nerdexam
Palo_Alto_Networks

PCCSE · Question #241

Which resources can be added in scope while creating a vulnerability policy for continuous integration?

The correct answer is B. Images and labels. When creating a vulnerability policy for continuous integration (CI) in Prisma Cloud, the scope can be defined using images and labels.

Container Security

Question

Which resources can be added in scope while creating a vulnerability policy for continuous integration?

Options

  • AImages and cluster
  • BImages and labels
  • CImages and containers
  • DLabels and AccountID

How the community answered

(38 responses)
  • A
    3% (1)
  • B
    95% (36)
  • C
    3% (1)

Why each option

When creating a vulnerability policy for continuous integration (CI) in Prisma Cloud, the scope can be defined using images and labels.

AImages and cluster

Clusters are a runtime compute resource and are not a valid scope dimension for CI-focused vulnerability policies, which target build-time artifacts.

BImages and labelsCorrect

CI vulnerability policies in Prisma Cloud are scoped to container images, and labels are used as metadata selectors to refine which images fall within the policy's scope. Images are the primary artifact scanned during CI pipelines, and labels allow teams to target specific image groups - such as by environment, team, or application - without enumerating individual image names. This combination provides both the resource type and the filtering mechanism needed for precise CI policy scoping.

CImages and containers

Containers are running instances and are scoped in runtime policies, not in CI vulnerability policies that target images before deployment.

DLabels and AccountID

AccountID is used for scoping cloud account-level policies, not for CI vulnerability policies, which operate at the image and label level.

Concept tested: Prisma Cloud CI vulnerability policy scope configuration

Source: https://docs.prismacloud.io/en/compute-edition/32/admin-guide/vulnerability-management/vulnerability-policies

Topics

#Vulnerability Policy#CI/CD Security#Container Images#Policy Scoping

Community Discussion

No community discussion yet for this question.

Full PCCSE Practice