CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Palo Alto Networks
  5. PCCSE

Free PCCSE Exam Braindumps (page: 4)

Page 3 of 63
PDF with 260 Questions

A customer does not want alerts to be generated from network traffic that originates from trusted internal networks.

Which setting should you use to meet this customer's request?

  1. Trusted Login IP Addresses
  2. Anomaly Trusted List
  3. Trusted Alert IP Addresses
  4. Enterprise Alert Disposition

Answer(s): C

Explanation:

B --> Anomaly Trusted List--Exclude trusted IP addresses when conducting tests for PCI compliance or penetration testing on your network. Any addresses included in this list do not generate alerts against the Prisma Cloud Anomaly Policies that detect unusual network activity such as the policies that detect internal port scan and port sweep activity, which are enabled by default. C --> Trusted Alert IP Addresses--If you have internal networks that connect to your public cloud infrastructure, you can add these IP address ranges (or CIDR blocks) as trusted ... Prisma Cloud default network policies that look for internet exposed instances also do not generate alerts when the source IP address is included in the trusted IP address list and the account hijacking anomaly policy filters out activities from known IP addresses. Also, when you use RQL to query network traffic, you can filter out traffic from known networks that are included in the trusted IP address list. For a customer who does not want alerts to be generated from network traffic originating from trusted internal networks, the appropriate setting is C. Trusted Alert IP Addresses. This setting allows for specifying certain IP addresses as trusted, meaning alerts will not be triggered by activities from these IPs, ensuring that internal network traffic is not flagged as potentially malicious.



A DevOps lead reviewed some system logs and notices some odd behavior that could be a data exfiltration attempt. The DevOps lead only has access to vulnerability data in Prisma Cloud Compute, so the DevOps lead passes this information to SecOps.

Which pages in Prisma Cloud Compute can the SecOps lead use to investigate the runtime aspects of this attack?

  1. The SecOps lead should investigate the attack using Vulnerability Explorer and Runtime Radar.
  2. The SecOps lead should use Incident Explorer and Compliance Explorer.
  3. The SecOps lead should use the Incident Explorer page and Monitor > Events > Container Audits.
  4. The SecOps lead should review the vulnerability scans in the CI/CD process to determine blame.

Answer(s): C

Explanation:

To investigate the runtime aspects of a potential data exfiltration attempt, the SecOps lead in Prisma

Cloud Compute should focus on areas that provide insights into runtime activity and potential threats. C. The SecOps lead should use the Incident Explorer page and Monitor > Events > Container Audits. These sections provide detailed information on security incidents and container-level activities, enabling a thorough investigation into the runtime behavior that might indicate a security issue.



A customer finds that an open alert from the previous day has been resolved. No auto-remediation was configured.

Which two reasons explain this change in alert status? (Choose two.)

  1. user manually changed the alert status.
  2. policy was changed.
  3. resource was deleted.
  4. alert was sent to an external integration.

Answer(s): A,C

Explanation:

When an open alert from the previous day has been resolved without any configured auto- remediation, the change in alert status could be due to A. a user manually changing the alert status, indicating a manual intervention where someone reviewed and updated the alert status, and C. resource was deleted, implying that the resolution of the alert could be due to the removal of the resource associated with the alert, hence nullifying the alert condition.


Reference:

https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/manage- prisma-cloud- alerts/prisma-cloud-alert-resolution-reasons.html



Which three steps are involved in onboarding an account for Data Security? (Choose three.)

  1. Create a read-only role with in-line policies
  2. Create a Cloudtrail with SNS Topic
  3. Enable Flow Logs
  4. Enter the RoleARN and SNSARN
  5. Create a S3 bucket

Answer(s): B,D,E

Explanation:

Onboarding an account for Data Security involves several critical steps to ensure comprehensive coverage and effective monitoring. The steps involved include B. Create a Cloudtrail with SNS Topic to track and manage API calls and relevant notifications, D. Enter the RoleARN and SNSARN to provide necessary access and integration points for data security functions, and E. Create a S3 bucket which serves as a storage solution for logging and data capture essential for security analysis.






Post your Comments and Discuss Palo Alto Networks PCCSE exam with other Community members:

PCCSE Discussions & Posts