PCCSE · Question #62
A customer is interested in PCI requirements and needs to ensure that no privilege containers can start in the environment. Which action needs to be set for "do not use privileged containers?
The correct answer is D. Block. For PCI DSS compliance, ensuring privileged containers cannot start requires a 'Block' action, not just alerting. In Prisma Cloud Compute's runtime and admission control policies, 'Block' actively prevents the container from being created or started when the condition is violated
Question
A customer is interested in PCI requirements and needs to ensure that no privilege containers can start in the environment. Which action needs to be set for "do not use privileged containers?
Options
- AAlert
- BPrevent
- CFail
- DBlock
How the community answered
(32 responses)- A6% (2)
- C3% (1)
- D91% (29)
Explanation
For PCI DSS compliance, ensuring privileged containers cannot start requires a 'Block' action, not just alerting. In Prisma Cloud Compute's runtime and admission control policies, 'Block' actively prevents the container from being created or started when the condition is violated (e.g., a container requesting privileged mode). 'Alert' (A) would only log the violation and notify administrators but still allow the container to run - unacceptable for a hard PCI requirement. 'Prevent' (B) and 'Fail' (C) are not standard action types in this context for Prisma Cloud container policies. 'Block' is the enforcement action that enforces a hard stop, which aligns with the PCI requirement that privileged containers must not be allowed to run in the environment.
Topics
Community Discussion
No community discussion yet for this question.