nerdexam
Palo_Alto_Networks

PCCSE · Question #33

A S3 bucket within AWS has generated an alert by violating the Prisma Cloud Default policy "AWS S3 buckets are accessible to public" The policy definition follows: config where cloud type = 'aws' AND

The correct answer is C. configuration of the S3 bucket. The policy uses 'config where' in its RQL definition, which means it is a configuration policy. Configuration policies detect alerts based on the current state and configuration of cloud resources - in this case, the S3 bucket's ACL grants, policy status, and public access block

Prisma Cloud Platform

Question

A S3 bucket within AWS has generated an alert by violating the Prisma Cloud Default policy "AWS S3 buckets are accessible to public" The policy definition follows: config where cloud type = 'aws' AND api name='aws-s3api-get-bucket-acr AND json.rule="((((acl grants{?(@ grantee='AllUsers')] size > 0) or policyStatusisPubiic is true) and publicAccessBlockConfiguration does not exist) or ((ad.grantsp(@ grantee=='AII Users')] size > 0) and publicAccessBlockConfiguration ignorePubhcAds is false) or (policyStatus isPublic is true and publicAccessBlockConfiguration.restrictPublicBuckets is false)) and websiteConfiguration does not exist" Why did this alert get generated?

Options

  • Aanomalous behaviors
  • Bnetwork traffic to the S3 bucket
  • Cconfiguration of the S3 bucket
  • Dan event within the cloud account

How the community answered

(30 responses)
  • A
    7% (2)
  • B
    3% (1)
  • C
    90% (27)

Explanation

The policy uses 'config where' in its RQL definition, which means it is a configuration policy. Configuration policies detect alerts based on the current state and configuration of cloud resources - in this case, the S3 bucket's ACL grants, policy status, and public access block settings. It does not trigger on anomalous behavior (A), network traffic (B), or audit/event logs (D). The 'config where' clause explicitly indicates the alert was generated due to a misconfiguration of the S3 bucket's access settings.

Topics

#Prisma Cloud Policies#AWS S3 Security#Cloud Misconfiguration

Community Discussion

No community discussion yet for this question.

Full PCCSE Practice