CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Palo Alto Networks
  5. PCCSE

Free PCCSE Exam Braindumps (page: 25)

Page 24 of 63
PDF with 260 Questions

One of the resources on the network has triggered an alert for a Default Config policy.
Given the following resource JSON snippet:



Which RQL detected the vulnerability?
A)



B)



C)



D)

  1. Option A
  2. Option B
  3. Option C
  4. Option D

Answer(s): B

Explanation:

The correct RQL (Resource Query Language) that detected the vulnerability is:

config from cloud.resource where cloud.type = 'aws' and api.name = 'aws-iam-get-credential-report' AND json.rule = '(access_key_1_active is true and access_key_1_last_rotated != N/A and DateTime. ageInDays (access_key_1_last_rotated) > 90) or (access_key_2_active is true and access_key_2_last_rotated != N/A and _DateTime. ageInDays (access_key_2_last_rotated) > 90)' This RQL is designed to check the age of the AWS IAM user's access keys to ensure that they are rotated within a recommended period, typically 90 days. If the access keys have not been rotated within this timeframe, it would be considered a security risk or vulnerability, as old keys may potentially be compromised. By enforcing access key rotation, it minimizes the risk of unauthorized access.
The reference for this type of policy check can be seen in cloud security best practices that advocate for regular rotation of access keys to minimize the potential impact of key compromise. CSPM tools like Prisma Cloud include such checks to automate compliance with these best practices.



A customer has multiple violations in the environment including:
User namespace is enabled
An LDAP server is enabled
SSH root is enabled
Which section of Console should the administrator use to review these findings?

  1. Manage
  2. Vulnerabilities
  3. Radar
  4. Compliance

Answer(s): D

Explanation:

The correct section of the Console that the administrator should use to review findings such as "User namespace is enabled", "An LDAP server is enabled", and "SSH root is enabled" is "Compliance". The "Compliance" section in CSPM tools like Prisma Cloud provides an overview of the current compliance posture against various regulatory standards and best practices. It can help identify configurations that do not adhere to best practices or that may violate compliance requirements, such as enabling the user namespace, which could be a security risk, or having an LDAP server and SSH root enabled, which may not comply with certain security standards. Reference to the use of the "Compliance" section can be found in CSPM documentation, where it details how compliance checks are used to assess the security and configuration of cloud resources against established benchmarks and standards, allowing organizations to maintain compliance and improve their security posture.



A customer has serverless functions that are deployed in multiple clouds.
Which serverless cloud provider is covered be "overly permissive service access" compliance check?

  1. Alibaba
  2. GCP
  3. AWS
  4. Azure

Answer(s): C


Reference:

https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin- compute/compliance/serverless.html
The serverless cloud provider covered by the "overly permissive service access" compliance check is AWS (Amazon Web Services). AWS Lambda, which is the serverless computing platform provided by

AWS, may have functions that are assigned more permissions than they require to perform their operations, leading to security risks.
In the context of CSPM tools, such as Prisma Cloud, checks for overly permissive service access would typically include examining the policies attached to AWS Lambda functions to ensure that they adhere to the principle of least privilege. Such checks help identify and rectify overly broad permissions that could potentially be exploited by attackers. The reference for this can be found in AWS best practices for Lambda security, which emphasize the importance of granting minimal privileges necessary for the Lambda function to perform its tasks, thereby reducing the potential attack surface.



A customer has a requirement to restrict any container from resolving the name www.evil-url.com. How should the administrator configure Prisma Cloud Compute to satisfy this requirement?

  1. Choose "copy into rule" for any Container, set www.evil-url.com as a blocklisted DNS name in the Container policy and set the policy effect to alert.
  2. Set www.evil-url.com as a blocklisted DNS name in the default Container runtime policy, and set the effect to block.
  3. Choose "copy into rule" for any Container, set www.evil-url.com as a blocklisted DNS name, and set the effect to prevent.
  4. Set www.evil-url.com as a blocklisted DNS name in the default Container policy and set the effect to prevent.

Answer(s): D

Explanation:

To restrict any container from resolving the name www.evil-url.com, the administrator should set www.evil-url.com as a blocklisted DNS name in the default Container policy and set the effect to prevent. This configuration in Prisma Cloud, or similar CSPM tools, ensures that any attempt to resolve the specified blocklisted DNS name within any container will be prevented, thus enhancing security by proactively blocking potential communication with known malicious domains. Reference to this feature can be found in the documentation of CSPM tools that offer runtime protection for containers. These tools allow administrators to define security policies that can include DNS-based controls to prevent containers from accessing known malicious or undesirable URLs, thereby preventing potential data exfiltration, malware communication, or other security threats






Post your Comments and Discuss Palo Alto Networks PCCSE exam with other Community members:

PCCSE Discussions & Posts