nerdexam
Palo_Alto_Networks

PCCSE · Question #62

A customer is interested in PCI requirements and needs to ensure that no privilege containers can start in the environment. Which action needs to be set for "do not use privileged containers?

The correct answer is D. Block. For PCI DSS compliance, ensuring privileged containers cannot start requires a 'Block' action, not just alerting. In Prisma Cloud Compute's runtime and admission control policies, 'Block' actively prevents the container from being created or started when the condition is violated

Container Security

Question

A customer is interested in PCI requirements and needs to ensure that no privilege containers can start in the environment. Which action needs to be set for "do not use privileged containers?

Options

  • AAlert
  • BPrevent
  • CFail
  • DBlock

How the community answered

(32 responses)
  • A
    6% (2)
  • C
    3% (1)
  • D
    91% (29)

Explanation

For PCI DSS compliance, ensuring privileged containers cannot start requires a 'Block' action, not just alerting. In Prisma Cloud Compute's runtime and admission control policies, 'Block' actively prevents the container from being created or started when the condition is violated (e.g., a container requesting privileged mode). 'Alert' (A) would only log the violation and notify administrators but still allow the container to run - unacceptable for a hard PCI requirement. 'Prevent' (B) and 'Fail' (C) are not standard action types in this context for Prisma Cloud container policies. 'Block' is the enforcement action that enforces a hard stop, which aligns with the PCI requirement that privileged containers must not be allowed to run in the environment.

Topics

#Privileged Containers#Container Security Policy#PCI Compliance#Enforcement Actions

Community Discussion

No community discussion yet for this question.

Full PCCSE Practice