CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Palo Alto Networks
  5. PCCSE

Free PCCSE Exam Braindumps (page: 11)

Page 10 of 63
PDF with 260 Questions

The Unusual protocol activity (Internal) network anomaly is generating too many alerts. An administrator has been asked to tune it to the option that will generate the least number of events without disabling it entirely.

Which strategy should the administrator use to achieve this goal?

  1. Disable the policy
  2. Set the Alert Disposition to Conservative
  3. Change the Training Threshold to Low
  4. Set Alert Disposition to Aggressive

Answer(s): B

Explanation:

To reduce the number of alerts generated by the "Unusual protocol activity (Internal)" network anomaly without entirely disabling the policy, setting the Alert Disposition to Conservative (option B) is the most effective strategy. This configuration adjusts the sensitivity of the anomaly detection, reducing the likelihood of false positives and minimizing alert fatigue without compromising the ability to detect genuine security threats. By adopting a more conservative approach to anomaly detection, the administrator can ensure that only the most significant and potentially harmful activities trigger alerts, thus maintaining a balance between security vigilance and operational efficiency.



What is the behavior of Defenders when the Console is unreachable during upgrades?

  1. Defenders continue to alert, but not enforce, using the policies and settings most recently cached before upgrading the Console.
  2. Defenders will fail closed until the web-socket can be re-established.
  3. Defenders will fail open until the web-socket can be re-established.
  4. Defenders continue to alert and enforce using the policies and settings most recently cached before upgrading the Console.

Answer(s): D

Explanation:

When the Console is unreachable during upgrades, Defenders continue to alert and enforce using the policies and settings most recently cached before the upgrade (option D). This behavior ensures that security enforcement remains active and consistent, even when the central management console is temporarily unavailable. The cached policies enable Defenders to maintain the security posture based on the last known configuration, ensuring continuous protection against threats and compliance with established security policies. This approach reflects Prisma Cloud's design principle of ensuring uninterrupted security enforcement, thereby safeguarding the environment against potential vulnerabilities during maintenance periods.


Reference:

https://docs.paloaltonetworks.com/prisma/prisma-cloud/20-09/prisma-cloud-compute- edition- admin/upgrade/upgrade_process.html



How are the following categorized?
Backdoor account access Hijacked processes Lateral movement Port scanning

  1. audits
  2. incidents
  3. admission controllers
  4. models

Answer(s): B

Explanation:

The activities listed (Backdoor account access, Hijacked processes, Lateral movement, Port scanning) are categorized as incidents (option B). Incidents represent security events or patterns of activity that indicate potential security breaches or malicious behavior within the environment. Prisma Cloud identifies and classifies such activities as incidents to highlight significant security concerns that require investigation and potential remediation. This categorization helps security teams prioritize their response efforts, focusing on activities that pose a real threat to the integrity and security of the cloud environment. By distinguishing incidents from other types of security findings, Prisma Cloud enables more effective incident response and threat management processes.



DRAG DROP (Drag and Drop is not supported)
An administrator needs to write a script that automatically deactivates access keys that have not been used for 30 days.

In which order should the API calls be used to accomplish this task? (Drag the steps into the correct order from the first step to the last.) Select and Place:

  1. See Explanation section for answer.

Answer(s): A

Explanation:


GET https://api.prismacloud.io/access_keys
PATCH https://api.prismacloud.io/access_keys/<id>/status/<status>
POST https://api.prismacloud.io/login

To write a script that automatically deactivates access keys that have not been used for 30 days, an administrator would need to follow an ordered sequence of API calls to the Prisma Cloud platform. The first API call must authenticate the script with the Prisma Cloud API, which is typically done using a POST request to the login endpoint. This step is necessary to establish a session and retrieve an authentication token required for subsequent API calls. Once the script is authenticated, the next call is a GET request to the access_keys endpoint. This retrieves a list of all access keys within the environment. The script can then parse through these keys to determine which ones have not been used within the specified timeframe of 30 days. For each access key that meets the criteria (unused for 30 days), the script must send a PATCH request to the specific access key's endpoint, which includes the access key ID and the desired status. This request will change the status of the access key to 'inactive' or a similar status that denotes deactivation.
Following this ordered sequence ensures that the script systematically authenticates, evaluates, and updates the status of access keys based on their usage, thereby maintaining security and compliance within the Prisma Cloud environment.






Post your Comments and Discuss Palo Alto Networks PCCSE exam with other Community members:

PCCSE Discussions & Posts