CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Palo Alto Networks
  5. PCCSE

Free PCCSE Exam Braindumps (page: 7)

Page 6 of 63
PDF with 260 Questions

The security team wants to protect a web application container from an SQLi attack.
Which type of policy should the administrator create to protect the container?

  1. CNAF
  2. Runtime
  3. Compliance
  4. CNNF

Answer(s): A

Explanation:

To protect a web application container from an SQL Injection (SQLi) attack, the administrator should create a Cloud Native Application Firewall (CNAF) policy. CNAF policies are designed to protect applications running in containers from various types of attacks, including SQLi, by inspecting the traffic going to and from the containerized applications and blocking malicious requests.


Reference:

https://docs.paloaltonetworks.com/prisma/prisma-cloud/20-09/prisma-cloud-compute- edition- admin/firewalls/waas



An S3 bucket within AWS has generated an alert by violating the Prisma Cloud Default policy "AWS S3 buckets are accessible to public". The policy definition follows:

config where cloud.type = 'aws' AND api.name='aws-s3api-get-bucket-acl' AND json.rule="((((acl.grants[? (@.grantee=='AllUsers')] size > 0) or policyStatus.isPublic is true) and publicAccessBlockConfiguration does not exist) or ((acl.grants[?(@.grantee=='AllUsers')] size > 0) and publicAccessBlockConfiguration.ignorePublicAcis is false) or (policyStatus.isPublic is true and publicAccessBlockConfiguration.restrictPublicBuckets is false)) and websiteConfiguration does not exist"

Why did this alert get generated?

  1. an event within the cloud account
  2. network traffic to the S3 bucket
  3. configuration of the S3 bucket
  4. anomalous behaviors

Answer(s): C

Explanation:

The alert "AWS S3 buckets are accessible to public" is generated due to the configuration of the S3 bucket, which has been set in a way that allows public access. The policy definition provided checks for various conditions that would make an S3 bucket publicly accessible, such as grants to 'AllUsers', the absence of a 'publicAccessBlockConfiguration', or specific configurations that do not restrict public access. Therefore, the alert is triggered by the configuration settings of the S3 bucket that violate the policy's criteria for public accessibility.



DRAG DROP (Drag and Drop is not supported)
Which order of steps map a policy to a custom compliance standard?

(Drag the steps into the correct order of occurrence, from the first step to the last.)

  1. See Explanation section for answer.

Answer(s): A

Explanation:



1. click on compliance standard.
2. add custom compliance standard.
3. edit policies.
4. add compliance standard from drop-down menu https://docs.prismacloudcompute.com/docs/enterprise_edition/compliance/custom_compliance_c hecks.html#creating-a-new-custom-check

The process of mapping a policy to a custom compliance standard in a security platform like Prisma Cloud by Palo Alto Networks involves several specific steps. Firstly, one must access the compliance standards, which is typically done by clicking on the "Compliance Standards" section within the platform's interface. This is where all standards, including custom and predefined ones, are listed. Next, if the custom compliance standard does not already exist, it must be created. This step involves defining the criteria and controls that make up the standard, tailored to the organization's specific requirements.
Once the custom compliance standard is in place, the policy in question needs to be edited. This editing process would involve configuring the policy to align with the compliance controls outlined in the custom standard, ensuring that the policy will enforce or check for the necessary requirements as defined by the standard.
Finally, the last step is to formally associate or map the edited policy with the custom compliance standard. This is typically done by adding the policy to the standard, which may involve selecting the custom compliance standard from a drop-down menu within the policy settings, confirming that this particular policy should be enforced as part of the compliance checks for that standard. This ordered process ensures that policies are properly aligned with the organization's compliance goals and can be enforced and reported on accurately within the security platform.



A customer is interested in PCI requirements and needs to ensure that no privilege containers can start in the environment.

Which action needs to be set for "do not use privileged containers"?

  1. Prevent
  2. Alert
  3. Block
  4. Fail

Answer(s): C

Explanation:

Block--Defender stops the entire container if a process that violates your policy attempts to run.

https://docs.prismacloudcompute.com/docs/enterprise_edition/runtime_defense/runtime_defense _containers.html#_effect






Post your Comments and Discuss Palo Alto Networks PCCSE exam with other Community members:

PCCSE Discussions & Posts