Month End Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: buysanta

Exact2Pass Menu

Question # 4

A customer wants to turn on Auto Remediation.

Which policy type has the built-in CLI command for remediation?

A.

Anomaly

B.

Audit Event

C.

Network

D.

Config

Full Access
Question # 5

Given a default deployment of Console, a customer needs to identify the alerted compliance checks that are set by default.

Where should the customer navigate in Console?

A.

Monitor > Compliance

B.

Defend > Compliance

C.

Manage > Compliance

D.

Custom > Compliance

Full Access
Question # 6

Order the steps involved in onboarding an AWS Account for use with Data Security feature.

Full Access
Question # 7

A customer is deploying Defenders to a Fargate environment. It wants to understand the vulnerabilities in the image it is deploying.

How should the customer automate vulnerability scanning for images deployed to Fargate?

A.

Set up a vulnerability scanner on the registry

B.

Embed a Fargate Defender to automatically scan for vulnerabilities

C.

Designate a Fargate Defender to serve a dedicated image scanner

D.

Use Cloud Compliance to identify misconfigured AWS accounts

Full Access
Question # 8

The development team wants to fail CI jobs where a specific CVE is contained within the image. How should the development team configure the pipeline or policy to produce this outcome?

A.

Set the specific CVE exception as an option in Jenkins or twistcli.

B.

Set the specific CVE exception as an option in Defender running the scan.

C.

Set the specific CVE exception as an option using the magic string in the Console.

D.

Set the specific CVE exception in Console’s CI policy.

Full Access
Question # 9

During the Learning phase of the Container Runtime Model, Prisma Cloud enters a “dry run” period for how many hours?

A.

4

B.

48

C.

1

D.

24

Full Access
Question # 10

Which three types of runtime rules can be created? (Choose three.)

A.

Processes

B.

Network-outgoing

C.

Filesystem

D.

Kubernetes-audit

E.

Waas-request

Full Access
Question # 11

The Compute Console has recently been upgraded, and the administrator plans to delay upgrading the Defenders and the Twistcli tool until some of the team’s resources have been rescaled. The Console is currently one major release ahead.

What will happen as a result of the Console upgrade?

A.

Defenders will disconnect, and Twistcli will stop working.

B.

Defenders will disconnect, and Twistcli will remain working.

C.

Both Defenders and Twistcli will remain working.

D.

Defenders will remain connected, and Twistcli will stop working.

Full Access
Question # 12

Which two statements are true about the differences between build and run config policies? (Choose two.)

A.

Run and Network policies belong to the configuration policy set.

B.

Build and Audit Events policies belong to the configuration policy set.

C.

Run policies monitor resources, and check for potential issues after these cloud resources are deployed.

D.

Build policies enable you to check for security misconfigurations in the IaC templates and ensure that these issues do not get into production.

E.

Run policies monitor network activities in your environment, and check for potential issues during runtime.

Full Access
Question # 13

You are tasked with configuring a Prisma Cloud build policy for Terraform. What type of query is necessary to complete this policy?

A.

YAML

B.

JSON

C.

CloudFormation

D.

Terraform

Full Access
Question # 14

Which method should be used to authenticate to Prisma Cloud Enterprise programmatically?

A.

single sign-on

B.

SAML

C.

basic authentication

D.

access key

Full Access
Question # 15

One of the resources on the network has triggered an alert for a Default Config policy.

Given the following resource JSON snippet:

Which RQL detected the vulnerability?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 16

What are the two ways to scope a CI policy for image scanning? (Choose two.)

A.

container name

B.

image name

C.

hostname

D.

image labels

Full Access
Question # 17

A customer has configured the JIT, and the user created by the process is trying to log in to the Prisma Cloud console. The user encounters the following error message:

What is the reason for the error message?

A.

The attribute name is not set correctly in JIT settings.

B.

The user does not exist.

C.

The user entered an incorrect password

D.

The role is not assigned for the user.

Full Access
Question # 18

An administrator sees that a runtime audit has been generated for a host. The audit message is:

“Service postfix attempted to obtain capability SHELL by executing /bin/sh /usr/libexec/postfix/postfix- script.stop. Low severity audit, event is automatically added to the runtime model”

Which runtime host policy rule is the root cause for this runtime audit?

A.

Custom rule with specific configuration for file integrity

B.

Custom rule with specific configuration for networking

C.

Default rule that alerts on capabilities

D.

Default rule that alerts on suspicious runtime behavior

Full Access
Question # 19

Which two variables must be modified to achieve automatic remediation for identity and access management (IAM) alerts in Azure cloud? (Choose two.)

A.

API_ENDPOINT

B.

SQS_QUEUE_NAME

C.

SB_QUEUE_KEY

D.

YOUR_ACCOUNT_NUMBER

Full Access
Question # 20

The development team is building pods to host a web front end, and they want to protect these pods with an application firewall.

Which type of policy should be created to protect this pod from Layer7 attacks?

A.

The development team should create a WAAS rule for the host where these pods will be running.

B.

The development team should create a WAAS rule targeted at all resources on the host.

C.

The development team should create a runtime policy with networking protections.

D.

The development team should create a WAAS rule targeted at the image name of the pods.

Full Access
Question # 21

An administrator sees that a runtime audit has been generated for a container.

The audit message is:

“/bin/ls launched and is explicitly blocked in the runtime rule. Full command: ls -latr”

Which protection in the runtime rule would cause this audit?

A.

Networking

B.

File systems

C.

Processes

D.

Container

Full Access
Question # 22

Move the steps to the correct order to set up and execute a serverless scan using AWS DevOps.

Full Access
Question # 23

What is an automatically correlated set of individual events generated by the firewall and runtime sensors to identify unfolding attacks?

A.

policy

B.

incident

C.

audit

D.

anomaly

Full Access
Question # 24

Console is running in a Kubernetes cluster, and you need to deploy Defenders on nodes within this cluster.

Which option shows the steps to deploy the Defenders in Kubernetes using the default Console service name?

A.

From the deployment page in Console, choose pod name for Console identifier, generate DaemonSet file, and apply the DaemonSet to twistlock namespace.

B.

From the deployment page configure the cloud credential in Console and allow cloud discovery to auto-protect the Kubernetes nodes.

C.

From the deployment page in Console, choose twistlock-console for Console identifier, generate DaemonSet file, and apply DaemonSet to the twistlock namespace.

D.

From the deployment page in Console, choose twistlock-console for Console identifier, and run the curl | bash script on the master Kubernetes node.

Full Access
Question # 25

Which three elements are part of SSH Events in Host Observations? (Choose three.)

A.

Startup process

B.

User

C.

System calls

D.

Process path

E.

Command

Full Access
Question # 26

An administrator needs to detect and alert on any activities performed by a root account.

Which policy type should be used?

A.

config-run

B.

config-build

C.

network

D.

audit event

Full Access
Question # 27

An administrator sees that a runtime audit has been generated for a Container. The audit message is “DNS resolution of suspicious name wikipedia.com. type A”.

Why would this message appear as an audit?

A.

The DNS was not learned as part of the Container model or added to the DNS allow list.

B.

This is a DNS known to be a source of malware.

C.

The process calling out to this domain was not part of the Container model.

D.

The Layer7 firewall detected this as anomalous behavior.

Full Access
Question # 28

The InfoSec team wants to be notified via email each time a Security Group is misconfigured. Which Prisma Cloud tab should you choose to complete this request?

A.

Notifications

B.

Policies

C.

Alert Rules

D.

Events

Full Access
Question # 29

Which two IDE plugins are supported by Prisma Cloud as part of its DevOps Security? (Choose two.)

A.

BitBucket

B.

Visual Studio Code

C.

CircleCI

D.

IntelliJ

Full Access