PCCSE · Question #55
The security team wants to target a CMAF policy for specific running Containers. How should the administrator scope the policy to target the Containers?
The correct answer is A. scope the policy to Image names. In Prisma Cloud Compute, Container Model Anomaly Framework (CMAF) and container runtime policies are scoped using image names, because a running container's identity is defined by its image. Scoping to image names (e.g., 'nginx:latest') ensures the policy applies to all container
Question
The security team wants to target a CMAF policy for specific running Containers. How should the administrator scope the policy to target the Containers?
Options
- Ascope the policy to Image names
- Bscope the policy to namespaces
- Cscope the policy to Defender names.
- Dscope the policy to Host names
How the community answered
(38 responses)- A76% (29)
- B16% (6)
- C3% (1)
- D5% (2)
Explanation
In Prisma Cloud Compute, Container Model Anomaly Framework (CMAF) and container runtime policies are scoped using image names, because a running container's identity is defined by its image. Scoping to image names (e.g., 'nginx:latest') ensures the policy applies to all containers spawned from that image. Scoping to namespaces (B) is a Kubernetes-level concept not directly used for CMAF scoping. Defender names (C) identify the host agent, not the workload. Host names (D) scope host-level policies, not container-level policies.
Topics
Community Discussion
No community discussion yet for this question.