nerdexam
Palo_Alto_Networks

PCCSE · Question #76

The security auditors need to ensure that given compliance checks are being run on the host. Which option is a valid host compliance policy?

The correct answer is A. Ensure compliant Docker daemon configuration. Host compliance policies in Prisma Cloud Compute target the underlying host OS and its Docker daemon configuration. 'Ensure compliant Docker daemon configuration' (A) is a legitimate host-level CIS benchmark check that verifies the Docker daemon is running with secure settings. A

Container Security

Question

The security auditors need to ensure that given compliance checks are being run on the host. Which option is a valid host compliance policy?

Options

  • AEnsure compliant Docker daemon configuration
  • BEnsure functions are not overly permissive.
  • CEnsure images are created with a non-root user
  • DEnsure host devices are not directly exposed to containers.

How the community answered

(29 responses)
  • A
    86% (25)
  • B
    3% (1)
  • C
    3% (1)
  • D
    7% (2)

Explanation

Host compliance policies in Prisma Cloud Compute target the underlying host OS and its Docker daemon configuration. 'Ensure compliant Docker daemon configuration' (A) is a legitimate host-level CIS benchmark check that verifies the Docker daemon is running with secure settings. Answer B ('Ensure functions are not overly permissive') applies to serverless function policies. Answer C ('Ensure images are created with a non-root user') is an image or container compliance check, not a host-level one. Answer D ('Ensure host devices are not directly exposed to containers') is a container runtime compliance check, not a host compliance policy.

Topics

#Host Security#Container Security#Docker Daemon#Compliance

Community Discussion

No community discussion yet for this question.

Full PCCSE Practice