nerdexam
Palo_Alto_Networks

PCCSE · Question #166

Which action must be taken to enable a user to interact programmatically with the Prisma Cloud APIs and for a nonhuman entity to be enabled for the access keys?

The correct answer is D. Create a role and assign it to the Service Account.. For nonhuman entities (such as automation scripts, CI/CD pipelines, or service integrations) that need programmatic access to the Prisma Cloud API, the correct approach is to create a Service Account and assign an appropriate role to it. Service Accounts are designed specifically

Prisma Cloud Platform

Question

Which action must be taken to enable a user to interact programmatically with the Prisma Cloud APIs and for a nonhuman entity to be enabled for the access keys?

Options

  • ACreate a role with System Admin and generate access keys.
  • BCreate a user with a role that has minimal access.
  • CCreate a role with Account Group Read Only and assign it to the user.
  • DCreate a role and assign it to the Service Account.

How the community answered

(24 responses)
  • A
    8% (2)
  • B
    4% (1)
  • C
    4% (1)
  • D
    83% (20)

Explanation

For nonhuman entities (such as automation scripts, CI/CD pipelines, or service integrations) that need programmatic access to the Prisma Cloud API, the correct approach is to create a Service Account and assign an appropriate role to it. Service Accounts are designed specifically for machine-to-machine authentication and can have access keys generated for them without being tied to a human user identity. Option A is incorrect because System Admin privileges are overly broad for principle-of-least-privilege. Option B describes creating a human user account, which is inappropriate for automated/nonhuman access. Option C uses Account Group Read Only which may be insufficient and still targets a human user construct. Service Accounts (D) are the proper nonhuman entity construct in Prisma Cloud for API access.

Topics

#Prisma Cloud API#Service Accounts#Programmatic Access#Role-Based Access Control

Community Discussion

No community discussion yet for this question.

Full PCCSE Practice