Palo Alto Networks PCCSE Real Exam Questions
The questions for PCCSE were last updated at Dec 23,2024.
- Exam Code: PCCSE
- Exam Name: Prisma Certified Cloud Security Engineer
- Certification Provider: Palo Alto Networks
- Latest update: Dec 23,2024
The compliance team needs to associate Prisma Cloud policies with compliance frameworks.
Which option should the team select to perform this task?
- A . Custom Compliance
- B . Policies
- C . Compliance
- D . Alert Rules
Which policy type in Prisma Cloud can protect against malware?
- A . Data
- B . Config
- C . Network
- D . Event
The security auditors need to ensure that given compliance checks are being run on the host.
Which option is a valid host compliance policy?
- A . Ensure functions are not overly permissive.
- B . Ensure host devices are not directly exposed to containers.
- C . Ensure images are created with a non-root user.
- D . Ensure compliant Docker daemon configuration.
Which statement accurately characterizes SSO Integration on Prisma Cloud?
- A . Prisma Cloud supports IdP initiated SSO, and its SAML endpoint supports the POST and GET methods.
- B . Okta, Azure Active Directory, PingID, and others are supported via SAML.
- C . An administrator can configure different Identity Providers (IdP) for all the cloud accounts that Prisma Cloud monitors.
- D . An administrator who needs to access the Prisma Cloud API can use SSO after configuration.
A customer has a large environment that needs to upgrade Console without upgrading all Defenders at one time.
What are two prerequisites prior to performing a rolling upgrade of Defenders? (Choose two.)
- A . manual installation of the latest twistcli tool prior to the rolling upgrade
- B . all Defenders set in read-only mode before execution of the rolling upgrade
- C . a second location where you can install the Console
- D . additional workload licenses are required to perform the rolling upgrade
- E . an existing Console at version n-1
A customer has a large environment that needs to upgrade Console without upgrading all Defenders at one time.
What are two prerequisites prior to performing a rolling upgrade of Defenders? (Choose two.)
- A . manual installation of the latest twistcli tool prior to the rolling upgrade
- B . all Defenders set in read-only mode before execution of the rolling upgrade
- C . a second location where you can install the Console
- D . additional workload licenses are required to perform the rolling upgrade
- E . an existing Console at version n-1
Which two statements are true about the differences between build and run config policies? (Choose two.)
- A . Run and Network policies belong to the configuration policy set.
- B . Build and Audit Events policies belong to the configuration policy set.
- C . Run policies monitor resources, and check for potential issues after these cloud resources are deployed.
- D . Build policies enable you to check for security misconfigurations in the IaC templates and ensure that these issues do not get into production.
- E . Run policies monitor network activities in your environment, and check for potential issues during
runtime.
Which statement about build and run policies is true?
- A . Build policies enable you to check for security misconfigurations in the IaC templates.
- B . Every type of policy has auto-remediation enabled by default.
- C . The four main types of policies are: Audit Events, Build, Network, and Run.
- D . Run policies monitor network activities in the environment and check for potential issues during runtime.
Which two of the following are required to be entered on the IdP side when setting up SSO in Prisma Cloud? (Choose two.)
- A . Username
- B . SSO Certificate
- C . Assertion Consumer Service (ACS) URL
- D . SP (Service Provider) Entity ID
A customer wants to scan a serverless function as part of a build process.
Which twistcli command can be used to scan serverless functions?
- A . twistcli function scan <SERVERLESS_FUNCTION.ZIP>
- B . twistcli scan serverless <SERVERLESS_FUNCTION.ZIP>
- C . twistcli serverless AWS <SERVERLESS_FUNCTION.ZIP>
- D . twiscli serverless scan <SERVERLESS_FUNCTION.ZIP>