nerdexam
Palo_Alto_Networks

PCCSE · Question #3

A customer is reviewing Container audits, and an audit has identified a cryptominer attack. Which three options could have generated this audit? (Choose three.)

The correct answer is A. The mined currency is associated with a user token. C. High CPU usage over time for the container is detected. D. Common cryptominer port usage was found.. Prisma Cloud detects cryptominer attacks in container audits through behavioral indicators including user token association with mined currency, sustained high CPU usage, and known cryptominer port activity.

Container Security

Question

A customer is reviewing Container audits, and an audit has identified a cryptominer attack. Which three options could have generated this audit? (Choose three.)

Options

  • AThe mined currency is associated with a user token.
  • BThe value of the mined currency exceeds $100.
  • CHigh CPU usage over time for the container is detected.
  • DCommon cryptominer port usage was found.
  • ECommon cryptominer process name was found.

How the community answered

(36 responses)
  • A
    81% (29)
  • B
    6% (2)
  • E
    14% (5)

Why each option

Prisma Cloud detects cryptominer attacks in container audits through behavioral indicators including user token association with mined currency, sustained high CPU usage, and known cryptominer port activity.

AThe mined currency is associated with a user token.Correct

Associating mined currency with a user token is a behavioral indicator that Prisma Cloud uses to identify cryptomining activity tied to a specific identity within the container.

BThe value of the mined currency exceeds $100.

Prisma Cloud does not use a monetary value threshold such as $100 to determine whether a cryptomining attack has occurred - detection is based on behavioral and network indicators, not financial metrics.

CHigh CPU usage over time for the container is detected.Correct

Sustained high CPU usage over time is a classic cryptominer behavioral signature that Prisma Cloud runtime defense monitors and flags as an anomaly.

DCommon cryptominer port usage was found.Correct

Detection of port usage commonly associated with cryptomining pools is a network-based indicator that triggers a cryptominer audit in Prisma Cloud.

ECommon cryptominer process name was found.

While process name detection is a capability of Prisma Cloud runtime defense, it is not listed among the specific criteria that generate a cryptominer container audit in this context.

Concept tested: Prisma Cloud container cryptominer attack detection indicators

Source: https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/runtime-defense/runtime-audits

Topics

#Container Security#Cryptomining Detection#Runtime Protection#Cloud Auditing

Community Discussion

No community discussion yet for this question.

Full PCCSE Practice