PCCSE: Prisma Cloud Security Engineer Sample Questions

  1. Home
  2. PCCSE: Prisma Cloud Security Engineer Sample Questions
PCCSE Prisma Cloud Security Engineer Sample Questions
Question 1 – Which two of the following processes would ensure the builds could function after a Console upgrade? (Choose two.)
  • A. allowing Jenkins to automatically update the plugin
  • B. updating any build environments having twistcli included for using the latest version
  • C. configuring build pipelines for downloading twistcli at the start of each build
  • D. creating a new policy allowing older versions of twistcli to connect the Console

Correct Answer: AB

Question 2 – Prisma Cloud policies need to be associated with compliance frameworks by the compliance team. Which of the following option must the team select for performing this task?
  • A. Custom Compliance
  • B. Policies
  • C. Compliance
  • D. Alert Rules

Correct Answer: B

Reference: https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/prisma-cloud-compliance/compliance-dashboard.html

Question 3 – Review this admission control policy:
match[{“msg”: msg}] {
input.request.operation == “CREATE”
input.request.kind.kind == “Pod”
input.request.resource.resource == “pods”
input.request.object.spec.containers[_].securityContext.privileged msg := “Privileged”
}
Which of the following response to this policy would be achieved when the effect is set to block?
  • A. It will block all pods on a Privileged host.
  • B. It will replace Defender with a privileged Defender.
  • C. It will alert only the administrator when a privileged pod is created.
  • D. It will block the creation of a privileged pod.

Correct Answer: C

Question 4 – As part of Prisma Cloud’s security requirements, an administrator needs to provide a list of people who will receive e-mails about alerts. Where would you locate this list of e-mail recipients?
  • A. Target section within an Alert Rule.
  • B. Notification Template section within Alerts.
  • C. Users section within Settings.
  • D. Set an Alert Notification section within an Alert Rule.

Correct Answer: A

Question 5 – As part of a build process, a customer would like to scan a serverless function. Which of the following twistcli command could be used for scanning serverless functions?
  • A. twistcli function scan <SERVERLESS_FUNCTION.ZIP>
  • B. twistcli scan serverless <SERVERLESS_FUNCTION.ZIP>
  • C. twistcli serverless AWS <SERVERLESS_FUNCTION.ZIP>
  • D. twiscli serverless scan <SERVERLESS_FUNCTION.ZIP>

Correct Answer: D

Reference: https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/vulnerability_management/serverless_functions

Question 6 – There are 50 Defenders connected to the customer’s development environment. The customer has scheduled a maintenance window for Monday to upgrade 30 stand-alone Defenders in the development environment, but the remaining 20 stand-alone Defenders cannot be upgraded until Sunday. Which of the given actions could manage this situation?
  • A. Go to Manage > Defender > Manage, click Defenders, and use the Scheduler for choosing which Defenders will be automatically upgraded during the maintenance window.
  • B. Finding a maintenance window suitable for upgrading all stand-alone Defenders in the development environment.
  • C. Upgrading a subset of the Defenders by clicking the individual Actions > Upgrade button in the row corresponding to the Defender that must be upgraded during the maintenance window.
  • D. Opening a support case with Palo Alto Networks for arranging an automatic upgrade.

Correct Answer: A

Question 7 – Which of the following is an example of an outbound notification within Prisma Cloud?
  • A. AWS Inspector
  • B. Qualys
  • C. Tenable
  • D. PagerDuty

Correct Answer: D

Question 8 – A security team is working on creating a custom policy. Which two of the following methods could be used to accomplish this goal? (Choose two.)
  • A. adding a new policy
  • B. cloning an existing policy
  • C. disabling an out-of-the-box policy
  • D. editing the query in the out-of-the-box policy

Correct Answer: AB

Reference: https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/prisma-cloud-policies/manage-prisma-cloud-policies

Question 9 – It is the security auditors’ responsibility to verify that the host is performing compliance checks. Which of the given option is a valid host compliance policy?
  • A. Ensuring functions are not overly permissive.
  • B. Ensuring host devices are not directly exposed to containers.
  • C. Ensuring images are created with a non-root user.
  • D. Ensuring compliant Docker daemon configuration.

Correct Answer: C

Question 10 – When Console is deployed by default, customers need to identify the default compliance checks that are alerted. Where should the customer navigate in the Console?
  • A. Monitor > Compliance
  • B. Defend > Compliance
  • C. Manage > Compliance
  • D. Custom > Compliance

Correct Answer: B

Reference: https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/compliance/manage_compliance.html

Question 11 – The customer would like to be notified when their environment is being scanned for port scanning. Which of the given policy type detects this behavior?
  • A. Network
  • B. Port Scan
  • C. Anomaly
  • D. Config

Correct Answer: A

Question 12 – The security team has deployed the Cloud Native Application Firewall (CNAF) on a containerized web application, which runs an NGINX container listening on port 8080 and mapped to host port 80. Which of the given ports should the team specify in the CNAF rule for protecting the application?
  • A. 443
  • B. 80
  • C. 8080
  • D. 8888

Correct Answer: C

Reference: https://docs.paloaltonetworks.com/prisma/prisma-cloud/19-11/prisma-cloud-compute-edition-admin/firewalls/deploy_cnaf.html

Question 13 – Which three of the following types of bucket exposure are available in the Data Security module? (Choose three.)
  • A. Public
  • B. Private
  • C. International
  • D. Differential
  • E. Conditional

Correct Answer: CDE

Question 14 – The administrator is reviewing the Console audit logs within the Console. Which of the given page in the Console will the administrator be using for reviewing this data, if it can be reviewed at all?
  • A. Navigate to Monitor > Events > Host Log Inspection
  • B. The audit logs can be viewed only externally to the Console
  • C. Navigate to Manage > Defenders > View Logs
  • D. Navigate to Manage > View Logs > History

Correct Answer: D

Question 15 – Which of the following container scans is constructed correctly?
  • A. twistcli images scan -u api -p api –address https://us-west1.cloud.twistlock.com/us-3-123456789 –container myimage/latest
  • B. twistcli images scan –docker-address https://us-west1.cloud.twistlock.com/us-3-123456789 myimage/latest
  • C. twistcli images scan -u api -p api –address https://us-west1.cloud.twistlock.com/us-3-123456789 –details myimage/latest
  • D. twistcli images scan -u api -p api –docker-address https://us-west1.cloud.twistlock.com/us-3-123456789 myimage/latest

Correct Answer: B

Question 16 – The development team would like to fail CI jobs where a specific CVE is contained within the image. Which pipeline or policy should be configured by the development team to achieve this result?
  • A. Setting the specific CVE exception as an option in Jenkins or twistcli.
  • B. Setting the specific CVE exception as an option in Defender running the scan.
  • C. Setting the specific CVE exception as an option using the magic string in the Console.
  • D. Setting the specific CVE exception in Console’s CI policy.

Correct Answer: C

Question 17 – Which three of the following types of classifications are available in the Data Security module? (Choose three.)
  • A. Personally identifiable information
  • B. Malicious IP
  • C. Compliance standard
  • D. Financial information
  • E. Malware

Correct Answer: CDE

Question 18 – Which two of the following statements are correct regarding the differences between build and run config policies? (Choose two.)
  • A. Run and Network policies belong to the configuration policy setting.
  • B. Build and Audit Events policies belong to the configuration policy setting.
  • C. Run policies are for monitoring resources and checking for potential issues after these cloud resources are deployed.
  • D. Build policies enable you in checking for security misconfigurations in the IaC templates and ensuring that these issues do not get into production.
  • E. Run policies are for monitoring network activities in your environment and checking for potential issues during runtime.

Correct Answer: BE

Question 19 – As part of the incident response process, the security team notices a number of anomalies under Monitor > Events which have been identified as false positives and are being investigated by the incident response team. What would be the result if the security team opts to Relearn this image?
  • A. The model will be deleted, and Defender would relearn it for 24 hours.
  • B. The anomalies detected would be added automatically to the model.
  • C. The model will be deleted and would return to the initial learning state.
  • D. The model will be retained, and any new behavior observed during the new learning period would be added to the existing model.

Correct Answer: B

Question 20 – It is not acceptable for the customer to receive alerts based on network traffic that originates within their own security network. In order to meet this customer’s request, which setting should you choose?
  • A. Trusted Login IP Addresses
  • B. Anomaly Trusted List
  • C. Trusted Alert IP Addresses
  • D. Enterprise Alert Disposition

Correct Answer: C

Reference: https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/manage-prisma-cloud-alerts/trusted-ip-addresses-on-prisma-cloud.html

Prisma Certified Cloud Security Engineer (PCCSE) free practice test
Menu