A customer wants to scan a serverless function as part of a build process.
Which twistcli command can be used to scan serverless functions?

A. twistcli function scan

B. twistcli scan serverless

C. twistcli serverless AWS

D. twiscli serverless scan

An administrator for Prisma Cloud needs to obtain a graphical view to monitor all connections, including connections across hosts and connections to any configured network objects.
Which setting does the administrator enable or configure to accomplish this task?

A. ADEM

B. WAAS Analytics

C. Telemetry

D. Cloud Native Network Firewall

E. Host Insight

Which port should a security team use to pull data from Console's API?

A. 53

B. 25

C. 8084

D. 8083

Which resource and policy type are used to calculate AWS Net Effective Permissions? (Choose two.)

A. Service Linked Roles

B. Lambda Function

C. Amazon Resource Names (ARNs) using Wild Cards

D. AWS Service Control Policies (SCPs)

Which three actions are available for the container image scanning compliance rule? (Choose three.)

A. Allow

B. Snooze

C. Block

D. Ignore

E. Alert

What are the subtypes of configuration policies in Prisma Cloud?

A. Security and Compliance

B. Build and Deploy

C. Build and Run

D. Monitor and Analyze

What is the behavior of Defenders when the Console is unreachable during upgrades?

A. Defenders continue to alert, but not enforce, using the policies and settings most recently cached before upgrading the Console.

B. Defenders will fail closed until the web-socket can be re-established.

C. Defenders will fail open until the web-socket can be re-established.

D. Defenders continue to alert and enforce using the policies and settings most recently cached before upgrading the Console.

A customer has configured the JIT, and the user created by the process is trying to log in to the Prisma Cloud console. The user encounters the following error message:
 
What is the reason for the error message?

A. The attribute name is not set correctly in JIT settings.

B. The user does not exist.

C. The user entered an incorrect password

D. The role is not assigned for the user.

The security team wants to target a CNAF policy for specific running Containers.
How should the administrator scope the policy to target the Containers?

A. scope the policy to Image names.

B. scope the policy to namespaces.

C. scope the policy to Defender names.

D. scope the policy to Host names.

In which two ways can Prisma Cloud images be retrieved in Prisma Cloud Compute Self-Hosted Edition? (Choose two.)

A. Pull the images from the Prisma Cloud registry without any authentication.

B. Authenticate with Prisma Cloud registry, and then pull the images from the Prisma Cloud registry.

C. Retrieve Prisma Cloud images using URL auth by embedding an access token.

D. Download Prisma Cloud images from github.paloaltonetworks.com.

Which categories does the Adoption Advisor use to measure adoption progress for Cloud Security Posture Management?

A. Visibility, Compliance, Governance, and Threat Detection and Response

B. Network, Anomaly, and Audit Event

C. Visibility, Security, and Compliance

D. Foundations, Advanced, and Optimize

In Azure, what permissions need to be added to Management Groups to allow Prisma Cloud to calculate net effective permissions?

A. PaloAltoNetworks.PrismaCloud/managementGroups/*

B. Microsoft.Management/managementGroups/descendants/read

C. PaloAltoNetworks.PrismaCloud/managementGroups/descendants/read

D. Microsoft.Management/managementGroups/descendants/calculate

Which two filters are available in the SecOps dashboard? (Choose two.)

A. Time range

B. Account Groups

C. Service Name

D. Cloud Region

Which categories does the Adoption Advisor use to measure adoption progress for Cloud Security Posture Management?

A. Visibility, Compliance, Governance, and Threat Detection and Response

B. Network, Anomaly, and Audit Event

C. Visibility, Workload Scanning, and Compliance

D. Foundations, Advanced, and Optimize

A customer has a large environment that needs to upgrade Console without upgrading all Defenders at one time.
What are two prerequisites prior to performing a rolling upgrade of Defenders? (Choose two.)

A. manual installation of the latest twistcli tool prior to the rolling upgrade

B. all Defenders set in read-only mode before execution of the rolling upgrade

C. a second location where you can install the Console

D. additional workload licenses are required to perform the rolling upgrade

E. an existing Console at version n-1

How are the following categorized?
✑ Backdoor account access
✑ Hijacked processes
✑ Lateral movement
✑ Port scanning

A. audits

B. incidents

C. admission controllers

D. models

A DevOps lead reviewed some system logs and notices some odd behavior that could be a data exfiltration attempt. The DevOps lead only has access to vulnerability data in Prisma Cloud Compute, so the DevOps lead passes this information to SecOps.
Which pages in Prisma Cloud Compute can the SecOps lead use to investigate the runtime aspects of this attack?

A. The SecOps lead should investigate the attack using Vulnerability Explorer and Runtime Radar.

B. The SecOps lead should use Incident Explorer and Compliance Explorer.

C. The SecOps lead should use the Incident Explorer page and Monitor > Events > Container Audits.

D. The SecOps lead should review the vulnerability scans in the CI/CD process to determine blame.

When configuring SSO how many IdP providers can be enabled for all the cloud accounts monitored by Prisma Cloud?

A. 2

B. 4

C. 1

D. 3

A manager informs the SOC that one or more RDS instances have been compromised and the SOC needs to make sure production RDS instances are NOT publicly accessible.
Which action should the SOC take to follow security best practices?

A. Enable “AWS S3 bucket is publicly accessible” policy and manually remediate each alert.

B. Enable “AWS RDS database instance is publicly accessible” policy and for each alert, check that it is a production instance, and then manually remediate.

C. Enable “AWS S3 bucket is publicly accessible” policy and add policy to an auto-remediation alert rule.

D. Enable “AWS RDS database instance is publicly accessible” policy and add policy to an auto-remediation alert rule.

DRAG DROP
-
Move the steps to the correct order to set up and execute a serverless scan using AWS DevOps.
 

Which statement is true regarding CloudFormation templates?

A. Scan support does not currently exist for nested references, macros, or intrinsic functions.

B. A single template or a zip archive of template files cannot be scanned with a single API request.

C. Request-Header-Field ‘cloudformation-version’ is required to request a scan.

D. Scan support is provided for JSON, HTML and YAML formats.

Which of the following is a reason for alert dismissal?

A. SNOOZED_AUTO_CLOSE

B. ALERT_RULE_ADDED

C. POLICY_UPDATED

D. USER_DELETED

Which two integrated development environment (IDE) plugins are supported by Prisma Cloud as part of its Code Security? (Choose two.)

A. BitBucket

B. Visual Studio Code

C. CircleCI

D. IntelliJ

DRAG DROP -
An administrator needs to write a script that automatically deactivates access keys that have not been used for 30 days.
In which order should the API calls be used to accomplish this task?
(Drag the steps into the correct order from the first step to the last.)
Select and Place:
 

What are two alarm types that are registered after alarms are enabled? (Choose two.)

A. Onboarded Cloud Accounts status

B. Resource status

C. Compute resources

D. External integrations status

One of the resources on the network has triggered an alert for a Default Config policy.
Given the following resource JSON snippet:
 
Which RQL detected the vulnerability?

A.

B.

C.

D.

A security team notices a number of anomalies under Monitor > Events. The incident response team works with the developers to determine that these anomalies are false positives.
What will be the effect if the security team chooses to Relearn on this image?

A. The model is deleted, and Defender will relearn for 24 hours.

B. The anomalies detected will automatically be added to the model.

C. The model is deleted and returns to the initial learning state.

D. The model is retained, and any new behavior observed during the new learning period will be added to the existing model.

Which three Orchestrator types are supported when deploying Defender? (Choose three.)

A. Red Hat OpenShift

B. Amazon ECS

C. Docker Swarm

D. Azure ACS

E. Kubernetes

An administrator has deployed Console into a Kubernetes cluster running in AWS. The administrator also has configured a load balancer in TCP passthrough mode to listen on the same ports as the default Prisma Compute Console configuration.
In the build pipeline, the administrator wants twistcli to talk to Console over HTTPS.
Which port will twistcli need to use to access the Prisma Compute APIs?

A. 8084

B. 443

C. 8083

D. 8081

Which three options for hardening a customer environment against misconfiguration are included in Prisma Cloud Compute compliance enforcement for hosts? (Choose three.)

A. Serverless functions

B. Docker daemon configuration

C. Cloud provider tags

D. Host configuration

E. Hosts without Defender agents

Which two of the following are required to be entered on the IdP side when setting up SSO in Prisma Cloud? (Choose two.)

A. Username

B. SSO Certificate

C. Assertion Consumer Service (ACS) URL

D. SP (Service Provider) Entity ID

Which `kind` of Kubernetes object is configured to ensure that Defender is acting as the admission controller?

A. MutatingWebhookConfiguration

B. DestinationRules

C. ValidatingWebhookConfiguration

D. PodSecurityPolicies

Which method should be used to authenticate to Prisma Cloud Enterprise programmatically?

A. single sign-on

B. SAML

C. basic authentication

D. access key

What is the frequency to create a compliance report? (Choose two.)

A. Weekly

B. One time

C. Monthly

D. Recurring

Which policy type provides information about connections from suspicious IPs in a customer database?

A. Anomaly

B. Threat detection

C. Network

D. AutoFocus

Which step is included when configuring Kubernetes to use Prisma Cloud Compute as an admission controller?

A. copy the Console address and set the config map for the default namespace.

B. create a new namespace in Kubernetes called admission-controller.

C. enable Kubernetes auditing from the Defend > Access > Kubernetes page in the Console.

D. copy the admission controller configuration from the Console and apply it to Kubernetes.

Prisma Cloud Compute has been installed on Onebox. After Prisma Cloud Console has been accessed. Defender is disconnected and keeps returning the error "No console connectivity" in the logs.
What could be causing the disconnection between Console and Defender in this scenario?

A. Port 8083 is not open for Console and Defender communication.

B. The license key provided to the Console is invalid.

C. Onebox script installed an older version of the Defender.

D. Port 8084 is not open for Console and Defender communication.

An administrator has a requirement to ingest all Console and Defender logs to Splunk.
Which option will satisfy this requirement in Prisma Cloud Compute?

A. Enable the API settings for logging.

B. Enable the CSV export in the Console.

C. Enable the syslog option in the Console

D. Enable the Splunk option in the Console.

A business unit has acquired a company that has a very large AWS account footprint. The plan is to immediately start onboarding the new company's AWS accounts into Prisma Cloud Enterprise tenant immediately. The current company is currently not using AWS Organizations and will require each account to be onboarded individually.
The business unit has decided to cover the scope of this action and determined that a script should be written to onboard each of these accounts with general settings to gain immediate posture visibility across the accounts.
Which API endpoint will specifically add these accounts into the Prisma Cloud Enterprise tenant?

A. https://api.prismacloud.io/cloud/

B. https://api.prismacloud.io/account/aws

C. https://api.prismacloud.io/cloud/aws

D. https://api.prismacloud.io/accountgroup/aws

Taking which action will automatically enable all seventy levels?

A. Navigate to Policies > Settings and enable all severity levels in the alarm center.

B. Navigate to Settings > Enterprise Settings and enable all severity levels in the alarm center.

C. Navigate to Policies > Settings and ensure all severity levels are checked under “auto-enable default policies.”

D. Navigate to Settings > Enterprise Settings and ensure all severity levels are checked under “auto-enable default policies.”

Which RQL query will help create a custom identity and access management (IAM) policy to alert on Lambda functions that have permission to terminate EC2 instances?

A. iam from cloud.resource where dest.cloud.type = ’AWS’ AND source.cloud.service.name = ’lambda’ AND source.cloud.resource.type = ’function’ AND dest.cloud.service.name = ’ec2’ AND action.name = ’ec2:TerminateInstances’

B. config from iam where dest.cloud.type = ’AWS’ AND source.cloud.service.name = ’ec2’ AND source.cloud.resource.type = ’instance’ AND dest.cloud.service.name = ’lambda’ AND action.name = ’ec2:TerminateInstances’

C. iam from cloud.resource where cloud.type equals ’AWS’ AND cloud.resource.type equals ’lambda function’ AND cloud.service.name = ’ec2’ AND action.name equals ’ec2:TerminateInstances’

D. config from iam where dest.cloud.type = ’AWS’ AND source.cloud.service.name = ’lambda’ AND source.cloud.resource.type = ’function’ AND dest.cloud.service.name = ’ec2’ AND action.name = ’ec2:TerminateInstances’

DRAG DROP
-
Put the steps of integrating Okta with Prisma Cloud in the right order in relation to CIEM or SSO okra integration.
 

Which two attributes are required for a custom config RQL? (Choose two.)

A. json.rule

B. cloud.account

C. api.name

D. tag

What improves product operationalization by adding visibility into feature utilization and missed opportunities?

A. Alert Center

B. Alarm Center

C. Alarm Advisor

D. Adoption Advisor

Which option shows the steps to install the Console in a Kubernetes Cluster?

A. Download the Console and Defender image Generate YAML for Defender Deploy Defender YAML using kubectl

B. Download and extract release tarball Generate YAML for Console Deploy Console YAML using kubectl

C. Download the Console and Defender image Download YAML for Defender from the document site Deploy Defender YAML using kubectl

D. Download and extract release tarball Download the YAML for Console Deploy Console YAML using kubectl

Which two required request headers interface with Prisma Cloud API? (Choose two.)

A. Content-type:application/json

B. x-redlock-auth

C. >x-redlock-request-id

D. Content-type:application/xml

Which field is required during the creation of a custom config query?

A. resource status

B. api.name

C. finding.type

D. cloud.type

Which of the following is not a supported external integration for receiving Prisma Cloud Code Security notifications?

A. ServiceNow

B. Splunk

C. Microsoft Teams

D. Cortex XSOAR

What are the three states of the Container Runtime Model? (Choose three.)

A. Initiating

B. Learning

C. Active

D. Running

E. Archived

Which three types of buckets exposure are available in the Data Security module? (Choose three.)

A. Public

B. Private

C. International

D. Differential

E. Conditional