リアルPCCSE問題集でPalo Alto Networks正確な解答2024年最新版を試そう [Q53-Q75]

Share

リアルPCCSE問題集でPalo Alto Networks正確な解答2024年最新版を試そう

Cloud Security Engineer PCCSE試験練習問題集


PCCSE認定は世界的に認知され、Prisma Cloudプラットフォームを利用する主要な組織から高く評価されています。この認定は、保持者がPrisma Cloudプラットフォームを使用してクラウドセキュリティソリューションを設計、展開、管理するために必要なスキルと知識を持っていることを示しています。また、保持者が継続的な学習と職業的な発展に取り組んでいることも示しています。

 

質問 # 53
A customer wants to harden its environment from misconfiguration.
Prisma Cloud Compute Compliance enforcement for hosts covers which three options? (Choose three.)

  • A. Host configuration
  • B. Docker daemon configuration
  • C. Hosts without Defender agents
  • D. Docker daemon configuration files
  • E. Host cloud provider tags

正解:A、B、D

解説:
Prisma Cloud Compute Compliance enforcement for hosts covers several aspects to ensure a secure and compliant host environment, particularly within containerized environments. These include:
Docker daemon configuration files: Ensuring that Docker daemon configuration files are set up according to best security practices is crucial. These files contain various settings that control the behavior of the Docker daemon, and misconfigurations can lead to security vulnerabilities.
Docker daemon configuration: Beyond just the configuration files, the overall configuration of the Docker daemon itself is critical. This encompasses runtime settings and command-line options that determine how Docker containers are executed and managed on the host.
Host configuration: The security of the underlying host on which Docker and other container runtimes are installed is paramount. This includes the configuration of the host's operating system, network settings, file permissions, and other system-level settings that can impact the security of the containerized applications running on top.
By focusing on these areas, Prisma Cloud ensures that not just the containers but also the environment they run in is secure, adhering to compliance standards and best practices to mitigate risks associated with containerized deployments.


質問 # 54
The development team is building pods to host a web front end, and they want to protect these pods with an application firewall.
Which type of policy should be created to protect this pod from Layer7 attacks?

  • A. The development team should create a WAAS rule targeted at the image name of the pods.
  • B. The development team should create a runtime policy with networking protections.
  • C. The development team should create a WAAS rule for the host where these pods will be running.
  • D. The development team should create a WAAS rule targeted at all resources on the host.

正解:D


質問 # 55
A customer does not want alerts to be generated from network traffic that originates from trusted internal networks.
Which setting should you use to meet this customer's request?

  • A. Enterprise Alert Disposition
  • B. Trusted Alert IP Addresses
  • C. Anomaly Trusted List
  • D. Trusted Login IP Addresses

正解:B

解説:
Section: (none)
Explanation


質問 # 56
Which statement about build and run policies is true?

  • A. Every type of policy has auto-remediation enabled by default.
  • B. Build policies enable you to check for security misconfigurations in the IaC templates.
  • C. The four main types of policies are: Audit Events, Build, Network, and Run.
  • D. Run policies monitor network activities in the environment and check for potential issues during runtime.

正解:B


質問 # 57
A security team has been asked to create a custom policy.
Which two methods can the team use to accomplish this goal? (Choose two.)

  • A. add a new policy
  • B. disable an out-of-the-box policy
  • C. clone an existing policy
  • D. edit the query in the out-of-the-box policy

正解:A、C

解説:
To create a custom policy within a cloud security platform like Prisma Cloud, security teams have the flexibility to either add a new policy from scratch or clone an existing one to serve as a foundation for customization. Adding a new policy allows for the creation of a completely tailored rule set based on specific security requirements. Cloning an existing policy, on the other hand, provides a quick start by using the structure of an already established policy, which can then be modified to fit particular needs. This approach is beneficial for maintaining consistency with existing policies while addressing unique security scenarios.
Disabling an out-of-the-box policy (option C) or editing the query in an out-of-the-box policy (option D) are actions that might be taken to customize policy enforcement but do not equate to the creation of a new custom policy.


質問 # 58
Console is running in a Kubernetes cluster, and you need to deploy Defenders on nodes within this cluster.
Which option shows the steps to deploy the Defenders in Kubernetes using the default Console service name?

  • A. From the deployment page in Console, choose twistlock-console for Console identifier, and run the curl
    | bash script on the master Kubernetes node.
  • B. From the deployment page in Console, choose pod name for Console identifier, generate DaemonSet file, and apply the DaemonSet to twistlock namespace.
  • C. From the deployment page configure the cloud credential in Console and allow cloud discovery to auto-protect the Kubernetes nodes.
  • D. From the deployment page in Console, choose twistlock-console for Console identifier, generate DaemonSet file, and apply DaemonSet to the twistlock namespace.

正解:D


質問 # 59
Given an existing ECS Cluster, which option shows the steps required to install the Console in Amazon ECS?

  • A. Download and extract the release tarball
    Create an EFS file system and mount to each node in the cluster Create the Console task definition Deploy the task definition
  • B. The console cannot natively run in an ECS cluster. A onebox deployment should be used.
  • C. Download and extract release tarball Download task from AWS
    Create the Console task definition Deploy the task definition
  • D. Download and extract the release tarball
    Ensure that each node has its own storage for Console data Create the Console task definition Deploy the task definition

正解:A


質問 # 60
The security team wants to enable the "block" option under compliance checks on the host.
What effect will this option have if it violates the compliance check?

  • A. Additional hosts will be prevented form starting.
  • B. No containers will be allowed to start on that host.
  • C. The host will be taken offline.
  • D. Containers on a host will be stopped.

正解:A


質問 # 61
Which type of compliance check is available for rules under Defend > Compliance > Containers and Images
> CI?

  • A. Container
  • B. Functions
  • C. Host
  • D. Image

正解:C


質問 # 62
Which action would be applicable after enabling anomalous compute provisioning?

  • A. It detects potential creation of an unauthorized network of compute instances either accidentally or for cryptojacking.
  • B. It detects unusual server port activity or unusual protocol activity from a client within or outside the cloud environment.
  • C. It detects the activity caused by the spambot.
  • D. It detects potential creation of an unauthorized network of compute instances with AutoFocus.

正解:A

解説:
Enabling anomalous compute provisioning in Prisma Cloud allows for the detection of unusual and potentially unauthorized activities related to the creation of compute instances. This feature is particularly useful for identifying scenarios where an unauthorized network of compute instances might be established, either accidentally due to misconfigurations or maliciously for purposes such as cryptojacking. Cryptojacking involves the unauthorized use of someone else's compute resources to mine cryptocurrency, and anomalous compute provisioning can help in identifying such activities by highlighting unusual patterns in the provisioning of compute resources.


質問 # 63
Which statement accurately characterizes SSO Integration on Prisma Cloud?

  • A. An administrator can configure different Identity Providers (IdP) for all the cloud accounts that Prisma Cloud monitors.
  • B. An administrator who needs to access the Prisma Cloud API can use SSO after configuration.
  • C. Okta, Azure Active Directory. PingID, and others are supported via SAML
  • D. Prisma Cloud supports IdP initiated SSO. and its SAML endpoint supports the POST and GET methods

正解:C


質問 # 64
Which two statements apply to the Defender type Container Defender - Linux?

  • A. It is incapable of filesystem runtime defense.
  • B. It is deployed as a container.
  • C. It is implemented as runtime protection in the userspace.
  • D. It is deployed as a service.

正解:C、D


質問 # 65
Which three options for hardening a customer environment against misconfiguration are included in Prisma Cloud Compute compliance enforcement for hosts? (Choose three.)

  • A. Host configuration
  • B. Docker daemon configuration
  • C. Hosts without Defender agents
  • D. Cloud provider tags
  • E. Serverless functions

正解:A、B、C

解説:
Prisma Cloud scans all hosts for compliance issues, provided that a defender is installed or the host is covered by an agentless scan. Among these, the following compliance issues are covered.
-Host configuration
-Docker daemon configuration
https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/compliance/host_scanning Prisma Cloud Compute's compliance enforcement capabilities for hosts include ensuring proper configurations of Docker daemons and host operating systems, as well as managing hosts that do not have Defender agents installed. These measures are critical for hardening environments against misconfigurations which could lead to security vulnerabilities.


質問 # 66
An administrator has deployed Console into a Kubernetes cluster running in AWS. The administrator also has configured a load balancer in TCP passthrough mode to listen on the same ports as the default Prisma Compute Console configuration.
In the build pipeline, the administrator wants twistcli to talk to Console over HTTPS. Which port will twistcli need to use to access the Prisma Compute APIs?

  • A. 0
  • B. 1
  • C. 2
  • D. 3

正解:A

解説:
When the administrator wants twistcli to communicate with the Console over HTTPS in a Kubernetes cluster, and considering the load balancer is configured in TCP passthrough mode, A. 8084 is typically the port used for secure HTTPS communication with the Prisma Compute Console. This port will allow twistcli to access the Prisma Compute APIs securely.
https://docs.prismacloudcompute.com/docs/compute_edition_21_04/tools/twistcli.html#connectivity-to-console


質問 # 67
Which options show the steps required to upgrade Console when using projects?

  • A. Upgrade all Supervisor Consoles Upgrade Central Console
  • B. Upgrade Central Console Upgrade all Supervisor Consoles
  • C. Upgrade Central Console
    Upgrade Central Console Defenders
  • D. Upgrade Defender Upgrade Central Console
    Upgrade Supervisor Consoles

正解:A


質問 # 68
A customer has a requirement to terminate any Container from image topSecret:latest when a process named ransomWare is executed.
How should the administrator configure Prisma Cloud Compute to satisfy this requirement?

  • A. choose "copy into rule" for the Container, add a ransomWare process into the denied process list, and set the action to "block".
  • B. add a new runtime policy targeted at a specific Container name, add ransomWare process into the denied process list, and set the action to "prevent".
  • C. set the Container model to manual relearn and set the default runtime rule to block for process protection.
  • D. set the Container model to relearn and set the default runtime rule to prevent for process protection.

正解:B

解説:
To terminate any Container from the image "topSecret:latest" when a process named "ransomWare" is executed, the administrator should create a new runtime policy in Prisma Cloud Compute specifically targeting the container in question. By adding the "ransomWare" process to the denied process list within this policy and setting the action to "prevent," Prisma Cloud Compute will actively monitor for the execution of the specified process within the targeted container and take preventive action to terminate the container if the process is detected. This approach allows for precise, targeted security measures that address specific threats identified by the organization, thereby enhancing the overall security posture and protecting sensitive workloads from potential compromise.


質問 # 69
Order the steps involved in onboarding an AWS Account for use with Data Security feature.

正解:

解説:


質問 # 70
Which three OWASP protections are part of Prisma Cloud Web-Application and API Security (WAAS) rule? (Choose three.)

  • A. Suspicious binary
  • B. SQL injection
  • C. Shellshock
  • D. Local file inclusion
  • E. DoS Protection

正解:A、B、E


質問 # 71
Which statement accurately characterizes SSO Integration on Prisma Cloud?

  • A. An administrator can configure different Identity Providers (IdP) for all the cloud accounts that Prisma Cloud monitors.
  • B. Okta, Azure Active Directory, PingID, and others are supported via SAML.
  • C. Prisma Cloud supports IdP initiated SSO, and its SAML endpoint supports the POST and GET methods.
  • D. An administrator who needs to access the Prisma Cloud API can use SSO after configuration.

正解:C

解説:
Section: (none)
Explanation


質問 # 72
Which API calls can scan an image named myimage: latest with twistcli and then retrieve the results from Console?

  • A. $ twistcli images scan \
    --address <COMPUTE_CONSOLE> \
    --user <COMPUTER_CONSOLE_USER> \
    --password <COMPUTER_CONSOLE_PASSWD> \
    --console \
    myimage: latest
  • B. $ twistcli images scan \
    --address <COMPUTE_CONSOLE> \
    --user <COMPUTER_CONSOLE_USER> \
    --password <COMPUTER_CONSOLE_PASSWD> \
    myimage: latest
  • C. $ twistcli images scan \
    --address <COMPUTE_CONSOLE> \
    --user <COMPUTER_CONSOLE_USER> \
    --password <COMPUTER_CONSOLE_PASSWD> \
    --details \
    myimage: latest
  • D. $ twistcli images scan \
    --address <COMPUTE_CONSOLE> \
    --user <COMPUTER_CONSOLE_USER> \
    --password <COMPUTER_CONSOLE_PASSWD> \
    --verbose \
    myimage: latest

正解:B

解説:
The API calls that can scan an image named myimage: latest with twistcli and then retrieve the results from Console do not require any additional flags beyond the address, user, and password for the Prisma Cloud Compute console. The --verbose, --details, and --console flags are not necessary for performing the scan and retrieving the results. The twistcli command with the required parameters initiates the scan, and upon completion, the results are available in the Prisma Cloud Compute console for review.
Reference to this process is provided in the Prisma Cloud Compute documentation, which outlines the steps for scanning container images with the twistcli command-line tool and retrieving the results from the Compute Console for analysis and action.


質問 # 73
An administrator of Prisma Cloud wants to enable role-based access control for Docker engine.
Which configuration step is needed first to accomplish this task?

  • A. Set Docker's listener type to TCP.
  • B. Set Defender's listener type to TCP.
  • C. Configure Docker's authentication sequence to first use an identity provider and then Console.
  • D. Configure Defender's authentication sequence to first use an identity provider and then Console.

正解:D


質問 # 74
Which three Options are selectable in a CI policy for image scanning with Jenkins or twistcli? (Choose three.)

  • A. Credential
  • B. Scope - Scans run on a particular host
  • C. Grace Period
  • D. Apply rule only when vendor fixes are available
  • E. Failure threshold

正解:A、B、D


質問 # 75
......


PCCSE試験は、クラウドインフラストラクチャの確保における候補者のスキルと知識を検証するように設計されています。この試験では、クラウドセキュリティアーキテクチャ、クラウドアクセスセキュリティブローカー(CASB)、ネットワークセキュリティ、アイデンティティおよびアクセス管理(IAM)、データ保護、コンプライアンスなど、幅広いトピックをカバーしています。この試験は60の複数選択の質問で構成されており、90分の時間制限があります。試験に合格するには、候補者は最低70%を獲得する必要があります。 PCCSE認定は2年間有効であり、その後、候補者は認定を維持するために再認証試験に合格する必要があります。


PCCSE認定を受けるには、候補者はクラウドセキュリティエンジニアリングの知識とスキルをテストする厳格な認定試験に合格する必要があります。この試験はPalo Alto Networksによって管理されており、Pearson Vueテストセンターでオンラインまたは対面で撮影できます。試験に合格すると、候補者はクラウドセキュリティエンジニアリングの専門知識を実証するPCCSE認定を受け取ります。

 

PCCSE試験合格を準備するため 今すぐ弊社のCloud Security Engineer試験パッケージお試そう:https://jp.fast2test.com/PCCSE-premium-file.html

PCCSEプレミアム資料でテストPDF無料問題集お試しセット:https://drive.google.com/open?id=1JPPHy5e7qcMlK1BNihCiyygd728JvTiF


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어