PDF PCCSE Study Guide

Prisma Cloud supports different scanning modes for its agentless scanning feature. Based on the context of cloud environments and typical terminology used in Prisma Cloud documentation, "Spoke Account Mode" and "Hub Account Mode" are plausible modes supported for agentless scanning. These modes allow for the extension of scanning capabilities across multiple accounts, with 'Spoke' typically referring to linked accounts and 'Hub' referring to the central account in a hub-and-spoke architecture. Hence, the correct answers are A and B.

To enable a user to interact programmatically with Prisma Cloud APIs and for a nonhuman entity to access keys, the correct action is to create a role and assign it to the Service Account (D). Service accounts in Prisma Cloud are designed for programmatic access by applications or automated tools, allowing these entities to interact with Prisma Cloud APIs securely. By creating a specific role with the necessary permissions and assigning it to a service account, administrators can ensure that the entity has the appropriate level of access required for its operations, aligning with the principle of least privilege and enhancing the security posture of API interactions.

Prisma Cloud integrates with various external systems to enhance its security capabilities by importing vulnerabilities and providing additional context. Among the options provided:

• A. Splunk: Prisma Cloud can integrate with Splunk for enhanced threat detection and security analytics, making it a correct choice.
• B. Amazon GuardDuty: Prisma Cloud can utilize findings from Amazon GuardDuty to provide additional threat intelligence and context on vulnerabilities within AWS environments, making it a correct choice.
• E. ServiceNow: Prisma Cloud can integrate with ServiceNow for incident management and workflow automation, providing context and remediation capabilities for vulnerabilities, making it a correct choice. Options C (Qualys) and D (Amazon Inspector) are not explicitly mentioned in the provided documents as integrated external systems for importing vulnerabilities into Prisma Cloud.

The given RQL (Resource Query Language) query is looking for specific audit events related to cryptographic key actions and snapshot creation. The snippet that matches this query is Option C, which contains the statement indicating permissions that allow any action ("Action": "*") and the reference to the version date "2012-10-17" that corresponds to the policy within the audit log.

This can be cross-referenced with cloud provider documentation, such as AWS CloudTrail or Google Cloud Audit Logs, which record user activities and API usage. The RQL provided would be used in a CSPM tool to query these audit logs for the specified events.