PCCSE無料問題集「Palo Alto Networks Prisma Certified Cloud Security Engineer」

質問 1

Which of the following is a reason for alert dismissal?

（A）SNOOZED_AUTO_CLOSE

（B）ALERT_RULE_ADDED

（C）POLICY_UPDATED

（D）USER_DELETED

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 2

Which three actions are required in order to use the automated method within Azure Cloud to streamline the process of using remediation in the identity and access management (IAM) module? (Choose three.)

（A）Integrate with Azure Service Bus.

（B）Configure IAM Azure remediation script.

（C）Configure IAM AWS remediation script.

（D）Install boto3 & requests library.

（E）Install azure.servicebus & requests library.

正解：A、B、E 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 3

During the Learning phase of the Container Runtime Model, Prisma Cloud enters a "dry run" period for how many hours?

（A）24

（B）1

（C）4

（D）48

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 4

Which two of the following are required to be entered on the IdP side when setting up SSO in Prisma Cloud?
(Choose two.)

（A）SSO Certificate

（B）SP (Service Provider) Entity ID

（C）Username

（D）Assertion Consumer Service (ACS) URL

正解：B、D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 5

Given an existing ECS Cluster, which option shows the steps required to install the Console in Amazon ECS?

（A）Download and extract the release tarball
Ensure that each node has its own storage for Console data Create the Console task definition Deploy the task definition

（B）Download and extract release tarball Download task from AWS
Create the Console task definition Deploy the task definition

（C）The console cannot natively run in an ECS cluster. A onebox deployment should be used.

（D）Download and extract the release tarball Create an EFS file system and mount to each node in the cluster Create the Console task definition Deploy the task definition

正解：D 解答を投票する

質問 6

Which three Orchestrator types are supported when deploying Defender? (Choose three.)

（A）Amazon ECS

（B）Red Hat OpenShift

（C）Azure ACS

（D）Kubernetes

（E）Docker Swarm

正解：A、B、D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 7

Which step is included when configuring Kubernetes to use Prisma Cloud Compute as an admission controller?

（A）enable Kubernetes auditing from the Defend > Access > Kubernetes page in the Console.

（B）copy the admission controller configuration from the Console and apply it to Kubernetes.

（C）create a new namespace in Kubernetes called admission-controller.

（D）copy the Console address and set the config map for the default namespace.

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 8

Which data security default policy is able to scan for vulnerabilities?

（A）Objects containing Malware

（B）Objects containing Vulnerabilities

（C）Objects containing Exploits

（D）Objects containing Threats

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 9

How is the scope of each rule determined in the Prisma Cloud Compute host runtime policy?

（A）By the collection assigned to that rule

（B）By the target workload

（C）By the order in which it is created

（D）By the type of network traffic it controls

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 10

Which "kind" of Kubernetes object is configured to ensure that Defender is acting as the admission controller?

（A）ValidatingWebhookConfiguration

（B）MutatingWebhookConfiguration

（C）PodSecurityPolicies

（D）DestinationRules

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 11

A Prisma Cloud Administrator onboarded an AWS cloud account with agentless scanning enabled successfully to Prisma Cloud. Which item requires deploying defenders to be able to inspect the risk on the onboarded AWS account?

（A）Host vulnerability risks

（B）Container vulnerability risks

（C）Host compliances risks

（D）Container runtime risks

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 12

A manager informs the SOC that one or more RDS instances have been compromised and the SOC needs to make sure production RDS instances are NOT publicly accessible.
Which action should the SOC take to follow security best practices?

（A）Enable "AWS RDS database instance is publicly accessible" policy and add policy to an auto-remediation alert rule.

（B）Enable "AWS S3 bucket is publicly accessible" policy and manually remediate each alert.

（C）Enable "AWS RDS database instance is publicly accessible" policy and for each alert, check that it is a production instance, and then manually remediate.

（D）Enable "AWS S3 bucket is publicly accessible" policy and add policy to an auto-remediation alert rule.

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 13

Which three types of buckets exposure are available in the Data Security module? (Choose three.)

（A）Differential

（B）Private

（C）Conditional

（D）Public

（E）International

正解：B、C、D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

PCCSE 無料問題集「Palo Alto Networks Prisma Certified Cloud Security Engineer」

弊社を連絡する

関連リンク

トップ試験