The attempted bytes count displays?
A customer has a development environment with 50 connected Defenders. A maintenance window is set for Monday to upgrade 30 stand-alone Defenders in the development environment, but there is no maintenance window available until Sunday to upgrade the remaining 20 stand-alone Defenders.
Which recommended action manages this situation?
Which order of steps map a policy to a custom compliance standard?
(Drag the steps into the correct order of occurrence, from the first step to the last.)
A customer has a requirement to terminate any Container from image topSecret:latest when a process named ransomWare is executed.
How should the administrator configure Prisma Cloud Compute to satisfy this requirement?
What is the order of steps to create a custom network policy?
(Drag the steps into the correct order of occurrence, from the first step to the last.)
Which type of compliance check is available for rules under Defend > Compliance > Containers and Images > CI?
Which two attributes are required for a custom config RQL? (Choose two.)
An administrator needs to detect and alert on any activities performed by a root account.
Which policy type should be used?
Which ROL query is used to detect certain high-risk activities executed by a root user in AWS?
On which cloud service providers can new API release information for Prisma Cloud be received?
An S3 bucket within AWS has generated an alert by violating the Prisma Cloud Default policy “AWS S3 buckets are accessible to public”. The policy definition follows:
config where cloud.type = 'aws' AND api.name='aws-s3api-get-bucket-acl' AND json.rule="((((acl.grants[? (@.grantee=='AllUsers')] size > 0) or policyStatus.isPublic is true) and publicAccessBlockConfiguration does not exist) or ((acl.grants[?(@.grantee=='AllUsers')] size > 0) and publicAccessBlockConfiguration.ignorePublicAcis is false) or (policyStatus.isPublic is true and publicAccessBlockConfiguration.restrictPublicBuckets is false)) and websiteConfiguration does not exist"
Why did this alert get generated?
Which categories does the Adoption Advisor use to measure adoption progress for Cloud Security Posture Management?
Which file extension type is supported for Malware scanning in Prisma Cloud Data Security (PCDS)?
Given an existing ECS Cluster, which option shows the steps required to install the Console in Amazon ECS?
An administrator for Prisma Cloud needs to obtain a graphical view to monitor all connections, including connections across hosts and connections to any configured network objects.
Which setting does the administrator enable or configure to accomplish this task?
The Prisma Cloud administrator has configured a new policy.
Which steps should be used to assign this policy to a compliance standard?
A Prisma Cloud Administrator onboarded an AWS cloud account with agentless scanning enabled successfully to Prisma Cloud. Which item requires deploying defenders to be able to inspect the risk on the onboarded AWS account?
A customer has serverless functions that are deployed in multiple clouds.
Which serverless cloud provider is covered be “overly permissive service access” compliance check?
What is required for Prisma Cloud to successfully execute auto-remediation commands?
A customer has configured the JIT, and the user created by the process is trying to log in to the Prisma Cloud console. The user encounters the following error message:
What is the reason for the error message?
An administrator sees that a runtime audit has been generated for a host. The audit message is:
“Service postfix attempted to obtain capability SHELL by executing /bin/sh /usr/libexec/postfix/postfix- script.stop. Low severity audit, event is automatically added to the runtime model”
Which runtime host policy rule is the root cause for this runtime audit?
A customer has multiple violations in the environment including:
User namespace is enabled
An LDAP server is enabled
SSH root is enabled
Which section of Console should the administrator use to review these findings?
Which two bot categories belong to unknown bots under Web-Application and API Security (WAAS) bot protection? (Choose two.)
What is the function of the external ID when onboarding a new Amazon Web Services (AWS) account in Prisma Cloud?
Which serverless cloud provider is covered by the "overly permissive service access" compliance check?
Given a default deployment of Console, a customer needs to identify the alerted compliance checks that are set by default.
Where should the customer navigate in Console?
A manager informs the SOC that one or more RDS instances have been compromised and the SOC needs to make sure production RDS instances are NOT publicly accessible.
Which action should the SOC take to follow security best practices?
Given this information:
The Console is located at The username is: cluster
The password is: password123
The image to scan is: myimage:latest
Which twistcli command should be used to scan a Container for vulnerabilities and display the details about each vulnerability?
Which two proper agentless scanning modes are supported with Prisma Cloud? (Choose two).
Which action must be taken to enable a user to interact programmatically with the Prisma Cloud APIs and for a nonhuman entity to be enabled for the access keys?
Prisma Cloud supports which three external systems that allow the import of vulnerabilities and provide additional context on risks in the cloud? (Choose three.)
Given the following RQL:
event from cloud.audit_logs where operation IN (‘CreateCryptoKey’, ‘DestroyCryptoKeyVersion’, ‘v1.compute.disks.createSnapshot’)
Which audit event snippet is identified?
A)
B)
C)
D)
Which three options are selectable in a CI policy for image scanning with Jenkins or twistcli? (Choose three.)
An administrator wants to enforce a rate limit for users not being able to post five (5) .tar.gz files within five (5) seconds.
What does the administrator need to configure?
A customer wants to monitor its Amazon Web Services (AWS) accounts via Prisma Cloud, but only needs the resource configuration to be monitored at present.
Which two pieces of information are needed to onboard this account? (Choose two.)
Which method should be used to authenticate to Prisma Cloud Enterprise programmatically?
Which three types of buckets exposure are available in the Data Security module? (Choose three.)
When configuring SSO how many IdP providers can be enabled for all the cloud accounts monitored by Prisma Cloud?
Given the following JSON query:
$.resource[*].aws_s3_bucket exists
Which tab is the correct place to add the JSON query when creating a Config policy?
Which three public cloud providers are supported for VM image scanning? (Choose three.)
Which two services require external notifications to be enabled for policy violations in the Prisma Cloud environment? (Choose two.)
What factor is not used in calculating the net effective permissions for a resource in AWS?
What are two alarm types that are registered after alarms are enabled? (Choose two.)
A customer wants to be notified about port scanning network activities in their environment. Which policy type detects this behavior?
A Systems Engineer is the administrator of a self-hosted Prisma Cloud console. They upgraded the console to the latest version. However, after the upgrade, the console does not show all the policies configured. Before they upgraded the console, they created a backup manually and exported it to a local drive. Now they have to install a Prisma Cloud to restore from the backup that they manually created. Which Prisma Cloud version can they can restore with the backup?
The Compute Console has recently been upgraded, and the administrator plans to delay upgrading the Defenders and the Twistcli tool until some of the team’s resources have been rescaled. The Console is currently one major release ahead.
What will happen as a result of the Console upgrade?
Where can Defender debug logs be viewed? (Choose two.)
Which RQL query type is invalid?
Which step should a SecOps engineer implement in order to create a network exposure policy that identifies instances accessible from any untrusted internet sources?
In WAAS Access control file upload controls, which three file types are supported out of the box? (Choose three.)
How many CLI remediation commands can be added in a custom policy sequence?
Which two integrations enable ingesting host findings to generate alerts? (Choose two.)
What must be created in order to receive notifications about alerts generated when the operator is away from the Prisma Cloud Console?
What is the order of steps in a Jenkins pipeline scan?
(Drag the steps into the correct order of occurrence, from the first step to the last.)
Which two information types cannot be seen in the data security dashboard? (Choose two).
Which three types of runtime rules can be created? (Choose three.)
Which two integrated development environment (IDE) plugins are supported by Prisma Cloud as part of its Code Security? (Choose two.)
A customer is interested in PCI requirements and needs to ensure that no privilege containers can start in the environment.
Which action needs to be set for “do not use privileged containers”?
The development team wants to block Cross Site Scripting attacks from pods in its environment. How should the team construct the CNAF policy to protect against this attack?
Which alert deposition severity must be chosen to generate low and high severity alerts in the Anomaly settings when user wants to report on an unknown browser and OS, impossible time travel, or both due to account hijacking attempts?
Which two statements apply to the Defender type Container Defender - Linux?
A customer has a requirement to scan serverless functions for vulnerabilities.
Which three settings are required to configure serverless scanning? (Choose three.)
What are two built-in RBAC permission groups for Prisma Cloud? (Choose two.)
Which three incident types will be reflected in the Incident Explorer section of Runtime Defense? (Choose three.)
What are the three states of the Container Runtime Model? (Choose three.)
A Prisma Cloud administrator is tasked with pulling a report via API. The Prisma Cloud tenant is located on app2.prismacloud.io.
What is the correct API endpoint?
Put the steps of integrating Okta with Prisma Cloud in the right order in relation to CIEM or SSO okra integration.
A business unit has acquired a company that has a very large AWS account footprint. The plan is to immediately start onboarding the new company’s AWS accounts into Prisma Cloud Enterprise tenant immediately. The current company is currently not using AWS Organizations and will require each account to be onboarded individually.
The business unit has decided to cover the scope of this action and determined that a script should be written to onboard each of these accounts with general settings to gain immediate posture visibility across the accounts.
Which API endpoint will specifically add these accounts into the Prisma Cloud Enterprise tenant?
The security auditors need to ensure that given compliance checks are being run on the host. Which option is a valid host compliance policy?
Which action would be applicable after enabling anomalous compute provisioning?
Which two CI/CD plugins are supported by Prisma Cloud as part of its DevOps Security? (Choose two.).
Which option shows the steps to install the Console in a Kubernetes Cluster?
What is the frequency to create a compliance report? (Choose two.)
Review this admission control policy:
match[{"msg": msg}] { input.request.operation == "CREATE" input.request.kind.kind == "Pod" input.request.resource.resource == "pods"
input.request.object.spec.containers[_].securityContext.privileged msg := "Privileged"
}
Which response to this policy will be achieved when the effect is set to “block”?
How are the following categorized?
Backdoor account access Hijacked processes Lateral movement
Port scanning