PCCSE · Question #33
A S3 bucket within AWS has generated an alert by violating the Prisma Cloud Default policy "AWS S3 buckets are accessible to public" The policy definition follows: config where cloud type = 'aws' AND
The correct answer is C. configuration of the S3 bucket. The policy uses 'config where' in its RQL definition, which means it is a configuration policy. Configuration policies detect alerts based on the current state and configuration of cloud resources - in this case, the S3 bucket's ACL grants, policy status, and public access block
Question
Options
- Aanomalous behaviors
- Bnetwork traffic to the S3 bucket
- Cconfiguration of the S3 bucket
- Dan event within the cloud account
How the community answered
(30 responses)- A7% (2)
- B3% (1)
- C90% (27)
Explanation
The policy uses 'config where' in its RQL definition, which means it is a configuration policy. Configuration policies detect alerts based on the current state and configuration of cloud resources - in this case, the S3 bucket's ACL grants, policy status, and public access block settings. It does not trigger on anomalous behavior (A), network traffic (B), or audit/event logs (D). The 'config where' clause explicitly indicates the alert was generated due to a misconfiguration of the S3 bucket's access settings.
Topics
Community Discussion
No community discussion yet for this question.