Free PCCSE Exam Braindumps (page: 16)

Page 15 of 63

A customer wants to turn on Auto Remediation.

Which policy type has the built-in CLI command for remediation?

  1. Anomaly
  2. Audit Event
  3. Network
  4. Config

Answer(s): D


Reference:

https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/prisma- cloud-policies/ create-a-policy.html
In Prisma Cloud, Config policies have built-in CLI commands for auto-remediation. These policies help in identifying misconfigurations within cloud environments and can automatically execute remediation commands to correct the configurations without manual intervention. This feature is part of Prisma Cloud's comprehensive approach to maintaining cloud security posture by ensuring that cloud resources are configured in accordance with best practices and compliance standards.



A customer is deploying Defenders to a Fargate environment. It wants to understand the vulnerabilities in the image it is deploying.

How should the customer automate vulnerability scanning for images deployed to Fargate?

  1. Set up a vulnerability scanner on the registry
  2. Embed a Fargate Defender to automatically scan for vulnerabilities
  3. Designate a Fargate Defender to serve a dedicated image scanner
  4. Use Cloud Compliance to identify misconfigured AWS accounts

Answer(s): A

Explanation:

To automate vulnerability scanning for images deployed to Fargate, the customer should set up a vulnerability scanner on the container registry where the images are stored before they are deployed. By scanning the images in the registry, any vulnerabilities can be identified and addressed before the images are used to create Fargate tasks. This proactive approach to vulnerability management is crucial in cloud-native environments to ensure that deployed containers are free from known vulnerabilities.


Reference:

https://blog.paloaltonetworks.com/prisma-cloud/securing-aws-fargate-tasks/



Which container image scan is constructed correctly?

  1. twistcli images scan --docker-address https://us-west1.cloud.twistlock.com/us-3-123456789 myimage/ latest
  2. twistcli images scan --address https://us-west1.cloud.twistlock.com/us-3-123456789 myimage/latest
  3. twistcli images scan --address https://us-west1.cloud.twistlock.com/us-3-123456789 --container myimage/ latest
  4. twistcli images scan --address https://us-west1.cloud.twistlock.com/us-3-123456789 --container myimage/ latest --details

Answer(s): B

Explanation:

The correct construction for scanning a container image using the TwistCLI tool in Prisma Cloud is option B. This command specifies the address of the Prisma Cloud Console and the image to be scanned, including its tag. The TwistCLI tool is part of Prisma Cloud's capabilities to integrate security into the CI/CD pipeline, allowing for the scanning of images for vulnerabilities as part of the build process, thus ensuring that only secure images are deployed.



DRAG DROP (Drag and Drop is not supported)
An administrator has been tasked with creating a custom service that will download any existing compliance report from a Prisma Cloud Enterprise tenant.

In which order will the APIs be executed for this service?

(Drag the steps into the correct order of occurrence, from the first step to the last.)

  1. See Explanation section for answer.

Answer(s): A

Explanation:

1. Post /Login 2. Get /report 3. Get report/id/download






Post your Comments and Discuss Palo Alto Networks PCCSE exam with other Community members:

PCCSE Discussions & Posts