Which two integrations enable ingesting host findings to generate alerts? (Choose two.)
Web-Application and API Security (WAAS) provides protection for which two protocols? (Choose two.)
Which two options may be used to upgrade the Defenders with a Console v20.04 and Kubernetes deployment? (Choose two.)
Which three AWS policy types and identities are used to calculate the net effective permissions? (Choose three).
A Prisma Cloud Administrator onboarded an AWS cloud account with agentless scanning enabled successfully to Prisma Cloud. Which item requires deploying defenders to be able to inspect the risk on the onboarded AWS account?
The security team wants to target a CNAF policy for specific running Containers. How should the administrator scope the policy to target the Containers?
The security team wants to protect a web application container from an SQLi attack. Which type of policy should the administrator create to protect the container?
The security auditors need to ensure that given compliance checks are being run on the host. Which option is a valid host compliance policy?
What is the behavior of Defenders when the Console is unreachable during upgrades?
Which three incident types will be reflected in the Incident Explorer section of Runtime Defense? (Choose three.)
A business unit has acquired a company that has a very large AWS account footprint. The plan is to immediately start onboarding the new company’s AWS accounts into Prisma Cloud Enterprise tenant immediately. The current company is currently not using AWS Organizations and will require each account to be onboarded individually.
The business unit has decided to cover the scope of this action and determined that a script should be written to onboard each of these accounts with general settings to gain immediate posture visibility across the accounts.
Which API endpoint will specifically add these accounts into the Prisma Cloud Enterprise tenant?
Which three actions are available for the container image scanning compliance rule? (Choose three.)
A customer wants to turn on Auto Remediation.
Which policy type has the built-in CLI command for remediation?
What are two alarm types that are registered after alarms are enabled? (Choose two.)
Which API calls can scan an image named myimage: latest with twistcli and then retrieve the results from Console?
A customer has a development environment with 50 connected Defenders. A maintenance window is set for Monday to upgrade 30 stand-alone Defenders in the development environment, but there is no maintenance window available until Sunday to upgrade the remaining 20 stand-alone Defenders.
Which recommended action manages this situation?
Prisma Cloud supports which three external systems that allow the import of vulnerabilities and provide additional context on risks in the cloud? (Choose three.)
Which of the following is not a supported external integration for receiving Prisma Cloud Code Security notifications?
An administrator sees that a runtime audit has been generated for a container.
The audit message is:
“/bin/ls launched and is explicitly blocked in the runtime rule. Full command: ls -latr”
Which protection in the runtime rule would cause this audit?
Which resources can be added in scope while creating a vulnerability policy for continuous integration?
A customer is interested in PCI requirements and needs to ensure that no privilege containers can start in the environment.
Which action needs to be set for “do not use privileged containers”?
Per security requirements, an administrator needs to provide a list of people who are receiving e-mails for Prisma Cloud alerts.
Where can the administrator locate this list of e-mail recipients?
Which type of query is used for scanning Infrastructure as Code (laC) templates?
The security team wants to enable the “block” option under compliance checks on the host.
What effect will this option have if it violates the compliance check?
During an initial deployment of Prisma Cloud Compute, the customer sees vulnerabilities in their environment.
Which statement correctly describes the default vulnerability policy?
What is the most reliable and extensive source for documentation on Prisma Cloud APIs?
Order the steps involved in onboarding an AWS Account for use with Data Security feature.
Which type of compliance check is available for rules under Defend > Compliance > Containers and Images > CI?
A customer finds that an open alert from the previous day has been resolved. No auto-remediation was configured.
Which two reasons explain this change in alert status? (Choose two.)
If you are required to run in an air-gapped environment, which product should you install?
In WAAS Access control file upload controls, which three file types are supported out of the box? (Choose three.)
An administrator has deployed Console into a Kubernetes cluster running in AWS. The administrator also has configured a load balancer in TCP passthrough mode to listen on the same ports as the default Prisma Compute Console configuration.
In the build pipeline, the administrator wants twistcli to talk to Console over HTTPS. Which port will twistcli need to use to access the Prisma Compute APIs?
Move the steps to the correct order to set up and execute a serverless scan using AWS DevOps.
What improves product operationalization by adding visibility into feature utilization and missed opportunities?
Which action must be taken to enable a user to interact programmatically with the Prisma Cloud APIs and for a nonhuman entity to be enabled for the access keys?
You are tasked with configuring a Prisma Cloud build policy for Terraform. What type of query is necessary to complete this policy?
Which three OWASP protections are part of Prisma Cloud Web-Application and API Security (WAAS) rule? (Choose three.)
An administrator has added a Cloud account on Prisma Cloud and then deleted it.
What will happen if the deleted account is added back on Prisma Cloud within a 24-hour period?
A customer has a requirement to scan serverless functions for vulnerabilities.
Which three settings are required to configure serverless scanning? (Choose three.)
Which set of steps is the correct process for obtaining Console images for Prisma Cloud Compute Edition?
A Prisma Cloud administrator is tasked with pulling a report via API. The Prisma Cloud tenant is located on app2.prismacloud.io.
What is the correct API endpoint?
Which step is included when configuring Kubernetes to use Prisma Cloud Compute as an admission controller?
Which three actions are required in order to use the automated method within Azure Cloud to streamline the process of using remediation in the identity and access management (IAM) module? (Choose three.)
The development team wants to block Cross Site Scripting attacks from pods in its environment. How should the team construct the CNAF policy to protect against this attack?
What is the order of steps in a Jenkins pipeline scan?
(Drag the steps into the correct order of occurrence, from the first step to the last.)
A security team has been asked to create a custom policy.
Which two methods can the team use to accomplish this goal? (Choose two.)
A customer does not want alerts to be generated from network traffic that originates from trusted internal networks.
Which setting should you use to meet this customer’s request?
Which policy type should be used to detect and alert on cryptominer network activity?
Which alert deposition severity must be chosen to generate low and high severity alerts in the Anomaly settings when user wants to report on an unknown browser and OS, impossible time travel, or both due to account hijacking attempts?
Which two bot types are part of Web Application and API Security (WAAS) bot protection? (Choose two.)
Which two actions are required in order to use the automated method within Amazon Web Services (AWS) Cloud to streamline the process of using remediation in the identity and access management (IAM) module? (Choose two.)
Console is running in a Kubernetes cluster, and Defenders need to be deployed on nodes within this cluster.
How should the Defenders in Kubernetes be deployed using the default Console service name?
Which ban for DoS protection will enforce a rate limit for users who are unable to post five (5) “. tar.gz" files within five (5) seconds?