nerdexam
Palo_Alto_Networks

PCCSE · Question #55

The security team wants to target a CMAF policy for specific running Containers. How should the administrator scope the policy to target the Containers?

The correct answer is A. scope the policy to Image names. In Prisma Cloud Compute, Container Model Anomaly Framework (CMAF) and container runtime policies are scoped using image names, because a running container's identity is defined by its image. Scoping to image names (e.g., 'nginx:latest') ensures the policy applies to all container

Container Security

Question

The security team wants to target a CMAF policy for specific running Containers. How should the administrator scope the policy to target the Containers?

Options

  • Ascope the policy to Image names
  • Bscope the policy to namespaces
  • Cscope the policy to Defender names.
  • Dscope the policy to Host names

How the community answered

(38 responses)
  • A
    76% (29)
  • B
    16% (6)
  • C
    3% (1)
  • D
    5% (2)

Explanation

In Prisma Cloud Compute, Container Model Anomaly Framework (CMAF) and container runtime policies are scoped using image names, because a running container's identity is defined by its image. Scoping to image names (e.g., 'nginx:latest') ensures the policy applies to all containers spawned from that image. Scoping to namespaces (B) is a Kubernetes-level concept not directly used for CMAF scoping. Defender names (C) identify the host agent, not the workload. Host names (D) scope host-level policies, not container-level policies.

Topics

#Container Security Policy#Prisma Cloud Compute#Policy Scoping#Container Images

Community Discussion

No community discussion yet for this question.

Full PCCSE Practice