[Nov-2023] PCCSE Free Sample Questions to Practice One Year Update [Q109-Q127]

Rate this post

[Nov-2023] PCCSE Free Sample Questions to Practice One Year Update

Download PCCSE exam with Palo Alto Networks PCCSE Real Exam Questions

QUESTION 109
The Unusual protocol activity (Internal) network anomaly is generating too many alerts. An administrator has been asked to tune it to the option that will generate the least number of events without disabling it entirely.
Which strategy should the administrator use to achieve this goal?

Change the Training Threshold to Low

Disable the policy

Set Alert Disposition to Aggressive

Set the Alert Disposition to Conservative

Section: (none)
Explanation

QUESTION 110
A security team has a requirement to ensure the environment is scanned for vulnerabilities. What are three options for configuring vulnerability policies? (Choose three.)

individual actions based on package type

output verbosity for blocked requests

apply policy only when vendor fix is available

individual grace periods for each severity level

customize message on blocked requests

QUESTION 111
The security team wants to protect a web application container from an SQLi attack? Which type of policy should the administrator create to protect the container?

Compliance

Runtime

CNAF

CNNF

QUESTION 112
Which “kind” of Kubernetes object is configured to ensure that Defender is acting as the admission controller?

MutatingWebhookConfiguration

DestinationRules

ValidatingWebhookConfiguration

PodSecurityPolicies

QUESTION 113
A customer has a requirement to scan serverless functions for vulnerabilities. Which three settings are required to configure serverless scanning? (Choose three )

Defender Name

Credential

Provider

Console Address

Region

QUESTION 114
Given the following JSON query:
$.resource[*].aws_s3_bucket exists
Which tab is the correct place to add the JSON query when creating a Config policy?

Details

Compliance Standards

Build Your Rule (Build tab)

Remediation

Build Your Rule (Run tab)

The JSON query must be added to the “Build Your Rule” section in the “Build” tab when creating a Config policy. The “Build” tab is located under the “Configurations” section in the Config Console. In the “Build” tab, you can add a JSON query in the “Build Your Rule” section, which will allow you to specify which AWS S3 buckets the policy should apply to.

QUESTION 115
An administrator needs to detect and alert on any activities performed by a root account.
Which policy type should be used?

config-build

network

config-run

audit event

To detect and alert on activities performed by a root account, an audit event policy should be used. An audit event policy is a type of policy that can be used to detect suspicious activities or events that may be related to security threats. This type of policy will allow the administrator to monitor and alert on any activities performed by a root account.
https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/prisma-cloud-policies/prisma-cloud-threat-detection

QUESTION 116
An administrator sees that a runtime audit has been generated for a container.
The audit message is:
“/bin/ls launched and is explicitly blocked in the runtime rule. Full command: ls -latr” Which protection in the runtime rule would cause this audit?

Networking

File systems

Processes

Container

QUESTION 117
When an alert notification from the alarm center is deleted, how many hours will a similar alarm be suppressed by default?

QUESTION 118
A customer does not want alerts to be generated from network traffic that originates from trusted internal networks.
Which setting should you use to meet this customer’s request?

Trusted Login IP Addresses

Anomaly Trusted List

Trusted Alert IP Addresses

Enterprise Alert Disposition

Section: (none)
Explanation

QUESTION 119
You are tasked with configuring a Prisma Cloud build policy for Terraform. What type of query is necessary to complete this policy?

CloudFormation

JSON

Terraform

YAML I

QUESTION 120
Which step is included when configuring Kubernetes to use Prisma Cloud Compute as an admission controller?

copy the Console address and set the config map for the default namespace.

create a new namespace in Kubernetes called admission-controller.

enable Kubernetes auditing from the Defend > Access > Kubernetes page in the Console.

copy the admission controller configuration from the Console and apply it to Kubernetes.

QUESTION 121
A Prisma Cloud administrator is onboarding a single GCP project to Prisma Cloud. Which two steps can be performed by the Terraform script? (Choose two.)

enable flow logs for Prisma Cloud.

create the Prisma Cloud role.

enable the required APIs for Prisma Cloud.

publish the flow log to a storage bucket.

QUESTION 122
The development team wants to block Cross Site Scripting attacks from pods in its environment. How should the team construct the CNAF policy to protect against this attack?

create a Host CNAF policy, targeted at a specific resource, check the box for XSS attack protection, and set the action to “prevent”.

create a Container CNAF policy, targeted at a specific resource, check the box for XSS attack protection, and set the action to alert.

create a Container CNAF policy, targeted at a specific resource, check the box for XSS protection, and set the action to prevent.

create a Container CNAF policy, targeted at a specific resource, and they should set “Explicitly allowed inbound IP sources” to the IP address of the pod.

QUESTION 123
What is an automatically correlated set of individual events generated by the firewall and runtime sensors to identify unfolding attacks?

policy

incident

audit

anomaly

QUESTION 124
Which component(s), if any, will Palo Alto Networks host and run when a customer purchases Prisma Cloud Enterprise Edition?

Defenders

Console

Jenkins

twistcli

QUESTION 125
Given the following audit event activity snippet:

Which RQL will be triggered by the audit event?