CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Palo Alto Networks
  5. PCCSE

Free PCCSE Exam Braindumps (page: 29)

Page 28 of 63
PDF with 260 Questions

What is an automatically correlated set of individual events generated by the firewall and runtime sensors to identify unfolding attacks?

  1. policy
  2. incident
  3. audit
  4. anomaly

Answer(s): B


Reference:

https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin- compute/runtime_defense/incident_explorer.html
An automatically correlated set of individual events generated by the firewall and runtime sensors to identify unfolding attacks is known as an "incident". Incidents provide a consolidated view of related security events, making it easier for administrators to understand the scope and potential impact of an attack, and to take appropriate response actions.



A customer wants to monitor the company's AWS accounts via Prisma Cloud, but only needs the resource configuration to be monitored for now.
Which two pieces of information do you need to onboard this account? (Choose two.)

  1. Cloudtrail
  2. Subscription ID
  3. Active Directory ID
  4. External ID
  5. Role ARN

Answer(s): A,E

Explanation:

To onboard an AWS account into Prisma Cloud for the purpose of monitoring resource configurations, the necessary information includes the Role ARN (Amazon Resource Name) and CloudTrail setup. The Role ARN (Option E) is crucial because Prisma Cloud requires permission to access and monitor resources within the AWS account, which is facilitated through an IAM role that Prisma Cloud can assume. This IAM role must have the necessary permissions to access AWS services and resources that Prisma Cloud needs to monitor. CloudTrail (Option A) is essential for auditing and monitoring API calls within the AWS environment, including those related to resource configurations. It provides visibility into user and resource activity by recording API calls made on the account. CloudTrail logs are used by Prisma Cloud to detect changes in resource configurations and ensure compliance with security policies. Subscription ID (Option B) and Active Directory ID (Option C) are more relevant to Azure cloud environments, not AWS. External ID (Option D) is used in a cross- account role trust relationship to prevent the "confused deputy" problem, but it's not specifically required just to onboard the account for resource configuration monitoring.



An administrator for Prisma Cloud needs to obtain a graphical view to monitor all connections, including connections across hosts and connections to any configured network objects.
Which setting does the administrator enable or configure to accomplish this task?

  1. ADEM
  2. WAAS Analytics
  3. Telemetry
  4. Cloud Native Network Firewall
  5. Host Insight

Answer(s): D


Reference:

https://docs.paloaltonetworks.com/prisma/prisma-cloud/21-04/prisma-cloud-compute- edition-admin/firewalls/cnnf_self_hosted.html
To obtain a graphical view to monitor all connections, including those across hosts and to configured network objects within Prisma Cloud, the appropriate feature to enable or configure is the Cloud Native Network Firewall (Option D). Prisma Cloud's Cloud Native Network Firewall provides visibility into network traffic and allows for the monitoring and control of network flows within the cloud environment, effectively enabling administrators to visualize and secure inter-host communications and connections to network objects. ADEM (Option A) and WAAS Analytics (Option B) are not related to Prisma Cloud's capabilities for monitoring connections. Telemetry (Option C) involves the collection of data and metrics but does not specifically provide a graphical view of connections. Host Insight (Option E) focuses on providing visibility into host-related activities and vulnerabilities but does not specifically deal with monitoring network connections in the graphical manner described.



Which two fields are required to configure SSO in Prisma Cloud? (Choose two.)

  1. Prisma Cloud Access SAML URL
  2. Identity Provider Issuer
  3. Certificate
  4. Identity Provider Logout URL

Answer(s): B,C

Explanation:

Configuring Single Sign-On (SSO) in Prisma Cloud requires the Identity Provider Issuer (Option B) and Certificate (Option C). The Identity Provider Issuer is a unique identifier for the SSO identity provider and is used by Prisma Cloud to establish trust and validate SSO responses. The Certificate, typically an X.509 certificate, is used to sign SSO assertions and ensure the security of the SSO communication. The Prisma Cloud Access SAML URL (Option A) is provided by Prisma Cloud to configure the SSO on the identity provider's side, not the other way around. The Identity Provider Logout URL (Option D) is used for single logout configurations but is not a required field for basic SSO configuration in Prisma Cloud.






Post your Comments and Discuss Palo Alto Networks PCCSE exam with other Community members:

PCCSE Discussions & Posts