PCCSE Exam Questions and Answers from Killtest V8.02

2. The safer , easier way to help you pass any IT exams. 1.Which two statements are true about the differences between build and run config policies? (Choose two.) A. Build and Audit Events policies belong to the configuration policy set B. Run policies monitor resources, and check for potential issues after these cloud resources are deployed C. Run policies monitor network activities in your environment, and check for potential issues during runtime. D. Build policies enable you to check for security misconfigurations in the laC templates and ensure that these issues do not get into production. E. Run and Network policies belong to the configuration policy set Answer: A,C 2.Which component(s), if any will Palo Alto Networks host and run when a customer purchases Prisma Cloud Enterprise Edition? A. Defenders B. twistcli C. Console D. Jenkins Answer: B PCCSE PCCSE Certi fi cati ons Pal o Al to N etw orks Q uesti ons Ki l l test 3.Which type of compliance check is available for rules under Defend > Compliance > Containers and Images > CI? A. Container B. Image C. Host D. Functions Answer: C 4.A customer wants to scan a serverless function as part of a build process. Which twistcli command can be used to scan serverless functions? A. twistcli serverless AWS <SERVERLESS_FUNCTION ZIP> B. twistcli serverless scan <SERVERLESS_FUNCTION.ZIP> C. twistcli scan serverless <SERVERLESS_FUNCTION Z1P> D. twistcli function scan <SERVERLESS_FUNCT10N ZIP> Answer: B 5.DRAG DROP Which order of steps map a policy to a custom compliance standard? (Drag the steps into the correct order of occurrence, from the first step to the last.) 1 / 5

3. The safer , easier way to help you pass any IT exams. PCCSE PCCSE Certi fi cati ons Pal o Al to N etw orks Q uesti ons Ki l l test Answer: 6.Given an existing ECS Cluster, which option shows the steps required to install the Console in Amazon ECS? A. Download and extract the release tarball Ensure that each node has it own storage for Console data Create the Console task definition Deploy the task definition B. Download and extract release tarball Download task from AWS Create the Console task definition Deploy the task definition C. The console cannot natively run in an ECS cluster. A onebox deployment should be used. D. Download and extract the release tarball Create an EPS file system and mount to each node in the cluster 2 / 5

4. The safer , easier way to help you pass any IT exams. Create the Console task definition Deploy the task definition Answer: B 7.Which options show the steps required after upgrade of Console? A. Update the Console image in the Twistlock hosted registry Update the Defender image in the Twistlock hosted registry Uninstall Defenders B. Update the Console image in the Twistlock hosted registry Update the Defender image in the Twistlock hosted registry Redeploy Console C. Upgrade Defenders Upgrade Jenkins Plugin Upgrade twistcli where applicable D. Uninstall Defenders Upgrade Jenkins Plugin Upgrade twistcli where applicable Allow the Console to redeploy the Defender Answer: D 8.The compliance team needs to associate Prisma Cloud policies with compliance frameworks. Which option should the team select to perform this task? A. Compliance B. Policies C. Alert Rules D. Custom Compliance Answer: A 9.The administrator wants to review the Console audit logs from within the Console. Which page in the Console should the administrator use to review this data, if it can be reviewed at all? A. The audit logs can be viewed only externally to the Console B. Navigate to Monitor > Events > Host Log Inspection C. Navigate to Manage > View Logs > History D. Navigate to Manage > Defenders > View Logs Answer: C 10.The security team wants to target a CMAF policy for specific running Containers How should the administrator scope the policy to target the Containers? A. scope the policy to Image names B. scope the policy to namespaces C. scope the policy to Defender names. D. scope the policy to Host names Answer: B PCCSE PCCSE Certi fi cati ons Pal o Al to N etw orks Q uesti ons Ki l l test 3 / 5

5. The safer , easier way to help you pass any IT exams. 11.DRAG DROP What is the order of steps to create a custom network policy? (Drag the steps into the correct order of occurrence, from the first step to the last.) PCCSE PCCSE Certi fi cati ons Pal o Al to N etw orks Q uesti ons Ki l l test Answer: 12.A customer wants to turn on Auto Remediation. Which policy type has the built-in CLI command for remediation? A. Network B. Anomaly C. Config D. Audit Event Answer: C 13.Which authentication mechanism is supported by Prisma Cloud? A. Certificate-based authentication for the Console Ul and the API B. Certificate-based authentication only for the API 4 / 5

6. The safer , easier way to help you pass any IT exams. C. Certificate-based authentication only for the Console Ul D. SAML-based authentication for the API Answer: A 14.Which method should be used to authenticate to Prisma Cloud Enterprise programmatically? A. SAML B. access key C. basic authentication D. single sign-on Answer: B Explanation: Prisma Cloud requires an API access key to enable programmatic access to the REST API. By default, only the System Admin has API access and can enable API access for other administrators. To generate an access key, see Create and Manage Access Keys. After you obtain an access key, you can submit it in a REST API request to generate a JSON Web Token (JWT). The JWT is then used to authenticate all subsequent REST API requests on Prisma Cloud. https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/get-started-with-prisma-clou d/access-the-prisma-cloud-api.html 15.A customer is interested in PCI requirements and needs to ensure that no privilege containers can start in the environment. Which action needs to be set for "do not use privileged containers? A. Alert B. Prevent C. Fail D. Block Answer: A PCCSE PCCSE Certi fi cati ons Pal o Al to N etw orks Q uesti ons Ki l l test 5 / 5