New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

PCCSE Paloalto Networks Exam Lab Questions

Page: 18 / 19
Question 72

Console is running in a Kubernetes cluster, and you need to deploy Defenders on nodes within this cluster.

Which option shows the steps to deploy the Defenders in Kubernetes using the default Console service name?

Options:

A.

From the deployment page in Console, choose pod name for Console identifier, generate DaemonSet file, and apply the DaemonSet to twistlock namespace.

B.

From the deployment page configure the cloud credential in Console and allow cloud discovery to auto-protect the Kubernetes nodes.

C.

From the deployment page in Console, choose twistlock-console for Console identifier, generate DaemonSet file, and apply DaemonSet to the twistlock namespace.

D.

From the deployment page in Console, choose twistlock-console for Console identifier, and run the curl | bash script on the master Kubernetes node.

Question 73

Which three incident types will be reflected in the Incident Explorer section of Runtime Defense? (Choose three.)

Options:

A.

Crypto miners

B.

Brute Force

C.

Cross-Site Scripting

D.

Port Scanning

E.

SQL Injection

Question 74

An administrator of Prisma Cloud wants to enable role-based access control for Docker engine.

Which configuration step is needed first to accomplish this task?

Options:

A.

Configure Docker’s authentication sequence to first use an identity provider and then Console.

B.

Set Defender’s listener type to TCP.

C.

Set Docker’s listener type to TCP.

D.

Configure Defender’s authentication sequence to first use an identity provider and then Console.

Question 75

Which IAM Azure RQL query would correctly generate an output to view users who have sufficient permissions to create security groups within Azure AD and create applications?

Options:

A.

config where api.name = ‘azure-active-directory-authorization-policy’ AND json.rule = defaultUserRolePermissions.allowedToCreateSecurityGroups is true and defaultUserRolePermissions.allowedToCreateApps is true

B.

config from cloud.resource where api.name = ‘azure-active-directory-authorization-policy’ AND json.rule = defaultUserRolePermissions exists

C.

config from network where api.name = ‘azure-active-directory-authorization-policy’ AND json.rule = defaultUserRolePermissions.allowedToCreateSecurityGroups is false and defaultUserRolePermissions.allowedToCreateApps is true

D.

config from cloud.resource where api.name = ‘azure-active-directory-authorization-policy’ AND json.rule = defaultUserRolePermissions.allowedToCreateSecurityGroups is true and defaultUserRolePermissions.allowedToCreateApps is true

Page: 18 / 19
Exam Code: PCCSE
Exam Name: Prisma Certified Cloud Security Engineer
Last Update: Dec 22, 2024
Questions: 260
PCCSE pdf

PCCSE PDF

$25.5  $84.99
PCCSE Engine

PCCSE Testing Engine

$28.5  $94.99
PCCSE PDF + Engine

PCCSE PDF + Testing Engine

$40.5  $134.99