CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Palo Alto Networks
  5. PCCSE

Free PCCSE Exam Braindumps (page: 26)

Page 25 of 63
PDF with 260 Questions

Which API calls can scan an image named myimage: latest with twistcli and then retrieve the results from Console?

  1. $ twistcli images scan \
    --address <COMPUTE_CONSOLE> \
    --user <COMPUTER_CONSOLE_USER> \
    --password <COMPUTER_CONSOLE_PASSWD> \
    --verbose \

    myimage: latest
  2. $ twistcli images scan \
    --address <COMPUTE_CONSOLE> \
    --user <COMPUTER_CONSOLE_USER> \
    --password <COMPUTER_CONSOLE_PASSWD> \
    --details \
    myimage: latest
  3. $ twistcli images scan \
    --address <COMPUTE_CONSOLE> \
    --user <COMPUTER_CONSOLE_USER> \
    --password <COMPUTER_CONSOLE_PASSWD> \
    myimage: latest
  4. $ twistcli images scan \
    --address <COMPUTE_CONSOLE> \
    --user <COMPUTER_CONSOLE_USER> \
    --password <COMPUTER_CONSOLE_PASSWD> \
    --console \
    myimage: latest

Answer(s): C

Explanation:

The API calls that can scan an image named myimage: latest with twistcli and then retrieve the results from Console do not require any additional flags beyond the address, user, and password for the Prisma Cloud Compute console. The --verbose, --details, and --console flags are not necessary for performing the scan and retrieving the results. The twistcli command with the required parameters initiates the scan, and upon completion, the results are available in the Prisma Cloud Compute console for review.
Reference to this process is provided in the Prisma Cloud Compute documentation, which outlines the steps for scanning container images with the twistcli command-line tool and retrieving the results from the Compute Console for analysis and action.



Given the following RQL:
event from cloud.audit_logs where operation IN (`CreateCryptoKey', `DestroyCryptoKeyVersion',

`v1.compute.disks.createSnapshot')
Which audit event snippet is identified?
A)



B)



C)



D)

  1. Option A
  2. Option B
  3. Option C
  4. Option D

Answer(s): C

Explanation:

The given RQL (Resource Query Language) query is looking for specific audit events related to cryptographic key actions and snapshot creation. The snippet that matches this query is Option C, which contains the statement indicating permissions that allow any action ("Action": "*") and the reference to the version date "2012-10-17" that corresponds to the policy within the audit log. This can be cross-referenced with cloud provider documentation, such as AWS CloudTrail or Google Cloud Audit Logs, which record user activities and API usage. The RQL provided would be used in a CSPM tool to query these audit logs for the specified events.



Which two of the following are required to be entered on the IdP side when setting up SSO in Prisma Cloud? (Choose two.)

  1. Username
  2. SSO Certificate
  3. Assertion Consumer Service (ACS) URL
  4. SP (Service Provider) Entity ID

Answer(s): C,D

Explanation:

When setting up Single Sign-On (SSO) in Prisma Cloud on the Identity Provider (IdP) side, it is essential to configure the Assertion Consumer Service (ACS) URL and the Service Provider (SP) Entity

ID. The ACS URL is the endpoint to which the IdP will send the SAML assertion, and the SP Entity ID is a unique identifier for the service provider that often resembles a URL but does not necessarily point to a location. These elements are crucial for establishing the trust relationship between the IdP and the service provider, enabling secure user authentication and authorization.



An administrator sees that a runtime audit has been generated for a container.
The audit message is:
"/bin/ls launched and is explicitly blocked in the runtime rule. Full command: ls -latr" Which protection in the runtime rule would cause this audit?

  1. Networking
  2. File systems
  3. Processes
  4. Container

Answer(s): C

Explanation:

The protection in the runtime rule that would cause the audit message indicating "/bin/ls launched and is explicitly blocked in the runtime rule" is related to "Processes". In container security, a runtime rule set to monitor and restrict processes can block specific executables or commands from running within a container. If the rule is triggered, it indicates that a process that is explicitly denied by the policy attempted to execute, which in this case is the 'ls' command.






Post your Comments and Discuss Palo Alto Networks PCCSE exam with other Community members:

PCCSE Discussions & Posts