Palo Alto Networks PCCSE Real Exam Questions
The questions for PCCSE were last updated at Dec 23,2024.
- Exam Code: PCCSE
- Exam Name: Prisma Certified Cloud Security Engineer
- Certification Provider: Palo Alto Networks
- Latest update: Dec 23,2024
Which option shows the steps to install the Console in a Kubernetes Cluster?
- A . Download the Console and Defender image Generate YAML for Defender Deploy Defender YAML using kubectl
- B . Download and extract release tarball Generate YAML for Console Deploy Console YAML using kubectl
- C . Download the Console and Defender image Download YAML for Defender from the document site Deploy Defender YAML using kubectl
- D . Download and extract release tarball Download the YAML for Console Deploy Console YAML using kubectl
Which port should a security team use to pull data from Console’s API?
- A . 53
- B . 25
- C . 8084
- D . 8083
The administrator wants to review the Console audit logs from within the Console.
Which page in the Console should the administrator use to review this data, if it can be reviewed at all?
- A . Navigate to Monitor > Events > Host Log Inspection
- B . The audit logs can be viewed only externally to the Console
- C . Navigate to Manage > Defenders > View Logs
- D . Navigate to Manage > View Logs > History
What is an example of an outbound notification within Prisma Cloud?
- A . AWS Inspector
- B . Qualys
- C . Tenable
- D . PagerDuty
A customer has a development environment with 50 connected Defenders. A maintenance window is set for Monday to upgrade 30 stand-alone Defenders in the development environment, but there is no maintenance window available until Sunday to upgrade the remaining 20 stand-alone Defenders.
Which recommended action manages this situation?
- A . Go to Manage > Defender > Manage, then click Defenders, and use the Scheduler to choose which Defenders will be automatically upgraded during the maintenance window.
- B . Find a maintenance window that is suitable to upgrade all stand-alone Defenders in the development environment.
- C . Upgrade a subset of the Defenders by clicking the individual Actions > Upgrade button in the row that corresponds to the Defender that should be upgraded during the maintenance window.
- D . Open a support case with Palo Alto Networks to arrange an automatic upgrade.
The security team wants to target a CNAF policy for specific running Containers.
How should the administrator scope the policy to target the Containers?
- A . scope the policy to Image names.
- B . scope the policy to namespaces.
- C . scope the policy to Defender names.
- D . scope the policy to Host names.
The security team wants to target a CNAF policy for specific running Containers.
How should the administrator scope the policy to target the Containers?
- A . scope the policy to Image names.
- B . scope the policy to namespaces.
- C . scope the policy to Defender names.
- D . scope the policy to Host names.
DRAG DROP
An administrator needs to write a script that automatically deactivates access keys that have not been used for 30 days.
In which order should the API calls be used to accomplish this task? (Drag the steps into the correct order from the first step to the last.)
What are the two ways to scope a CI policy for image scanning? (Choose two.)
- A . container name
- B . image name
- C . hostname
- D . image labels
The development team wants to block Cross Site Scripting attacks from pods in its environment.
How should the team construct the CNAF policy to protect against this attack?
- A . create a Host CNAF policy, targeted at a specific resource, check the box for XSS attack protection, and set the action to “prevent”.
- B . create a Container CNAF policy, targeted at a specific resource, check the box for XSS attack protection, and set the action to alert.
- C . create a Container CNAF policy, targeted at a specific resource, check the box for XSS protection, and set the action to prevent.
- D . create a Container CNAF policy, targeted at a specific resource, and they should set “Explicitly allowed inbound IP sources” to the IP address of the pod.