYSdpMebsu8S