PCCSE · Question #3
A customer is reviewing Container audits, and an audit has identified a cryptominer attack. Which three options could have generated this audit? (Choose three.)
The correct answer is A. The mined currency is associated with a user token. C. High CPU usage over time for the container is detected. D. Common cryptominer port usage was found.. Prisma Cloud detects cryptominer attacks in container audits through behavioral indicators including user token association with mined currency, sustained high CPU usage, and known cryptominer port activity.
Question
A customer is reviewing Container audits, and an audit has identified a cryptominer attack. Which three options could have generated this audit? (Choose three.)
Options
- AThe mined currency is associated with a user token.
- BThe value of the mined currency exceeds $100.
- CHigh CPU usage over time for the container is detected.
- DCommon cryptominer port usage was found.
- ECommon cryptominer process name was found.
How the community answered
(36 responses)- A81% (29)
- B6% (2)
- E14% (5)
Why each option
Prisma Cloud detects cryptominer attacks in container audits through behavioral indicators including user token association with mined currency, sustained high CPU usage, and known cryptominer port activity.
Associating mined currency with a user token is a behavioral indicator that Prisma Cloud uses to identify cryptomining activity tied to a specific identity within the container.
Prisma Cloud does not use a monetary value threshold such as $100 to determine whether a cryptomining attack has occurred - detection is based on behavioral and network indicators, not financial metrics.
Sustained high CPU usage over time is a classic cryptominer behavioral signature that Prisma Cloud runtime defense monitors and flags as an anomaly.
Detection of port usage commonly associated with cryptomining pools is a network-based indicator that triggers a cryptominer audit in Prisma Cloud.
While process name detection is a capability of Prisma Cloud runtime defense, it is not listed among the specific criteria that generate a cryptominer container audit in this context.
Concept tested: Prisma Cloud container cryptominer attack detection indicators
Source: https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/runtime-defense/runtime-audits
Topics
Community Discussion
No community discussion yet for this question.