QUESTION: 17

Which statement about build and run policies is true?

Build policies enable you to check for security misconfigurations in the IaC templates.
Every type of policy has auto-remediation enabled by default.
The four main types of policies are: Audit Events, Build, Network, and Run.
Run policies monitor network activities in the environment and check for potential issues during runtime.

Answer(s): A

Explanation:

A true statement about build and run policies is A. Build policies enable you to check for security misconfigurations in the IaC templates. This capability is crucial for identifying potential security issues early in the development process, allowing for proactive mitigation before deployment, thereby enhancing the overall security posture of the applications and infrastructure being developed.

Reveal Solution Next Question

QUESTION: 18

An administrator sees that a runtime audit has been generated for a host. The audit message is:
"Service postfix attempted to obtain capability SHELL by executing /bin/sh /usr/libexec/postfix/postfix- script.stop. Low severity audit, event is automatically added to the runtime model"

Which runtime host policy rule is the root cause for this runtime audit?

Custom rule with specific configuration for file integrity
Custom rule with specific configuration for networking
Default rule that alerts on capabilities
Default rule that alerts on suspicious runtime behavior

Answer(s): D

Explanation:

For a runtime audit generated for a host with a message indicating a service attempting to obtain capability by executing a script, the root cause for this runtime audit is most likely related to D. Default rule that alerts on suspicious runtime behavior. This default rule is designed to flag unusual or potentially harmful activities that could indicate a security risk, prompting further investigation.

Reveal Solution Next Question

QUESTION: 19

Which option identifies the Prisma Cloud Compute Edition?

Package installed with APT
Downloadable, self-hosted software
Software-as-a-Service (SaaS)
Plugin to Prisma Cloud

Answer(s): B

Explanation:

The Prisma Cloud Compute Edition is identified as B. Downloadable, self-hosted software. This option indicates that Prisma Cloud Compute Edition is a solution that organizations can deploy within their own infrastructure, providing them with control over the installation, configuration, and management of the security platform.

Reference:

https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin- compute/welcome/ pcee_vs_pcce.html

Reveal Solution Next Question

QUESTION: 20

Which type of compliance check is available for rules under Defend > Compliance > Containers and Images > CI?

Host
Container
Functions
Image

Answer(s): D

Explanation:

In the context of Defend > Compliance > Containers and Images > CI within Prisma Cloud by Palo Alto Networks, the compliance checks are focused on the security posture and compliance of container images. Therefore, the type of compliance check available under this section would be related to Images, ensuring they adhere to security best practices and compliance standards before being deployed.

Reveal Solution Next Question

Free PCCSE Exam Braindumps (page: 6)

QUESTION: 17

Explanation:

QUESTION: 18

Explanation:

QUESTION: 19

Explanation:

Reference:

QUESTION: 20

Explanation:

PCCSE Discussions & Posts