PCCSE Online Practice Questions and Answers

Which container scan is constructed correctly?

A. twistcli images scan -u api -p api --address https://us-west1.cloud.twistlock.com/us-3-123456789 --container myimage/latest

B. twistcli images scan --docker-address https://us-west1.cloud.twistlock.com/us-3-123456789 myimage/latest

C. twistcli images scan -u api -p api --address https://us-west1.cloud.twistlock.com/us-3-123456789 --details myimage/latest

D. twistcli images scan -u api -p api --docker-address https://us-west1.cloud.twistlock.com/us-3-123456789 myimage/latest

A customer is reviewing Container audits, and an audit has identified a cryptominer attack. Which three options could have generated this audit? (Choose three.)

A. The value of the mined currency exceeds $100.

B. High CPU usage over time for the container is detected.

C. Common cryptominer process name was found.

D. The mined currency is associated with a user token.

E. Common cryptominer port usage was found.

Which intensity setting for anomaly alerts is used for the measurement of 100 events over 30 days?

A. High

B. Medium

C. Low

D. Very High

A customer has a requirement to scan serverless functions for vulnerabilities. Which three settings are required to Configure serverless scanning? (Choose three.)

A. Defender Name

B. Region

C. Credential

D. Console Address

E. Provider

Which three options are selectable in a CI policy for image scanning with Jenkins or twistcli? (Choose three.)

A. Scope - Scans run on a particular host

B. Credential

C. Apply rule only when vendor fixes are available

D. Failure threshold

E. Grace Period

A customer has a requirement to restrict any container from resolving the name www.evil-url.com.

How should the administrator Configure Prisma Cloud Compute to satisfy this requirement?

A. Choose "copy into rule" for any Container, set www.evil-url.com as a blocklisted DNS name in the Container policy and set the policy effect to alert.

B. Set www.evil-url.com as a blocklisted DNS name in the default Container runtime policy, and set the effect to block.

C. Choose "copy into rule" for any Container, set www.evil-url.com as a blocklisted DNS name, and set the effect to prevent.

D. Set www.evil-url.com as a blocklisted DNS name in the default Container policy and set the effect to prevent.

Which three serverless runtimes are supported by Prisma Cloud for vulnerability and compliance scans? (Choose three.)

A. Swift

B. Python

C. Dart

D. Java

E. Node.js

Which policy type should be used to detect and alert on cryptominer network activity?

A. Anomaly

B. Config-run

C. Config-build

D. Audit event

How does assigning an account group to an administrative user on Prisma Cloud help restrict access to resources?

A. It restricts access to all resources and data within the cloud account.

B. It restricts access only to certain types of resources within the cloud account.

C. It restricts access only to the resources and data that pertains to the cloud account(s) within an account group.

D. It does not restrict access to any resources within the cloud account.

How is the scope of each rule determined in the Prisma Cloud Compute host runtime policy?

A. By the order in which it is created

B. By the collection assigned to that rule

C. By the type of network traffic it controls

D. By the target workload