Download Latest PCCSE Certification Dumps To Become A Prisma Certified Cloud Security Engineer

test2022-03-21T03:40:36+00:00

Plan to take your PCCSE Certification exam? Prisma Certified Cloud Security Engineer (PCCSE) certification validates the knowledge, skills and abilities required to onboard, deploy and administer all aspects of Prisma Cloud. To aid all candidates, FreeTestShare provides 100 percent authentic PCCSE dumps that will not only help you pass the PCCSE exam, but will also save your a lot of time. Our PCCSE practice exam, which simulates the actual exam environment, has been created to make your preparation for the PCCSE certification exam easier.

Take a look at this free PCCSE practice exam to get a better understanding of the exam!

Page 1 of 2

1. A customer wants to harden its environment from misconfiguration

Prisma Cloud Compute Compliance enforcement for hosts covers which three options? (Choose three.)

Host cloud provider tags

Host configuration

Docker daemon configuration files

Docker daemon configuration

Hosts without Defender agents

2. The development team wants to block Cross Site Scripting attacks from pods its environment.

How should the team construct the CNAF policy to protect against this attack?

create a Container CNAF policy, targeted at a specific resource, check the box for XSS attack protection and set the action to alert

create a Host CNAF policy targeted at a specific resource, check the box for XSS attack protection and set the action to "prevent"

create a Container CNAF policy, targeted at a specific resource, check the box for XSS attack protection and set the action to prevent

create a Container CNAF policy, targeted at a specific resource, and they should set "Explicitly allowed inbound IP sources" to the IP address of the pod.

3. A customer finds that an open alert from the previous day has been resolved No auto-remediation was configured.

Which two reasons explain this change in alert status? (Choose two)

alert was sent to an external integration

resource was deleted.

user manually changed the alert status

policy was changed.

4. Review this admission control policy:

Which response to this policy will be achieved when the effect is set to "block"?

The policy will replace Defender with a privileged Defender

The policy will block the creation of a privileged pod

The policy will block all pods on a Privileged host

The policy will alert only the administrator when a privileged pod is created

5. A customer is deploying Defenders to a Fargate environment It wants to understand the vulnerabilities in the images it is deploying .

How should the customer automate vulnerability scanning for images deployed to Fargate?

Embed a Fargate Defender to automatically scan for vulnerabilities

Use Cloud Compliance to identify misconfigured AWS accounts

Set up a vulnerability scanner on the registry

Designate a Fargate Defender to serve a dedicated image scanner

6. Which container image scan is constructed correctly?

twistcii images scan -docker-address https://us-west1 cloud twistlock com/us-3-123456?89 myimage/latest

twistcli images scan ―address https //us-west1 cloud twistlock com/us-3-123456789 - container myimage/latest

twistcii images scan ―address https7/us-west1 cloud.twistlockxom/us-3-123456789 myimage/latest

twistcli images scan ―address https://us-west1. cloud.twistlock.com/us-3-123456789 - container myimage/latest -details

7. A DevOps lead reviewed some system logs and notices some odd behavior that could be a data exfiltration attempt. The DevOps lead only has access to vulnerability data in Prisma Cloud Compute, so the DevOps lead passes this information to SecOps

Which pages in Prisma Cloud Compute can the SecOps lead use to investigate the runtime aspects of this attack?

The SecOps lead should use the Incident Explorer page and Monitor > Events > Container Audits

The SecOps lead should review the vulnerability scans in the CI/CD process to determine blame

The SecOps lead should investigate the attack using Vulnerability Explorer and Runtime Radar

The SecOps lead should use Incident Explorer and Compliance Explorer.

8. A customer has a requirement to scan serverless functions for vulnerabilities .

Which three settings are required to configure serverless scanning? (Choose three)

Defender Name

Credential

Provider

Console Address

Region

9. Which statement accurately characterizes SSO Integration on Prisma Cloud?

Prisma Cloud supports IdP initiated SS

and its SAML endpoint supports the POST and GET methods

An administrator can configure different Identity Providers (IdP) for all the cloud accounts that Prisma Cloud monitors.

Okta, Azure Active Directory. PingID, and others are supported via SAML

An administrator who needs to access the Prisma Cloud API can use SSO after configuration.

10. The development team wants to fail CI jobs where a specific CVE is contained within the image .

How should the development team configure the pipeline or policy to produce this outcome?

Set the specific CVE exception as an option using the magic string in the Console.

Set the specific CVE exception in Console's CI policy.

Set the specific CVE exception as an option in Defender running the scan.

Set the specific CVE exception as an option in Jenkins or twistcli.

Page 2 of 2

11. What is the behavior of Defenders when the Console is unreachable during upgrades?

Defenders will fail open until the web-socket can be reestablished.

Defenders will fail closed until the web-socket can be re-established

Defenders continue to alert, but not enforce, using the policies and settings most recently cached before upgrading the Console.

Defenders continue to alert and enforce using the policies and settings most recently cached before upgrading the Console.

12. A customer has Prisma Cloud Enterprise and host Defenders deployed

What are two options that allow an administrator to upgrade Defenders'? (Choose two )

generate a new DaemonSet file

auto deploy the Lambda Defender

click the update button in the web-interface

with auto-upgrade, the host Defender will auto-upgrade.

13. Create an Alert rule