PCCSE Practice Questions

Given an existing ECS Cluster, which option shows the steps required to install the Console in Amazon ECS?

Which options show the steps required after upgrade of Console?

The compliance team needs to associate Prisma Cloud policies with compliance frameworks. Which option should the team select to perform this task?

The administrator wants to review the Console audit logs from within the Console. Which page in the Console should the administrator use to review this data, if it can be reviewed...

The security team wants to target a CMAF policy for specific running Containers. How should the administrator scope the policy to target the Containers?

A customer wants to turn on Auto Remediation. Which policy type has the built-in CLI command for remediation?

Which authentication mechanism is supported by Prisma Cloud?

Which method should be used to authenticate to Prisma Cloud Enterprise programmatically?

Where do you install an app-embedded Defender?

How do you deploy a host Defender on Windows?

In Prisma Cloud Compute, what is the default HTTPS port for the Console?

A customer is interested in PCI requirements and needs to ensure that no privilege containers can start in the environment. Which action needs to be set for "do not use privileged...

Which "kind" of Kubernetes object that is configured to ensure that Defender is acting as the admission controller?

Which option identifies the Prisma Cloud Compute Edition?

A customer has a requirement to terminate any Container from image topSecret:latest when a process named ransomWare is executed How should the administrator configure Prisma Cloud...

Which statement is true about obtaining Console images for Prisma Cloud Compute Edition'?

Which option shows the steps to install the Console in a Kubernetes Cluster?

Which three types of bucket exposure are available in the Data Security module? (Choose three.)

Given this information: - The Console is located at https://prisma-console.mydomain.local - The username is: cluster - The password is: password123 - The image to scan is: myimage:...

What is the maximum idle timeout without using a custom value?

Which command do you use to install a container Defender on Linux?

Which statement accurately characterizes SSO Integration on Prisma Cloud?

A customer has Defenders connected to Prisma Cloud Enterprise. The Defenders are deployed as a DaemonSet in OpenShift. How should the administrator get a report of vulnerabilities...

A Prisma Cloud administrator is tasked with pulling a report via API. The Prisma Cloud tenant is located on app2.pnsmacfoudjo. What is the correct API endpoint?

Which container image scan is constructed correctly?

The security auditors need to ensure that given compliance checks are being run on the host. Which option is a valid host compliance policy?

Which two processes ensure that builds can function after a Console upgrade? (Choose two )

The InfoSec team wants to be notified via email each time a Security Group is misconfigured, Which Prisma Cloud tab should you choose to complete this request?

Which intensity setting for anomaly alerts is used for the measurement of 100 events over 30 days?

Review this admission control policy: match[{"msg": msg}] { input.request.operation == "CREATE" input.request.kind.kind == "Pod" input.request.resource.resource == "pods" input.req...

The security team wants to protect a web application container from an SQLi attack. Which type of policy should the administrator create to protect the container?

A customer is deploying Defenders to a Fargate environment It wants to understand the vulnerabilities in the images it is deploying. How should the customer automate vulnerability...

A security team notices a number of anomalies under Monitor > Events. The incident response team works with the developers to determine that these anomalies are false positives. Wh...

An administrator sees that a runtime audit has been generated for a host. The audit message is: 'Service postfix attempted to obtain capability SHELL by executing /bin/sh /usr/libe...

If a Docker image raises a high severity compliance concern, what is the first digit of the compliance ID?

The TCP listener setting in a Docker Defender running on Linux allows the Defender to function as what?

A customer wants to be notified about port scanning network activities in their environment. Which policy type detects this behavior?

A customer wants to harden its environment from misconfiguration. Prisma Cloud Compute Compliance enforcement for hosts covers which three options? (Choose three.)

A customer has a large environment that needs to upgrade Console without upgrading all Defenders at one time. What are two prerequisites prior to performing a rolling upgrade of De...

A DevOps lead reviewed some system logs and notices some odd behavior that could be a data exfiltration attempt The DevOps lead only has access to vulnerability data in Prisma Clou...

What are two ways to scan container images in Jenkins pipelines? (Choose two )

Per security requirements, an administrator needs to provide a list of people who are receiving e- mails for Prisma Cloud alerts. Where can the administrator locate this list of e-...

Which port should a security team use to pull data from Console's API?

Which statement about build and run policies is true?

A customer has a development environment with 50 connected Defenders. A maintenance window is set for Monday to upgrade 30 stand-alone Defenders in the development environment, but...

A customer has configured the JIT, and the user created by the process is trying to log in to the Prisma Cloud console. The user encounters the following error message: What is the...

What are the two ways to scope a CI policy for image scanning? (Choose two.)

Which policy type in Prisma Cloud can protect against malware?

If you are required to run in an air-gapped environment, which product should you install?

What is the maximum number of access keys a user can generate in Prisma Cloud with a System Admin role?