CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Palo Alto Networks
  5. PCCSE

Free PCCSE Exam Braindumps (page: 28)

Page 27 of 63
PDF with 260 Questions

Given the following RQL:



Which audit event snippet is identified by the RQL?

A)



B)



C)



D)

  1. Option A
  2. Option B
  3. Option C
  4. Option D

Answer(s): D

Explanation:

The RQL provided is designed to capture certain network-related operations, including the creation and deletion of compute firewall rules. The audit event snippet that matches this RQL is Option D, as it includes a "compute.firewalls.delete" operation within its request, aligning with the specified RQL's criteria.



The development team is building pods to host a web front end, and they want to protect these pods with an application firewall.
Which type of policy should be created to protect this pod from Layer7 attacks?

  1. The development team should create a WAAS rule for the host where these pods will be running.
  2. The development team should create a WAAS rule targeted at all resources on the host.
  3. The development team should create a runtime policy with networking protections.
  4. The development team should create a WAAS rule targeted at the image name of the pods.

Answer(s): D

Explanation:

To protect the pods hosting a web front end from Layer 7 attacks, the development team should create a Web Application and API Security (WAAS) rule targeted at the image name of the pods. This approach allows the policy to specifically protect the applications running within the pods against sophisticated attacks that target the application layer.



A manager informs the SOC that one or more RDS instances have been compromised and the SOC needs to make sure production RDS instances are NOT publicly accessible.
Which action should the SOC take to follow security best practices?

  1. Enable "AWS S3 bucket is publicly accessible" policy and manually remediate each alert.
  2. Enable "AWS RDS database instance is publicly accessible" policy and for each alert, check that it is a production instance, and then manually remediate.
  3. Enable "AWS S3 bucket is publicly accessible" policy and add policy to an auto-remediation alert rule.
  4. Enable "AWS RDS database instance is publicly accessible" policy and add policy to an auto- remediation alert rule.

Answer(s): B

Explanation:

Following best practices, the Security Operations Center (SOC) should enable a policy that checks for publicly accessible AWS RDS database instances and then manually remediate each instance confirmed to be part of the production environment. This approach ensures that only those resources that should not be publicly accessible are modified, avoiding unintended access restrictions on non-production instances.



An administrator wants to enforce a rate limit for users not being able to post five (5) .tar.gz files within five (5) seconds.

What does the administrator need to configure?

  1. A ban for DoS protection with an average rate of 5 and file extensions match on .tar.gz on WAAS
  2. A ban for DoS protection with a burst rate of 5 and file extensions match on .tar.gz on CNNF
  3. A ban for DoS protection with a burst rate of 5 and file extensions match on .tar gz on WAAS
  4. A ban for DoS protection with an average rate of 5 and file extensions match on .tar.gz on CNNF

Answer(s): A

Explanation:

To enforce a rate limit for users posting .tar.gz files, the administrator needs to configure a ban for Denial of Service (DoS) protection with an average rate of 5 and match file extensions on .tar.gz on the Web Application and API Security (WAAS) system. This ensures that if the specified rate is exceeded, the action is blocked, thus providing protection against potential DoS attacks.






Post your Comments and Discuss Palo Alto Networks PCCSE exam with other Community members:

PCCSE Discussions & Posts