Weekend Special Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: buysanta

Exact2Pass Menu

Question # 4

Which resource and policy type are used to calculate AWS Net Effective Permissions? (Choose two.)

A.

Service Linked Roles

B.

Lambda Function

C.

Amazon Resource Names (ARNs) using Wild Cards

D.

AWS Service Control Policies (SCPs)

Full Access
Question # 5

Console is running in a Kubernetes cluster, and Defenders need to be deployed on nodes within this cluster.

How should the Defenders in Kubernetes be deployed using the default Console service name?

A.

From the deployment page in Console, choose "twistlock-console" for Console identifier, generate DaemonSet file, and apply DaemonSet to the twistlock namespace.

B.

From the deployment page, configure the cloud credential in Console and allow cloud discovery to auto-protect the Kubernetes nodes.

C.

From the deployment page in Console, choose "twistlock-console" for Console identifier and run the "curl | bash" script on the master Kubernetes node.

D.

From the deployment page in Console, choose "pod name" for Console identifier, generate DaemonSet file, and apply the DaemonSet to twistlock namespace.

Full Access
Question # 6

Which type of compliance check is available for rules under Defend > Compliance > Containers and Images > CI?

A.

Host

B.

Container

C.

Functions

D.

Image

Full Access
Question # 7

What is an example of an outbound notification within Prisma Cloud?

A.

AWS Inspector

B.

Qualys

C.

Tenable

D.

PagerDuty

Full Access
Question # 8

When configuring SSO how many IdP providers can be enabled for all the cloud accounts monitored by Prisma Cloud?

A.

2

B.

4

C.

1

D.

3

Full Access
Question # 9

Where can Defender debug logs be viewed? (Choose two.)

A.

/var/lib/twistlock/defender.log

B.

From the Console, Manage > Defenders > Manage > Defenders. Select the Defender from the deployed Defenders list, then click Actions > Logs

C.

From the Console, Manage > Defenders > Deploy > Defenders. Select the Defender from the deployed Defenders list, then click Actions > Logs

D.

/var/lib/twistlock/log/defender.log

Full Access
Question # 10

A customer is reviewing Container audits, and an audit has identified a cryptominer attack. Which three options could have generated this audit? (Choose three.)

A.

The value of the mined currency exceeds $100.

B.

High CPU usage over time for the container is detected.

C.

Common cryptominer process name was found.

D.

The mined currency is associated with a user token.

E.

Common cryptominer port usage was found.

Full Access
Question # 11

The exclamation mark on the resource explorer page would represent?

A.

resource has been deleted

B.

the resource was modified recently

C.

resource has alerts

D.

resource has compliance violation

Full Access
Question # 12

The Unusual protocol activity (Internal) network anomaly is generating too many alerts. An administrator has been asked to tune it to the option that will generate the least number of events without disabling it entirely.

Which strategy should the administrator use to achieve this goal?

A.

Disable the policy

B.

Set the Alert Disposition to Conservative

C.

Change the Training Threshold to Low

D.

Set Alert Disposition to Aggressive

Full Access
Question # 13

Which API calls can scan an image named myimage: latest with twistcli and then retrieve the results from Console?

A.

$ twistcli images scan \

--address \

--user \

--password \

--verbose \

myimage: latest

B.

$ twistcli images scan \

--address \

--user \

--password \

--details \

myimage: latest

C.

$ twistcli images scan \

--address \

--user \

--password \

myimage: latest

D.

$ twistcli images scan \

--address \

--user \

--password \

--console \

myimage: latest

Full Access
Question # 14

A customer has a development environment with 50 connected Defenders. A maintenance window is set for Monday to upgrade 30 stand-alone Defenders in the development environment, but there is no maintenance window available until Sunday to upgrade the remaining 20 stand-alone Defenders.

Which recommended action manages this situation?

A.

Go to Manage > Defender > Manage, then click Defenders, and use the Scheduler to choose which Defenders will be automatically upgraded during the maintenance window.

B.

Find a maintenance window that is suitable to upgrade all stand-alone Defenders in the development environment.

C.

Upgrade a subset of the Defenders by clicking the individual Actions > Upgrade button in the row that corresponds to the Defender that should be upgraded during the maintenance window.

D.

Open a support case with Palo Alto Networks to arrange an automatic upgrade.

Full Access
Question # 15

Which two statements explain differences between build and run config policies? (Choose two.)

A.

Run and Network policies belong to the configuration policy set.

B.

Build policies allow checking for security misconfigurations in the IaC templates and ensure these issues do not get into production.

C.

Run policies monitor network activities in the environment and check for potential issues during runtime.

D.

Run policies monitor resources and check for potential issues after these cloud resources are deployed.

Full Access
Question # 16

Which two of the following are required to be entered on the IdP side when setting up SSO in Prisma Cloud? (Choose two.)

A.

Username

B.

SSO Certificate

C.

Assertion Consumer Service (ACS) URL

D.

SP (Service Provider) Entity ID

Full Access
Question # 17

Given the following RQL:

event from cloud.audit_logs where operation IN (‘CreateCryptoKey’, ‘DestroyCryptoKeyVersion’, ‘v1.compute.disks.createSnapshot’)

Which audit event snippet is identified?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 18

Move the steps to the correct order to set up and execute a serverless scan using AWS DevOps.

Full Access
Question # 19

When would a policy apply if the policy is set under Defend > Vulnerability > Images > Deployed?

A.

when a serverless repository is scanned

B.

when a Container is started form an Image

C.

when the Image is built and when a Container is started form an Image

D.

when the Image is built

Full Access
Question # 20

An administrator wants to enforce a rate limit for users not being able to post five (5) .tar.gz files within five (5) seconds.

What does the administrator need to configure?

A.

A ban for DoS protection with an average rate of 5 and file extensions match on .tar.gz on WAAS

B.

A ban for DoS protection with a burst rate of 5 and file extensions match on .tar.gz on CNNF

C.

A ban for DoS protection with a burst rate of 5 and file extensions match on .tar gz on WAAS

D.

A ban for DoS protection with an average rate of 5 and file extensions match on .tar.gz on CNNF

Full Access
Question # 21

Which IAM Azure RQL query would correctly generate an output to view users who have sufficient permissions to create security groups within Azure AD and create applications?

A.

config where api.name = ‘azure-active-directory-authorization-policy’ AND json.rule = defaultUserRolePermissions.allowedToCreateSecurityGroups is true and defaultUserRolePermissions.allowedToCreateApps is true

B.

config from cloud.resource where api.name = ‘azure-active-directory-authorization-policy’ AND json.rule = defaultUserRolePermissions exists

C.

config from network where api.name = ‘azure-active-directory-authorization-policy’ AND json.rule = defaultUserRolePermissions.allowedToCreateSecurityGroups is false and defaultUserRolePermissions.allowedToCreateApps is true

D.

config from cloud.resource where api.name = ‘azure-active-directory-authorization-policy’ AND json.rule = defaultUserRolePermissions.allowedToCreateSecurityGroups is true and defaultUserRolePermissions.allowedToCreateApps is true

Full Access
Question # 22

A security team has a requirement to ensure the environment is scanned for vulnerabilities. What are three options for configuring vulnerability policies? (Choose three.)

A.

individual actions based on package type

B.

output verbosity for blocked requests

C.

apply policy only when vendor fix is available

D.

individual grace periods for each severity level

E.

customize message on blocked requests

Full Access
Question # 23

Which two statements apply to the Defender type Container Defender - Linux?

A.

It is implemented as runtime protection in the userspace.

B.

It is deployed as a service.

C.

It is deployed as a container.

D.

It is incapable of filesystem runtime defense.

Full Access
Question # 24

Which Defender type performs registry scanning?

A.

Serverless

B.

Container

C.

Host

D.

RASP

Full Access
Question # 25

How does assigning an account group to an administrative user on Prisma Cloud help restrict access to resources?

A.

It restricts access only to certain types of resources within the cloud account.

B.

It restricts access to all resources and data within the cloud account.

C.

It restricts access only to the resources and data that pertains to the cloud account(s) within an account group.

D.

It does not restrict access to any resources within the cloud account.

Full Access
Question # 26

A customer has multiple violations in the environment including:

User namespace is enabled

An LDAP server is enabled

SSH root is enabled

Which section of Console should the administrator use to review these findings?

A.

Manage

B.

Vulnerabilities

C.

Radar

D.

Compliance

Full Access
Question # 27

How often do Defenders share logs with Console?

A.

Every 10 minutes

B.

Every 30 minutes

C.

Every 1 hour

D.

Real time

Full Access
Question # 28

If you are required to run in an air-gapped environment, which product should you install?

A.

Prisma Cloud Jenkins Plugin

B.

Prisma Cloud Compute Edition

C.

Prisma Cloud with self-hosted plugin

D.

Prisma Cloud Enterprise Edition

Full Access
Question # 29

Which three steps are involved in onboarding an account for Data Security? (Choose three.)

A.

Create a read-only role with in-line policies

B.

Create a Cloudtrail with SNS Topic

C.

Enable Flow Logs

D.

Enter the RoleARN and SNSARN

E.

Create a S3 bucket

Full Access
Question # 30

Which container scan is constructed correctly?

A.

twistcli images scan -u api -p api --address https://us-west1.cloud.twistlock.com/us-3-123456789 -- container myimage/latest

B.

twistcli images scan --docker-address https://us-west1.cloud.twistlock.com/us-3-123456789 myimage/ latest

C.

twistcli images scan -u api -p api --address https://us-west1.cloud.twistlock.com/us-3-123456789 --details myimage/latest

D.

twistcli images scan -u api -p api --docker-address https://us-west1.cloud.twistlock.com/us-3-123456789 myimage/latest

Full Access
Question # 31

The security auditors need to ensure that given compliance checks are being run on the host. Which option is a valid host compliance policy?

A.

Ensure functions are not overly permissive.

B.

Ensure host devices are not directly exposed to containers.

C.

Ensure images are created with a non-root user.

D.

Ensure compliant Docker daemon configuration.

Full Access
Question # 32

A customer has Prisma Cloud Enterprise and host Defenders deployed.

What are two options that allow an administrator to upgrade Defenders? (Choose two.)

A.

with auto-upgrade, the host Defender will auto-upgrade.

B.

auto deploy the Lambda Defender.

C.

click the update button in the web-interface.

D.

generate a new DaemonSet file.

Full Access
Question # 33

The development team is building pods to host a web front end, and they want to protect these pods with an application firewall.

Which type of policy should be created to protect this pod from Layer7 attacks?

A.

The development team should create a WAAS rule for the host where these pods will be running.

B.

The development team should create a WAAS rule targeted at all resources on the host.

C.

The development team should create a runtime policy with networking protections.

D.

The development team should create a WAAS rule targeted at the image name of the pods.

Full Access
Question # 34

Which command should be used in the Prisma Cloud twistcli tool to scan the nginx:latest image for vulnerabilities and compliance issues?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 35

Prisma Cloud cannot integrate which of the following secrets managers?

A.

IBM Secret Manager

B.

AzureKey Vault

C.

HashiCorp Vault

D.

AWS Secret Manager

Full Access
Question # 36

Given this information:

The Console is located at https://prisma-console.mydomain.local The username is: cluster

The password is: password123

The image to scan is: myimage:latest

Which twistcli command should be used to scan a Container for vulnerabilities and display the details about each vulnerability?

A.

twistcli images scan --console-address https://prisma-console.mydomain.local -u cluster -p password123 -- details myimage:latest

B.

twistcli images scan --console-address prisma-console.mydomain.local -u cluster -p password123 -- vulnerability-details myimage:latest

C.

twistcli images scan --address prisma-console.mydomain.local -u cluster -p password123 --vulnerability- details myimage:latest

D.

twistcli images scan --address https://prisma-console.mydomain.local -u cluster -p password123 --details myimage:latest

Full Access
Question # 37

Which two roles have access to view the Prisma Cloud policies? (Choose two.)

A.

Build AND Deploy Security

B.

Auditor

C.

Dev SecOps

D.

Defender Manager

Full Access
Question # 38

A Prisma Cloud administrator is tasked with pulling a report via API. The Prisma Cloud tenant is located on app2.prismacloud.io.

What is the correct API endpoint?

Full Access
Question # 39

On which cloud service providers can you receive new API release information for Prisma Cloud?

A.

AWS, Azure, GCP, Oracle, IBM

B.

AWS, Azure, GCP, Oracle, Alibaba

C.

AWS, Azure, GCP, IBM

D.

AWS, Azure, GCP, IBM, Alibaba

Full Access
Question # 40

Creation of a new custom compliance standard that is based on other individual custom compliance standards needs to be automated.

Assuming the necessary data from other standards has been collected, which API order should be used for this new compliance standard?

Full Access
Question # 41

Which two information types cannot be seen in the data security dashboard? (Choose two).

A.

Bucket owner

B.

Object Data Profile by Region

C.

Top Publicly Exposed Objects By Data Profile

D.

Object content

E.

Total objects

Full Access
Question # 42

Order the steps involved in onboarding an AWS Account for use with Data Security feature.

Full Access
Question # 43

You are an existing customer of Prisma Cloud Enterprise. You want to onboard a public cloud account and immediately see all of the alerts associated with this account based off ALL of your tenant’s existing enabled policies. There is no requirement to send alerts from this account to a downstream application at this time.

Which option shows the steps required during the alert rule creation process to achieve this objective?

A.

Ensure the public cloud account is assigned to an account group Assign the confirmed account group to alert rule

Select “select all policies” checkbox as part of the alert rule Confirm the alert rule

B.

Ensure the public cloud account is assigned to an account group Assign the confirmed account group to alert rule

Select one or more policies checkbox as part of the alert rule Confirm the alert rule

C.

Ensure the public cloud account is assigned to an account group Assign the confirmed account group to alert rule

Select one or more policies as part of the alert rule Add alert notifications

Confirm the alert rule

D.

Ensure the public cloud account is assigned to an account group Assign the confirmed account group to alert rule

Select “select all policies” checkbox as part of the alert rule Add alert notifications

Confirm the alert rule

Full Access
Question # 44

What is the function of the external ID when onboarding a new Amazon Web Services (AWS) account in Prisma Cloud?

A.

It is a unique identifier needed only when Monitor & Protect mode is selected.

B.

It is the resource name for the Prisma Cloud Role.

C.

It is a UUID that establishes a trust relationship between the Prisma Cloud account and the AWS account in order to extract data.

D.

It is the default name of the PrismaCloudApp stack.

Full Access
Question # 45

What is the most reliable and extensive source for documentation on Prisma Cloud APIs?

A.

prisma.pan.dev

B.

docs.paloaltonetworks.com

C.

Prisma Cloud Administrator’s Guide

D.

Live Community

Full Access
Question # 46

In which two ways can Prisma Cloud images be retrieved in Prisma Cloud Compute Self-Hosted Edition? (Choose two.)

A.

Pull the images from the Prisma Cloud registry without any authentication.

B.

Authenticate with Prisma Cloud registry, and then pull the images from the Prisma Cloud registry.

C.

Retrieve Prisma Cloud images using URL auth by embedding an access token.

D.

Download Prisma Cloud images from github.paloaltonetworks.com.

Full Access
Question # 47

Which policy type in Prisma Cloud can protect against malware?

A.

Data

B.

Config

C.

Network

D.

Event

Full Access
Question # 48

Taking which action will automatically enable all severity levels?

A.

Navigate to Settings > Enterprise Settings and enable all severity levels in the alarm center.

B.

Navigate to Policies > Settings and enable all severity levels in the alarm center.

C.

Navigate to Settings > Enterprise Settings and ensure all severity levels are checked under "auto-enable default policies.

D.

Navigate to Policies > Settings and ensure all severity levels are checked under "auto-enable default policies.

Full Access
Question # 49

Which serverless cloud provider is covered by the "overly permissive service access" compliance check?

A.

Alibaba

B.

Azure

C.

Amazon Web Services (AWS)

D.

Google Cloud Platform (GCP)

Full Access
Question # 50

A business unit has acquired a company that has a very large AWS account footprint. The plan is to immediately start onboarding the new company’s AWS accounts into Prisma Cloud Enterprise tenant immediately. The current company is currently not using AWS Organizations and will require each account to be onboarded individually.

The business unit has decided to cover the scope of this action and determined that a script should be written to onboard each of these accounts with general settings to gain immediate posture visibility across the accounts.

Which API endpoint will specifically add these accounts into the Prisma Cloud Enterprise tenant?

Full Access
Question # 51

Which statement is true regarding CloudFormation templates?

A.

Scan support does not currently exist for nested references, macros, or intrinsic functions.

B.

A single template or a zip archive of template files cannot be scanned with a single API request.

C.

Request-Header-Field ‘cloudformation-version’ is required to request a scan.

D.

Scan support is provided for JSON, HTML and YAML formats.

Full Access
Question # 52

Who can access saved searches in a cloud account?

A.

Administrators

B.

Users who can access the tenant

C.

Creators

D.

All users with whom the saved search has been shared

Full Access
Question # 53

A customer does not want alerts to be generated from network traffic that originates from trusted internal networks.

Which setting should you use to meet this customer’s request?

A.

Trusted Login IP Addresses

B.

Anomaly Trusted List

C.

Trusted Alert IP Addresses

D.

Enterprise Alert Disposition

Full Access
Question # 54

Given the following RQL:

Which audit event snippet is identified by the RQL?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 55

A customer wants to scan a serverless function as part of a build process. Which twistcli command can be used to scan serverless functions?

A.

twistcli function scan

B.

twistcli scan serverless

C.

twistcli serverless AWS

D.

twiscli serverless scan

Full Access
Question # 56

An administrator wants to retrieve the compliance policies for images scanned in a continuous integration (CI) pipeline.

Which endpoint will successfully execute to enable access to the images via API?

A.

GET /api/v22.01/policies/compliance

B.

GET /api/v22.01/policies/compliance/ci

C.

GET /api/v22.01/policies/compliance/ci/images

D.

GET /api/v22.01/policies/compliance/ci/serverless

Full Access
Question # 57

Which Prisma Cloud policy type detects port scanning activities in a customer environment?

A.

Port Scan

B.

Anomaly

C.

Config

D.

Network

Full Access
Question # 58

A Prisma Cloud Administrator needs to enable a Registry Scanning for a registry that stores Windows images. Which of the following statement is correct regarding this process?

A.

They can deploy any type of container defender to scan this registry.

B.

There are Windows host defenders deployed in your environment already.

C.

There are Windows host defenders deployed in your environment already. Therefore, they do not need to deploy any additional defenders.

D.

A defender is not required to configure this type of registry scan.

Full Access
Question # 59

What is the maximum number of access keys a user can generate in Prisma Cloud with a System Admin role?

A.

1

B.

2

C.

3

D.

4

Full Access
Question # 60

A customer wants to monitor the company’s AWS accounts via Prisma Cloud, but only needs the resource configuration to be monitored for now.

Which two pieces of information do you need to onboard this account? (Choose two.)

A.

Cloudtrail

B.

Subscription ID

C.

Active Directory ID

D.

External ID

E.

Role ARN

Full Access
Question # 61

A customer is deploying Defenders to a Fargate environment. It wants to understand the vulnerabilities in the image it is deploying.

How should the customer automate vulnerability scanning for images deployed to Fargate?

A.

Set up a vulnerability scanner on the registry

B.

Embed a Fargate Defender to automatically scan for vulnerabilities

C.

Designate a Fargate Defender to serve a dedicated image scanner

D.

Use Cloud Compliance to identify misconfigured AWS accounts

Full Access
Question # 62

A customer has Defenders connected to Prisma Cloud Enterprise. The Defenders are deployed as a DaemonSet in OpenShift.

How should the administrator get a report of vulnerabilities on hosts?

A.

Navigate to Monitor > Vulnerabilities > CVE Viewer

B.

Navigate to Defend > Vulnerabilities > VM Images

C.

Navigate to Defend > Vulnerabilities > Hosts

D.

Navigate to Monitor > Vulnerabilities > Hosts

Full Access
Question # 63

Which of the following are correct statements regarding the use of access keys? (Choose two.)

A.

Access keys must have an expiration date

B.

Up to two access keys can be active at any time

C.

System Admin can create access key for all users

D.

Access keys are used for API calls

Full Access
Question # 64

Which two frequency options are available to create a compliance report within the console? (Choose two.)

A.

One-time

B.

Monthly

C.

Recurring

D.

Weekly

Full Access
Question # 65

Which three types of classifications are available in the Data Security module? (Choose three.)

A.

Personally identifiable information

B.

Malicious IP

C.

Compliance standard

D.

Financial information

E.

Malware

Full Access
Question # 66

Which role does Prisma Cloud play when configuring SSO?

A.

JIT

B.

Service provider

C.

SAML

D.

Identity provider issuer

Full Access
Question # 67

Which two fields are required to configure SSO in Prisma Cloud? (Choose two.)

A.

Prisma Cloud Access SAML URL

B.

Identity Provider Issuer

C.

Certificate

D.

Identity Provider Logout URL

Full Access
Question # 68

What improves product operationalization by adding visibility into feature utilization and missed opportunities?

A.

Adoption Advisor

B.

Alarm Advisor

C.

Alert Center

D.

Alarm Center

Full Access
Question # 69

Which file extension type is supported for Malware scanning in Prisma Cloud Data Security (PCDS)?

A.

.bat

B.

.apk

C.

.vb

D.

.py

Full Access
Question # 70

Which three actions are required in order to use the automated method within Azure Cloud to streamline the process of using remediation in the identity and access management (IAM) module? (Choose three.)

A.

Install boto3 & requests library.

B.

Configure IAM Azure remediation script.

C.

Integrate with Azure Service Bus.

D.

Configure IAM AWS remediation script.

E.

Install azure.servicebus & requests library.

Full Access
Question # 71

Which three actions are available for the container image scanning compliance rule? (Choose three.)

A.

Allow

B.

Snooze

C.

Block

D.

Ignore

E.

Alert

Full Access
Question # 72

What is the order of steps to create a custom network policy?

(Drag the steps into the correct order of occurrence, from the first step to the last.)

Full Access
Question # 73

Which of the below actions would indicate – “The timestamp on the compliance dashboard?

A.

indicates the most recent data

B.

indicates the most recent alert generated

C.

indicates when the data was ingested

D.

indicates when the data was aggregated for the results displayed

Full Access
Question # 74

Which method should be used to authenticate to Prisma Cloud Enterprise programmatically?

A.

single sign-on

B.

SAML

C.

basic authentication

D.

access key

Full Access
Question # 75

The administrator wants to review the Console audit logs from within the Console.

Which page in the Console should the administrator use to review this data, if it can be reviewed at all?

A.

Navigate to Monitor > Events > Host Log Inspection

B.

The audit logs can be viewed only externally to the Console

C.

Navigate to Manage > Defenders > View Logs

D.

Navigate to Manage > View Logs > History

Full Access
Question # 76

Which container image scan is constructed correctly?

A.

twistcli images scan --docker-address https://us-west1.cloud.twistlock.com/us-3-123456789 myimage/ latest

B.

twistcli images scan --address https://us-west1.cloud.twistlock.com/us-3-123456789 myimage/latest

C.

twistcli images scan --address https://us-west1.cloud.twistlock.com/us-3-123456789 --container myimage/ latest

D.

twistcli images scan --address https://us-west1.cloud.twistlock.com/us-3-123456789 --container myimage/ latest --details

Full Access
Question # 77

Which Prisma Cloud policy type can protect against malware?

A.

Event

B.

Network

C.

Config

D.

Data

Full Access
Question # 78

Per security requirements, an administrator needs to provide a list of people who are receiving e-mails for Prisma Cloud alerts.

Where can the administrator locate this list of e-mail recipients?

A.

Target section within an Alert Rule.

B.

Notification Template section within Alerts.

C.

Users section within Settings.

D.

Set Alert Notification section within an Alert Rule.

Full Access