Free Palo Alto Networks PCCSE Exam Actual Questions

The questions for PCCSE were last updated On Nov 20, 2024

Question No. 1

What must be created in order to receive notifications about alerts generated when the operator is away from the Prisma Cloud Console?

Show Answer Hide Answer
Question No. 2

What is the frequency to create a compliance report? (Choose two.)

Show Answer Hide Answer
Correct Answer: B, D

In Prisma Cloud, compliance reports can be generated on a one-time basis or on a recurring schedule. The option for a one-time report allows users to generate a specific report instantly based on the current state of the environment. The recurring option enables users to set up automatic generation of reports at regular intervals, such as weekly or monthly, to track compliance over time. This functionality ensures continuous compliance monitoring and helps in maintaining security standards across cloud resources.


Question No. 3

Which two integrations enable ingesting host findings to generate alerts? (Choose two.)

Show Answer Hide Answer
Correct Answer: B, D

To ingest host findings and generate alerts in Prisma Cloud, integrations with Tenable (B) and Qualys (D) are supported. These integrations allow Prisma Cloud to ingest vulnerability and compliance data from Tenable and Qualys, which are renowned vulnerability management solutions. By integrating these tools, Prisma Cloud can enhance its visibility into the security posture of hosts within the cloud environment, enabling more comprehensive threat detection and response capabilities. The integration facilitates the aggregation and correlation of findings from these external sources, enriching the overall security intelligence and enabling more informed and timely decision-making regarding threat mitigation and compliance management.

https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/configure-external-integrations-on-prisma-cloud/integrations-feature-support


Question No. 4

Given the following information, which twistcli command should be run if an administrator were to exec into a running container and scan it from within using an access token for authentication?

* Console is located at https://prisma-console.mydomain.local

* Token is: TOKEN_VALUE

* Report ID is: REPORTJD

* Container image running is: myimage:latest

Show Answer Hide Answer
Correct Answer: C

The response from Jihe would be correct if this wasn't be run from within the container. In the question, we are running from inside the container, and therefor there is no need to specify an image/tarball. https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/tools/twistcli_scan_image Further down in the documentation linked by Jihe, there is a section that shows the proper syntax when running twistcli from within a container. The example there is almost a perfect copy of this question. Spippolo has the correct response.

$ docker run \

-v /PATH/TO/TWISTCLI_DIR:/tools \

-e TW_TOKEN=<API_TOKEN> \

-e TW_CONSOLE=<COMPUTE_CONSOLE> \

--entrypoint='' \

<IMAGE_NAME> \

/tools/twistcli images scan \

--containerized \

--details \

--address $TW_CONSOLE \

--token $TW_TOKEN \

<REPORT_ID>

https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/tools/twistcli_scan_images


Question No. 5

Which three incident types will be reflected in the Incident Explorer section of Runtime Defense? (Choose three.)

Show Answer Hide Answer
Correct Answer: A, B, D

This section describes the incident types surfaced in Incident Explorer.

Altered binary

Backdoor admin accounts

Backdoor SSH access

Brute force

Crypto miners

Execution flow hijack attempt

Kubernetes attack

Lateral movement

Malware

Port scanning

Reverse shell

Suspicious binary

https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/runtime_defense/incident_types