
(PDF) Cloud Security Engineer PCCSE Exam and Certification Test Engine
Use PCCSE Exam Dumps (2022 PDF Dumps) To Have Reliable PCCSE Test Engine
What is the duration of the Palo-Alto-Networks PCCSE: Prisma Certified Cloud Security Engineer Exam
- Length of Examination: 80 minutes
- Number of Questions: 75
- Format: Multiple choices, multiple answers
NEW QUESTION 50
A security team notices a number of anomalies under Monitor > Events. The incident response team works with the developers to determine that these anomalies are false positives.
What will be the effect if the security team chooses to Relearn on this image?
- A. The model is deleted and returns to the initial learning state.
- B. The model is deleted, and Defender will relearn for 24 hours.
- C. The anomalies detected will automatically be added to the model.
- D. The model is retained, and any new behavior observed during the new learning period will be added to the existing model.
Answer: C
NEW QUESTION 51
Which statement is true regarding CloudFormation templates?
- A. Scan support does not currently exist tor nested references, macros, or intrinsic functions.
- B. A single template or a zip archive of template files cannot be scanned with a single API request.
- C. Scan support is provided for JSON. HTML and YAML formats.
- D. Request-Header-Field 'cloudformation-version' is required to request a scan.
Answer: A
NEW QUESTION 52
Given an existing ECS Cluster, which option shows the steps required to install the Console in Amazon ECS?
- A. Download and extract release tarball
Download task from AWS
Create the Console task definition
Deploy the task definition - B. Download and extract the release tarball
Create an EPS file system and mount to each node in the cluster
Create the Console task definition
Deploy the task definition - C. Download and extract the release tarball
Ensure that each node has it own storage for Console data
Create the Console task definition
Deploy the task definition - D. The console cannot natively run in an ECS cluster.
A onebox deployment should be used.
Answer: A
NEW QUESTION 53
How are the following categorized?
Backdoor account access Hijacked processes Lateral movement
Port scanning
- A. models
- B. incidents
- C. admission controllers
- D. audits
Answer: B
NEW QUESTION 54
A security team is deploying Cloud Native Application Firewall (CNAF) on a containerized web application. The application is running an NGINX container. The container is listening on port 8080 and is mapped to host port 80.
Which port should the team specify in the CNAF rule to protect the application?
- A. 0
- B. 1
- C. 2
- D. 3
Answer: D
NEW QUESTION 55
A customer is deploying Defenders to a Fargate environment. It wants to understand the vulnerabilities in the image it is deploying.
How should the customer automate vulnerability scanning for images deployed to Fargate?
- A. Embed a Fargate Defender to automatically scan for vulnerabilities
- B. Set up a vulnerability scanner on the registry
- C. Designate a Fargate Defender to serve a dedicated image scanner
- D. Use Cloud Compliance to identify misconfigured AWS accounts
Answer: B
NEW QUESTION 56
An administrator has access to a Prisma Cloud Enterprise
What are the steps to deploy a single container Defender on an ec2 node?
- A. Pull the Defender image to the ec2 node, copy and execute the curl | bash script, and start the Defender to ensure it is running.
- B. Generate DaemonSet file and apply DaemonSet to the twistlock namespace.
- C. Configure the cloud credential in the console and allow cloud discovery to auto-protect the ec2 node
- D. Execute the curl | bash script on the ec2 node.
Answer: B
NEW QUESTION 57
A Prisma Cloud administrator is tasked with pulling a report via API The Prisma Cloud tenant is located on app2.pnsmacfoudjo. What is the correct API endpoint?
- A. https //api2-prismacloud io
- B. https://api2eu-prismacioud.io
- C. https://api pnsmacloud.cn
- D. https://api.prismactoud.io
Answer: B
NEW QUESTION 58
You are an existing customer of Prisma Cloud Enterprise. You want to onboard a public cloud account and immediately see all of the alerts associated with this account based off ALL of your tenant's existing enabled policies. There is no requirement to send alerts from this account to a downstream application at this time.
Which options shows the steps required during the alert rule creation process to achieve this objective?
- A. Ensure the public cloud account is assigned to an account group
Assign the confirmed account group to alert rule
Select one or more policies as part of the alert rule
Add alert notifications
Confirm the alert rule - B. Ensure the public cloud account is assigned to an account group
Assign the confirmed account group to alert rule
Select one or more policies checkbox as part of the alert rule
Confirm the alert rule - C. Ensure the public cloud account is assigned to an account group
Assign the confirmed account group to alert rule
Select "select all policies" checkbox as part of the alert rule
Confirm the alert rule - D. Ensure the public cloud account is assigned to an account group
Assign the confirmed account group to alert rule
Select "select all policies" checkbox as part of the alert rule
Add alert notifications
Confirm the alert rule
Answer: A
NEW QUESTION 59
Which options show the steps required to upgrade Console when using projects?
- A. Upgrade all Supervisor Consoles Upgrade Central Console
- B. Upgrade Central Console
Upgrade Central Console Defenders - C. Upgrade Defender Upgrade Central Console
Upgrade Supervisor Consoles - D. Upgrade Central Console Upgrade all Supervisor Consoles
Answer: A
NEW QUESTION 60
A customer wants to be notified about port scanning network activities in their environment. Which policy type detects this behavior?
- A. Port Scan
- B. Anomaly
- C. Config
- D. Network
Answer: D
NEW QUESTION 61
Which statement accurately characterizes SSO Integration on Prisma Cloud?
- A. Prisma Cloud supports IdP initiated SSO. and its SAML endpoint supports the POST and GET methods
- B. An administrator who needs to access the Prisma Cloud API can use SSO after configuration.
- C. Okta, Azure Active Directory. PingID, and others are supported via SAML
- D. An administrator can configure different Identity Providers (IdP) for all the cloud accounts that Prisma Cloud monitors.
Answer: C
NEW QUESTION 62
The Unusual protocol activity (Internal) network anomaly is generating too many alerts. An administrator has been asked to tune it to the option that will generate the least number of events without disabling it entirely.
Which strategy should the administrator use to achieve this goal?
- A. Change the Training Threshold to Low
- B. Set the Alert Disposition to Conservative
- C. Disable the policy
- D. Set Alert Disposition to Aggressive
Answer: A
Explanation:
Section: (none)
Explanation
NEW QUESTION 63
A Prisma Cloud administrator is onboarding a single GCP project to Prisma Cloud. Which two steps can be performed by the Terraform script? (Choose two.)
- A. create the Prisma Cloud role.
- B. enable flow logs for Prisma Cloud.
- C. enable the required APIs for Prisma Cloud.
- D. publish the flow log to a storage bucket.
Answer: B,C
NEW QUESTION 64
Per security requirements, an administrator needs to provide a list of people who are receiving e-mails for Prisma Cloud alerts Where can the administrator locate this list of e-mail recipients'?
- A. Set Alert Notification section within an Alert Rule.
- B. Target section within an Alert Rule
- C. Notification Template section within Alerts.
- D. Users section within Settings.
Answer: D
NEW QUESTION 65
A customer has a development environment with 50 connected Defenders A maintenance window is set for Monday to upgrade 30 stand-alone Defenders in the development environment, but there is no maintenance window available until Sunday to upgrade the remaining 20 standalone Defenders .
Which recommended action manages this situation?
- A. Open a support case with Palo Alto Networks to arrange an automatic upgrade
- B. Go to Manage > Defender > Manage, then click Defenders, and use the Scheduler to choose which Defenders will be automatically upgraded during the maintenance window
- C. Upgrade a subset of the Defenders by clicking the individual Actions > Upgrade button in the row that corresponds to the Defender that should be upgraded during the maintenance window
- D. Find a maintenance window that is suitable to upgrade all stand alone Defenders in the development environment
Answer: D
NEW QUESTION 66
An administrator has deployed Console into a Kubernetes cluster running in AWS. The administrator also has configured a load balancer in TCP passthrough mode to listen on the same ports as the default Prisma Compute Console configuration.
In the build pipeline, the administrator wants twistcli to talk to Console over HTTPS. Which port will twistcli need to use to access the Prisma Compute APIs?
- A. 0
- B. 1
- C. 2
- D. 3
Answer: D
NEW QUESTION 67
Which three Options are selectable in a CI policy for image scanning with Jenkins or twistcli? (Choose three.)
- A. Credential
- B. Failure threshold
- C. Scope - Scans run on a particular host
- D. Apply rule only when vendor fixes are available
- E. Grace Period
Answer: A,C,D
NEW QUESTION 68
A customer finds that an open alert from the previous day has been resolved No auto-remediation was configured Which two reasons explain this change in alert status? (Choose two )
- A. resource was deleted.
- B. alert was sent to an external integration
- C. policy was changed.
- D. user manually changed the alert status
Answer: A,C
NEW QUESTION 69
......
PCCSE Dumps Full Questions with Free PDF Questions to Pass: https://www.real4dumps.com/PCCSE_examcollection.html
PCCSE PDF Recently Updated Questions Dumps to Improve Exam Score: https://drive.google.com/open?id=1_bJVvVphPFdLsna1arh5fuz3FGgiyRlc

