Weekend Special Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

Activedumpsnet Logo
  1. Home
  2. Paloalto Networks
  3. PSE-Prisma Cloud Professional
  4. PSE-PrismaCloud
  5. PSE-PrismaCloud - PSE Palo Alto Networks System Engineer Professional - Prisma Cloud

Paloalto Networks PSE-PrismaCloud PSE Palo Alto Networks System Engineer Professional - Prisma Cloud Exam Practice Test

Page: 1 / 12
Total 115 questions
Get PSE-PrismaCloud Full Access Download PSE-PrismaCloud PDF

PSE Palo Alto Networks System Engineer Professional - Prisma Cloud Questions and Answers

Question 1

What is the Palo Alto Networks recommended setting for the Prisma Cloud Training Model Threshold?

Options:

A.

Low

B.

Thorough

C.

High

D.

Baseline

Question 2

Which statement applies to optimization of registry scans with version pattern matching?

Options:

A.

It requires Linux images to rely on optimizing registry scans due to various Linux elements.

B.

It is only necessary in registries with tens of thousands of repositories and millions of images.

C.

It is best practice to always optimize registry scans for faster results.

D.

It is rarely successful in the Windows Operating System (OS).

Question 3

What are the two options to dynamically register tags used by Dynamic Address Groups that are referenced in policy? (Choose two.)

Options:

A.

VM Monitoring

B.

External Dynamic List

C.

CFT Template

D.

XML API

Question 4

What are two business values of Cloud Code Security? (Choose two.)

Options:

A.

consistent controls from build time to runtime

B.

prebuilt and customizable polices to detect data such as personally identifiable information (PII) in publicly exposed objects

C.

support for multiple languages, runtimes and frameworks

D.

continuous monitoring of all could resources for vulnerabilities, misconfigurations, and other threats

Question 5

How can you use Prisma Public Cloud to identify Amazon EC2 instances that have been tagged as "Private?

Options:

A.

Create an RQL config query to identify resources with the tag "Private."

B.

Create an RQL network query to identify traffic from resources tagged "Private."

C.

Open the Asset Dashboard, filter on tags: and choose "Private."

D.

Generate a CIS compliance report and review the "Asset Summary."

Question 6

A client has a sensitive internet-facing application server in Microsoft Azure and is concerned about resource exhaustion because of distributed denial-of-service attacks What can be configured on the VM-Series firewall to specifically protect this server against this type of attack?

Options:

A.

Custom threat signature

B.

Zone Protection Profile

C.

QoS Profile to limit incoming requests

D.

DoS Protection Profile with specific session counts

Question 7

What does Prisma Cloud execute to change public cloud infrastructure when autoremediation is enabled?

Options:

A.

local scripts to public cloud APIs

B.

remote function calls to host agents

C.

third-party integration tools

D.

public cloud CLI commands

Question 8

What are three examples of outbound traffic flow? (Choose three.)

Options:

A.

issue yum update command on an instance inside Amazon Web Services

B.

Microsoft Windows inside Azure requesting a security patch

C.

web server inside Amazon Web Services receiving web requests from internet

D.

issue apt-get install command on an instance inside Amazon Web Services

E.

outgoing Prisma Public Cloud API calls

Question 9

A customer has just launched a Palo Alto Networks VM-Series NGFW into an Amazon Web Services VPC to protect a cloud hosted application. They are experiencing unpredictable results and have identified that the interfaces on the firewall are in the incorrect order

Which PAN-OS CLI command resolves this issue?

Options:

A.

set system setting mgmt-interface-swap enable yes

B.

set mgmt-interface settings swap yes

C.

set mgmt-interface swap yes

D.

set system setting mgmt-interface swap yes

Question 10

Which two types of Resource Query Language (RQL) queries can be used to create policies? (Choose two.)

Options:

A.

hose from

B.

network from

C.

system from

D.

event from

Question 11

Which three methods can provide application-level security for a web server instance on Amazon Web Services? (Choose three.)

Options:

A.

Traps

B.

Prisma SaaS

C.

Amazon Web Services WAF

D.

VM-Series firewalls

E.

Security Groups

Question 12

In which two ways can Prisma Cloud Compute (PCC) edition be installed? (Choose two.)

Options:

A.

self-managed in a customer's own container platform

B.

self-contained hardware appliance

C.

as a stand-alone Windows application

D.

Cloud-hosted as part of a Prisma Cloud Enterprise tenant from Palo Alto Networks

Question 13

Which two cloud-native providers are supported by Prisma Cloud? (Choose two.)

Options:

A.

DigitalOcean

B.

Azure

C.

IBM Cloud

D.

Oracle Cloud

Question 14

Which pattern syntax will add all images to a trusted images rule within a registry?

Options:

A.

*.acme.com

B.

acme/*

C.

acme.com/myrepo/allimages:/*

D.

registry.acme.com/*

Question 15

Which RQL string monitors all traffic from the Internet and Suspicious IPs destined for your Amazon Web Services databases''

Options:

A.

network where source.publicnetwork IN ('Suspicious IPs') and dest.resource IN (resource where role IN ('AWS RDS', 'Database'))

B.

network where source.publicnetwork IN ('Suspicious IPs', 'Internet IPs') and dest.resource IN (resource where role IN ('LDAP'))

C.

network where dest.resource IN (resource where role = 'Database'}

D.

network where source.publicnetwork IN ('Suspicious IPs', 'Internet IPs') and dest resource IN (resource where role IN ('AWS RDS'. 'Database'))

Question 16

Prisma Public Cloud enables compliance monitoring and reporting by mapping which configurations to compliance standards?

Options:

A.

RQL queries

B.

alert rules

C.

notification templates

D.

policies

Question 17

Which RQL string returns a list of all Azure virtual machines that are not currently running?

Options:

A.

config where api.name = 'azure-vm-list' AND json.rule = powerState = "off'

B.

config where api.name = 'azure-vm-list' AND json.rule = powerState does not contain "running"

C.

config where api.name = 'azure-vm-list' AND json.rule = powerState = "running"

D.

config where api.name = 'azure-vm-list' AND json.rule = powerState contains "running"

Question 18

How does Prisma Cloud Enterprise autoremediate unwanted violations to public cloud infrastructure?

Options:

A.

It inspects the application program interface (API) call made to public cloud and blocks the change if a policy violation is found.

B.

It makes changes after a policy violation has been identified in monitoring.

C.

It locks all changes to public cloud infrastructure and stops any configuration changes without prior approval.

D.

It uses machine learning (ML) to identify unusual changes to infrastructure.

Question 19

Which two deployment methods are supported for Prisma Cloud Compute (PCC) container Defenders? (Choose two.)

Options:

A.

Azure SQL database instances

B.

Google Kubernetes Engine

C.

Oracle Functions service

D.

Kubernetes DaemonSet

Question 20

Which Amazon Web Services security service can provide host vulnerability information to Prisma Public Cloud?

Options:

A.

Shield

B.

Inspector

C.

GuardDuty

D.

Amazon Web Services WAF

Question 21

What is the scope of the Amazon Web Services 1AM Service?

Options:

A.

global

B.

regional

C.

VPC

D.

zonal

Question 22

What is the Palo Alto Networks default Prisma Cloud setting for Alert Disposition to reduce the number of false positives?

Options:

A.

Conservative

B.

Moderate

C.

High

D.

Aggressive

Question 23

Which Prisma Public Cloud policy alerts administrators to unusual user activity?

Options:

A.

Anomaly

B.

Audit Event

C.

Network

D.

Configuration

Question 24

An administrator has deployed an AWS transit gateway and used multiple VPC spokes to segregate a multi-tier application. The administrator also created a security VPC with multiple VM-Series NGFWs in an active/active deployment model via ECMP using Amazon Web Services VPN-based attachments.

What must be configured on the firewall to avoid asymmetric routing?

Options:

A.

source address translation

B.

destination address translation

C.

port address translation

D.

source and destination address translation

Question 25

Which two valid effects are used to deal with images within a rule for trusted images? (Choose two.)

Options:

A.

Deny

B.

Alert

C.

Block

D.

Ignore

Question 26

What are two examples of Amazon Web Services logging services? (Choose two.)

Options:

A.

CloudLog

B.

CloudEvent

C.

CloudWatch

D.

CIoudTrail

Question 27

Which two resources provide operational insight within the Prisma Cloud Asset Inventory? (Choose two.)

Options:

A.

Cortex Data Lake

B.

Cloud Storage buckets

C.

Prisma Access Gateways

D.

Compute Engine instance

Question 28

Under which operating systems (OSs) is twistcli supported?

Options:

A.

Linux, macOS, and Windows

B.

Windows only

C.

Linux and Windows

D.

Linux, macOS, PAN-OS, and Windows

Question 29

What are two benefits of Cloud Security Posture Management (CSPM) over other solutions? (Choose two.)

Options:

A.

guaranteed proof of concept (POC) extensions beyond 30 days

B.

native integration of network, endpoint, and cloud data to stop attacks

C.

elimination of blind spots

D.

proactive addressing of risks

Question 30

Which subcommand invokes the scan for images built with Jenkins in an OpenShift environment?

Options:

A.

> twistcli project scan

B.

> twistcli scar, projects

C.

> twistcli hosts scan

D.

> twistcli scar, hosts

Question 31

All Amazon Regional Database Service (RDS)-deployed resources and the regions in which they are deployed can be identified by prisma Cloud using which two methods? (Choose two.)

Options:

A.

Configure an Inventory report from the "Alerts" tab.

B.

Write an RQL query from the "Investigate" tab.

C.

Open the Asset dashboard, filter on Amazon Web Services, and click "Amazon RDS" resources.

D.

Generate a compliance report from the Compliance dashboard.

Question 32

Which pillar of the Prisma Cloud platform can secure outbound traffic, stop lateral attack movement, and block inbound threats?

Options:

A.

Cloud Workload Protection (CWP)

B.

Cloud Code Security

C.

Cloud Network Security

D.

Cloud Identity Security

Question 33

Which statement applies to vulnerability management policies?

Options:

A.

Host and serverless rules support blocking, whereas container rules do not.

B.

Rules explain the necessary actions when vulnerabilities are found in the resources of a customer environment.

C.

Policies for containers, hosts, and serverless functions are not separate.

D.

Rules are evaluated in an undefined order.

Question 34

What resource is required to receive inbound traffic from the internet to VM-Series NGFW deployed as a gateway for Azure Stack workloads?

Options:

A.

Public IP for the VM-Series NGFW

B.

NAT appliance

C.

Azure Stack Edge Router

D.

Border Customer Network

Load More PSE-PrismaCloud Questions 
Page: 1 / 12
Total 115 questions
Get PSE-PrismaCloud Full Access Download PSE-PrismaCloud PDF