Palo Alto Networks PCCSE Exam Practice Test Instant Access

Question 1

Which container image scan is constructed correctly?

Atwistcli images scan --docker-address https://us-west1.cloud.twistlock.com/us-3-123456789 myimage/ latest

Btwistcli images scan --address https://us-west1.cloud.twistlock.com/us-3-123456789 myimage/latest

Ctwistcli images scan --address https://us-west1.cloud.twistlock.com/us-3-123456789 --container myimage/ latest

Dtwistcli images scan --address https://us-west1.cloud.twistlock.com/us-3-123456789 --container myimage/ latest --details

Answer : B

The correct construction for scanning a container image using the TwistCLI tool in Prisma Cloud is option B. This command specifies the address of the Prisma Cloud Console and the image to be scanned, including its tag. The TwistCLI tool is part of Prisma Cloud's capabilities to integrate security into the CI/CD pipeline, allowing for the scanning of images for vulnerabilities as part of the build process, thus ensuring that only secure images are deployed.

Question 2

Which two filters are available in the SecOps dashboard? (Choose two.)

ATime range

BAccount Groups

CService Name

DCloud Region

Answer : A, B

In the SecOps dashboard of a cloud security platform like Prisma Cloud, filters such as Time range and Account Groups are essential for narrowing down the data or security alerts based on specific time periods or organizational structures. The Time range filter allows users to view incidents or compliance data for a particular timeframe, facilitating trend analysis and focusing on recent events. The Account Groups filter enables the segregation of data based on different cloud accounts or organizational units, making it easier for security teams to manage and prioritize security tasks according to the business structure or cloud architecture.

Question 3

Who can access saved searches in a cloud account?

AAdministrators

BUsers who can access the tenant

CCreators

DAll users with whom the saved search has been shared

Answer : A

Saved Searches has list of search queries saved by any Prisma Cloud administrator.

https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/manage-prisma-cloud-administrators/prisma-cloud-admin-permissions

According to the official Palo Alto Networks documentation, saved searches in a cloud account are managed by administrators. This aligns with the principle that administrative privileges are typically required to manage access to saved searches and other similar resources within cloud platforms. Administrators have the capability to control who can access various resources, ensuring that only authorized users can view or modify saved searches. This is a common security measure to prevent unauthorized access and potential data breaches.

Question 4

Which two attributes of policies can be fetched using API? (Choose two.)

Apolicy label

Bpolicy signature

Cpolicy mode

Dpolicy violation

Answer : A, C

Using the Prisma Cloud API, users can fetch various attributes of policies, including the policy label (Option A) and policy mode (Option C). The policy label helps in categorizing and organizing policies, while the policy mode determines how the policy is enforced (e.g., alert, enforce). The policy signature (Option B) is not a standard attribute exposed via the API for fetching, as it relates more to the internal identification and handling of policies. The policy violation (Option D) is an outcome or event resulting from a policy breach, not an attribute of the policy itself that can be fetched via the API.

Question 5

An administrator has added a Cloud account on Prisma Cloud and then deleted it.

What will happen if the deleted account is added back on Prisma Cloud within a 24-hour period?

ANo alerts will be displayed.

BExisting alerts will be displayed again.

CNew alerts will be generated.

DExisting alerts will be marked as resolved.

Answer : B

When an administrator adds a Cloud account to Prisma Cloud and then deletes it, if the deleted account is added back to Prisma Cloud within a 24-hour period, the existing alerts associated with that account will be displayed again. This behavior ensures continuity in monitoring and alerting, allowing security teams to retain visibility into potential security issues or compliance violations associated with the cloud account. Re-displaying existing alerts helps maintain a consistent security posture and ensures that no critical alerts are overlooked during the re-addition process.

https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/manage-prisma-cloud-alerts/view-respond-to-prisma-cloud-alerts

Question 6

Given this information:

The Console is located at https://prisma-console.mydomain.local The username is: cluster

The password is: password123

The image to scan is: myimage:latest

Which twistcli command should be used to scan a Container for vulnerabilities and display the details about each vulnerability?

Atwistcli images scan --console-address https://prisma-console.mydomain.local -u cluster -p password123 -- details myimage:latest

Btwistcli images scan --console-address prisma-console.mydomain.local -u cluster -p password123 -- vulnerability-details myimage:latest

Ctwistcli images scan --address prisma-console.mydomain.local -u cluster -p password123 --vulnerability- details myimage:latest

Dtwistcli images scan --address https://prisma-console.mydomain.local -u cluster -p password123 --details myimage:latest

Answer : D

https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/tools/twistcli_scan_images

Question 7

Taking which action will automatically enable all severity levels?

ANavigate to Settings > Enterprise Settings and enable all severity levels in the alarm center.

BNavigate to Policies > Settings and enable all severity levels in the alarm center.

CNavigate to Settings > Enterprise Settings and ensure all severity levels are checked under 'auto-enable default policies.

DNavigate to Policies > Settings and ensure all severity levels are checked under 'auto-enable default policies.

Answer : D

In Prisma Cloud, to automatically enable all severity levels for alerts, a user would need to navigate to the Policies section, then to Settings. Within this area, there is an option for 'auto-enable default policies,' which, when checked for all severity levels, ensures that any default policies related to those severities are automatically activated. This is a configuration setting that streamlines the alerting process by ensuring that all relevant severity levels are covered by the default policies without the need for manual intervention.

https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/prisma-cloud-policies/manage-prisma-cloud-policies

Step 1- To enable global settings for Prisma Cloud default policies click 'Settings' and select 'Enterprise Settings' Step 2- To enable policies based on severity, select Auto enable new default policies of the type---Critical, High, Medium, Low or Informational.

Palo Alto Networks PCCSE Prisma Certified Cloud Security Engineer Exam Practice Test