Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Palo Alto Networks
  5. PCCSE

Palo Alto Networks PCCSE Exam
Prisma Certified Cloud Security Engineer (Page 4 )

Updated On: 1-Feb-2026
Page 4 of 51
PDF with 260 Questions

Which two filters are available in the SecOps dashboard? (Choose two.)

  1. Time range
  2. Account Groups
  3. Service Name
  4. Cloud Region

Answer(s): A,B

Explanation:

In the SecOps dashboard of a cloud security platform like Prisma Cloud, filters such as Time range and Account Groups are essential for narrowing down the data or security alerts based on specific time periods or organizational structures. The Time range filter allows users to view incidents or compliance data for a particular timeframe, facilitating trend analysis and focusing on recent events. The Account Groups filter enables the segregation of data based on different cloud accounts or organizational units, making it easier for security teams to manage and prioritize security tasks according to the business structure or cloud architecture.



Under which tactic is "Exploit Public-Facing Application" categorized in the ATT&CK framework?

  1. Defense Evasion
  2. Initial Access
  3. Execution
  4. Privilege Escalation

Answer(s): B

Explanation:

In the MITRE ATT&CK framework, the tactic "Exploit Public-Facing Application" is categorized under Initial Access. This tactic involves leveraging vulnerabilities in public-facing applications to gain unauthorized access to an organization's external services or applications. Initial Access tactics are concerned with the methods adversaries use to gain an initial foothold within a network, and exploiting public-facing applications is a common approach used by attackers to breach external defenses and establish a presence within a target network.



Which alert deposition severity must be chosen to generate low and high severity alerts in the Anomaly settings when user wants to report on an unknown browser and OS, impossible time travel, or both due to account hijacking attempts?

  1. High
  2. Aggressive
  3. Moderate
  4. Conservative

Answer(s): A

Explanation:

In the Anomaly settings of a cloud security platform, choosing a High alert disposition severity is crucial when the objective is to generate alerts for both low and high severity incidents, especially in scenarios such as reporting unknown browsers and OS, impossible time travel, or account hijacking attempts. Setting the alert severity to High ensures that the security team is promptly notified of both overt and subtle anomalies, enabling quick response to potential security threats that may indicate unauthorized access or suspicious activities within the cloud environment.



A user from an organization is unable to log in to Prisma Cloud Console after having logged in the previous day.
Which area on the Console will provide input on this issue?

  1. SSO
  2. Audit Logs
  3. Users & Groups
  4. Access Control

Answer(s): B

Explanation:

In the event a user is unable to log in to the Prisma Cloud Console, Audit Logs serve as a critical area for investigating the issue. Audit Logs provide a detailed record of activities, including login attempts, within the Prisma Cloud environment. By examining the Audit Logs, administrators can identify failed login attempts, understand the reasons behind login failures (e.g., incorrect credentials, account lockouts, or access policy changes), and take appropriate actions to resolve the login issues, ensuring users can access the console as expected.



What happens when a role is deleted in Prisma Cloud?

  1. The access key associated with that role is automatically deleted.
  2. Any integrations that use the access key to make calls to Prisma Cloud will stop working.
  3. The users associated with that role will be deleted.
  4. Any user who uses that key will be deleted.

Answer(s): B

Explanation:

When a role is deleted in Prisma Cloud, it directly impacts any integrations that rely on the access key associated with that role. These integrations use the access key to authenticate and make API calls to Prisma Cloud for various operations. Deleting the role invalidates the access key, causing these integrations to lose their ability to communicate with Prisma Cloud, leading to a cessation of their functionality until a new role with a valid access key is configured. This underscores the importance of carefully managing roles and access keys to avoid disrupting integrated systems and services.



Viewing page 4 of 51
Viewing questions 16 - 20 out of 260 questions



Post your Comments and Discuss Palo Alto Networks PCCSE exam prep with other Community members:

Join the PCCSE Discussion