nerdexam
ExamsPCCSEQuestions#249
Palo_Alto_NetworksPalo_Alto_Networks

PCCSE · Question #249

PCCSE Question #249: Real Exam Question with Answer & Explanation

Sign in or unlock PCCSE to reveal the answer and full explanation for question #249. The question stem and answer options stay visible for context.

Prisma Cloud Platform

Question

Which RQL query is used to detect certain high-risk activities executed by a root user in AWS?

Options

  • Aevent from cloud.audit_logs where operation IN ( 'ChangePassword', 'ConsoleLogin',
  • Bevent from cloud.security_logs where operation IN ( 'ChangePassword', 'ConsoleLogin',
  • Cconfig from cloud.audit_logs where operation IN ( 'ChangePassword', 'ConsoleLogin',
  • Devent from cloud.audit_logs where Risk.Level = 'high' AND user = 'root'

Unlock PCCSE to see the answer

You've previewed enough free PCCSE questions. Unlock PCCSE for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.

Unlock PCCSE - $49.99 / 30 daysSign in

Topics

#RQL#Cloud Auditing#AWS Security#Prisma Cloud
Full PCCSE PracticeBrowse All PCCSE Questions