Palo Alto Networks PCCSE Exam Practice Questions (P. 2)
- Full Access (252 questions)
- Six months of Premium Access
- Access to one million comments
- Seamless ChatGPT Integration
- Ability to download PDF files
- Anki Flashcard files for revision
- No Captcha & No AdSense
- Advanced Exam Configuration
Question #6
Which statement is true about obtaining Console images for Prisma Cloud Compute Edition?
- ATo retrieve Prisma Cloud Console images using basic auth: 1. Access registry.paloaltonetworks.com, and authenticate using 'docker login'. 2. Retrieve the Prisma Cloud Console images using 'docker pull'.
- BTo retrieve Prisma Cloud Console images using basic auth: 1. Access registry.twistlock.com, and authenticate using 'docker login'. 2. Retrieve the Prisma Cloud Console images using 'docker pull'.Most Voted
- CTo retrieve Prisma Cloud Console images using URL auth: 1. Access registry-url-auth.twistlock.com, and authenticate using the user certificate. 2. Retrieve the Prisma Cloud Console images using 'docker pull'.
- DTo retrieve Prisma Cloud Console images using URL auth: 1. Access registry-auth.twistlock.com, and authenticate using the user certificate. 2. Retrieve the Prisma Cloud Console images using 'docker pull'.
Correct Answer:
B
Reference:
https://docs.twistlock.com/docs/compute_edition/install/twistlock_container_images.html#retrieving-prisma-cloud-images-using-basic-auth
B
Reference:
https://docs.twistlock.com/docs/compute_edition/install/twistlock_container_images.html#retrieving-prisma-cloud-images-using-basic-auth
send
light_mode
delete
Question #7
Which two statements are true about the differences between build and run config policies? (Choose two.)
- ARun and Network policies belong to the configuration policy set.
- BBuild and Audit Events policies belong to the configuration policy set.
- CRun policies monitor resources, and check for potential issues after these cloud resources are deployed.Most Voted
- DBuild policies enable you to check for security misconfigurations in the IaC templates and ensure that these issues do not get into production.Most Voted
- ERun policies monitor network activities in your environment, and check for potential issues during runtime.
Correct Answer:
BE
BE
send
light_mode
delete
Question #8
A security team notices a number of anomalies under Monitor > Events. The incident response team works with the developers to determine that these anomalies are false positives.
What will be the effect if the security team chooses to Relearn on this image?
What will be the effect if the security team chooses to Relearn on this image?
- AThe model is deleted, and Defender will relearn for 24 hours.
- BThe anomalies detected will automatically be added to the model.
- CThe model is deleted and returns to the initial learning state.
- DThe model is retained, and any new behavior observed during the new learning period will be added to the existing model.Most Voted
Correct Answer:
B
Reference:
https://digitalguardian.com/blog/five-steps-incident-response
B
Reference:
https://digitalguardian.com/blog/five-steps-incident-response
send
light_mode
delete
Question #9
A customer does not want alerts to be generated from network traffic that originates from trusted internal networks.
Which setting should you use to meet this customer's request?
Which setting should you use to meet this customer's request?
- ATrusted Login IP Addresses
- BAnomaly Trusted List
- CTrusted Alert IP AddressesMost Voted
- DEnterprise Alert Disposition
Correct Answer:
C
Reference:
https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/manage-prisma-cloud-alerts/trusted-ip-addresses-on-prisma-cloud.html
C
Reference:
https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/manage-prisma-cloud-alerts/trusted-ip-addresses-on-prisma-cloud.html
send
light_mode
delete
Question #10
A DevOps lead reviewed some system logs and notices some odd behavior that could be a data exfiltration attempt. The DevOps lead only has access to vulnerability data in Prisma Cloud Compute, so the DevOps lead passes this information to SecOps.
Which pages in Prisma Cloud Compute can the SecOps lead use to investigate the runtime aspects of this attack?
Which pages in Prisma Cloud Compute can the SecOps lead use to investigate the runtime aspects of this attack?
- AThe SecOps lead should investigate the attack using Vulnerability Explorer and Runtime Radar.
- BThe SecOps lead should use Incident Explorer and Compliance Explorer.
- CThe SecOps lead should use the Incident Explorer page and Monitor > Events > Container Audits.Most Voted
- DThe SecOps lead should review the vulnerability scans in the CI/CD process to determine blame.
Correct Answer:
B
Reference:
https://docs.paloaltonetworks.com/prisma/prisma-cloud/19-11/prisma-cloud-compute-edition-admin/runtime_defense/incident_explorer.html
B
Reference:
https://docs.paloaltonetworks.com/prisma/prisma-cloud/19-11/prisma-cloud-compute-edition-admin/runtime_defense/incident_explorer.html
send
light_mode
delete
All Pages