Question No : 1
A customer is interested in PCI requirements and needs to ensure that no privilege containers can start in the environment.
Which action needs to be set for “do not use privileged containers”?

• A.Prevent
• B.Alert
• C.Block
• D.Fail

Show Answers

Answer:
Explanation:
Block―Defender stops the entire container if a process that violates your policy attempts to run.
https://docs.prismacloudcompute.com/docs/enterprise_edition/runtime_defense/runtime_defense_containers.html#_effect

Question No : 2
The security team wants to enable the “block” option under compliance checks on the host.
What effect will this option have if it violates the compliance check?

• A.The host will be taken offline.
• B.Additional hosts will be prevented form starting.
• C.Containers on a host will be stopped.
• D.No containers will be allowed to start on that host.

Show Answers

Answer:
Explanation:
Reference: https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/runtime_defense/runtime_defense_containers.html

Question No : 3
Which two of the following are required to be entered on the IdP side when setting up SSO in Prisma Cloud? (Choose two.)

• A.Username
• B.SSO Certificate
• C.Assertion Consumer Service (ACS) URL
• D.SP (Service Provider) Entity ID

Show Answers

Answer:
Explanation:
Reference: https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/manage-prisma-cloud-administrators/setup-sso-integration-on-prisma-cloud.html

Question No : 4
Which port should a security team use to pull data from Console’s API?

• A.53
• B.25
• C.8084
• D.8083

Show Answers

Answer:

Question No : 5
A customer has a requirement to terminate any Container from image topSecret:latest when a process named ransomWare is executed.
How should the administrator configure Prisma Cloud Compute to satisfy this requirement?

• A.set the Container model to manual relearn and set the default runtime rule to block for process protection.
• B.set the Container model to relearn and set the default runtime rule to prevent for process protection.
• C.add a new runtime policy targeted at a specific Container name, add ransomWare process into the denied process list, and set the action to “prevent”.
• D.choose “copy into rule” for the Container, add a ransomWare process into the denied process list, and set the action to “block”.

Show Answers

Answer:

Question No : 6
Given this information:
The Console is located at https://prisma-console.mydomain.local The username is: cluster
The password is: password123
The image to scan is: myimage:latest
Which twistcli command should be used to scan a Container for vulnerabilities and display the details about each vulnerability?

• A.twistcli images scan --console-address https://prisma-console.mydomain.local -u cluster -p password123 -- details myimage:latest
• B.twistcli images scan --console-address prisma-console.mydomain.local -u cluster -p password123 -- vulnerability-details myimage:latest
• C.twistcli images scan --address prisma-console.mydomain.local -u cluster -p password123 --vulnerability- details myimage:latest
• D.twistcli images scan --address https://prisma-console.mydomain.local -u cluster -p password123 --details myimage:latest

Show Answers

Answer:

Question No : 7
Which two filters are available in the SecOps dashboard? (Choose two.)

• A.Time range
• B.Account Groups
• C.Service Name
• D.Cloud Region

Show Answers

Answer:

Question No : 8
A customer is deploying Defenders to a Fargate environment. It wants to understand the vulnerabilities in the image it is deploying.
How should the customer automate vulnerability scanning for images deployed to Fargate?

• A.Set up a vulnerability scanner on the registry
• B.Embed a Fargate Defender to automatically scan for vulnerabilities
• C.Designate a Fargate Defender to serve a dedicated image scanner
• D.Use Cloud Compliance to identify misconfigured AWS accounts

Show Answers

Answer:
Explanation:
Reference: https://blog.paloaltonetworks.com/prisma-cloud/securing-aws-fargate-tasks/

Question No : 9
Which field is required during the creation of a custom config query?

• A.resource status
• B.api.name
• C.finding.type
• D.cloud.type

Show Answers

Answer:

Question No : 10
An administrator has been tasked with a requirement by your DevSecOps team to write a script to continuously query programmatically the existing users, and the user’s associated permission levels, in a Prisma Cloud Enterprise tenant.
Which public documentation location should be reviewed to help determine the required attributes to carry out this step?

• A.Prisma Cloud Administrator’s Guide (Compute)
• B.Prisma Cloud API Reference
• C.Prisma Cloud Compute API Reference
• D.Prisma Cloud Enterprise Administrator’s Guide

Show Answers

Answer:
Explanation:
Reference: https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin.html