Winter Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: myex65

Home > Paloalto Networks > PSE-Prisma Cloud Professional > PSE-PrismaCloud

PSE-PrismaCloud PSE Palo Alto Networks System Engineer Professional - Prisma Cloud Question and Answers

Question # 4

What configuration on AWS is required in order for VM-Series to forward traffic between its network interfaces?

A.

Both Source and Destination Checks are disabled

B.

Both Source and Destination Checks are enabled

C.

Source Check is disabled and Destination Check is enabled

D.

Source Check is enabled and Destination Check is disabled

Full Access
Question # 5

What is the Palo Alto Networks recommended setting for the Prisma Cloud Training Model Threshold?

A.

Low

B.

Thorough

C.

High

D.

Baseline

Full Access
Question # 6

Prevention against which type of attack is configurable in Web-Application and API Security (WAAS)?

A.

credential stuffing

B.

cross-site scripting (XSS)

C.

shoulder surfing

D.

distributed denial of service (DDoS)

Full Access
Question # 7

A customer has deployed a VM-Series NGFW on Amazon Web Services using a PAYG license. What is the sequence required by the customer to switch to a BYOL license?

Full Access
Question # 8

Which type of Resource Query Language (RQL) query is used to create a custom policy that looks for untagged resources?

A.

config

B.

alert

C.

event

D.

data

Full Access
Question # 9

What are three examples of outbound traffic flow? (Choose three.)

A.

issue yum update command on an instance inside Amazon Web Services

B.

Microsoft Windows inside Azure requesting a security patch

C.

web server inside Amazon Web Services receiving web requests from internet

D.

issue apt-get install command on an instance inside Amazon Web Services

E.

outgoing Prisma Public Cloud API calls

Full Access
Question # 10

Which statement applies to vulnerability management policies?

A.

Host and serverless rules support blocking, whereas container rules do not.

B.

Rules explain the necessary actions when vulnerabilities are found in the resources of a customer environment.

C.

Policies for containers, hosts, and serverless functions are not separate.

D.

Rules are evaluated in an undefined order.

Full Access
Question # 11

Which two items are required when a VM-100 BYOL instance is upgraded to a VM-300 BYOL instance? (Choose two.)

A.

UUID

B.

new Auth Code

C.

CPU ID

D.

API Key

Full Access
Question # 12

What are two ways to enable interface swap when deploying a VM-Series NGFW in Google Cloud Platform? (Choose two.)

A.

run the PAN-OS CLI command: set system mgmt-interface-swap enable yes

B.

run the PAN-OS CLI command: set system mgmt-interface-swap setting enable yes

C.

create a bootstrap file that includes the mgmt-interface-swap command

D.

in the Google Cloud Console Metadata Field, enter a key-value pair where mgmt-interface-swap is the key and enable is the value

Full Access
Question # 13

The customer has an Amazon Web Services Elastic Computing Cloud that provides a service to the internet directly and needs to secure that cloud with a VM-Series NGFW.

Which component handles address translation?

A.

The server VMs have private use only (RFC 1918) IPs. Amazon's cloud infrastructure translates those addresses to publicly accessible IP addresses. The VM-Series NGFW has publicly accessible IP addresses.

B.

The server VMs have private use only (RFC 1918) IPs. The VM-Series NGFW translates those addresses to publicly accessible IP addresses.

C.

The server VMs and the VM-Series NGFW have private use only (RFC 1918) IPs. Amazons cloud infrastructure translates those addresses to publicly accessible IP addresses

D.

The servers and VM-Series NGFW have publicly accessible IP addresses for management purposes.

Full Access
Question # 14

How can all alerts related to "Amazon RDS" be quickly identified within the Prisma Cloud dashboard?

A.

Generate a Center for Internet Security (CIS) compliance report and search for "Amazon RDS" policy violations.

B.

View the alert data on the "Asset Inventory" dashboard and filter on "Amazon RDS.

C.

Within the "Alerts" tab. filter on "Amazon RDS" as a service.

D.

Create a custom Resource Query Language (RQL) configuration report.

Full Access
Question # 15

can you create a custom compliance standard in Prisma Public Cloud?

A.

Generate a new Compliance Report.

B.

Create compliance framework in a spreadsheet then import into Prisma Public Cloud.

C.

From Compliance tab, clone a default framework and customize.

D.

From Compliance tab > Compliance Standards, click "Add New."

Full Access
Question # 16

Amazon Web Services WAF can be enabled on which two resources?(Choose two.)

A.

AWS CDN

B.

AWS NAT Gateway

C.

AWS ALB

D.

AWS NLB

Full Access
Question # 17

An image containing medium vulnerabilities that do not have available fixes is being deployed into the sock-shop namespace. Prisma Cloud has been configured for vulnerability management within the organization's continuous integration (CI) tool and registry.

What will occur during the attempt to deploy this image from the CI tool into the sock-shop namespace?

A.

The image will pass the CI policy, but will be blocked by the deployed policy; therefore, it will not be deployed.

B.

The CI policy will fail the build; therefore, the image will not be deployed.

C.

The image will be deployed successfully, and all vulnerabilities will be reported.

D.

The image will be deployed successfully, but no vulnerabilities will be reported.

Full Access
Question # 18

How does a customer that has deployed a VM-Series NGFW on Microsoft Azure using a BYOL license change to a PAYG license structure?

A.

purchase a new PAYG license from a reseller

B.

go to Palo Alto Networks Support website to change the BYOL license to a PAYG license

C.

purchase a new PAYG license for Microsoft Azure from Palo Alto Networks

D.

launch a new VM using the PAYG image

Full Access
Question # 19

Which two resource types are included in the Prisma Cloud Enterprise licensing count? (Choose two.)

A.

Elastic Compute Cloud (EC2) instances

B.

Network Address Translation (NAT) gateways

C.

CloudFront distributions

D.

Security groups

Full Access
Question # 20

What are two benefits of Cloud Security Posture Management (CSPM) over other solutions? (Choose two.)

A.

guaranteed proof of concept (POC) extensions beyond 30 days

B.

native integration of network, endpoint, and cloud data to stop attacks

C.

elimination of blind spots

D.

proactive addressing of risks

Full Access
Question # 21

Which two cloud providers provide egress load balancing? (Choose two.)

A.

Microsoft Azure

B.

Alibaba Cloud

C.

Amazon Web Services

D.

Oracle Cloud

Full Access
Question # 22

Which statement explains the correlation between the block and alert thresholds in a vulnerability management policy?

A.

The thresholds can be set to informational, low, medium, high, and critical.

B.

The alert threshold always has precedence over, and can be greater than, the block threshold.

C.

The block threshold must always be equal to or greater than the alert threshold.

D.

The block threshold always has precedence over, and can be less than, the alert threshold.

Full Access
Question # 23

Which cloud provider supports iLB-as-next-hop?

A.

Microsoft Azure

B.

Alibaba Cloud

C.

Oracle Cloud

D.

Amazon Web Services

Full Access
Question # 24

Which RQL query should be used to quickly identify any events related to an organization's Google Cloud Platform Big Query database the last 24 hours?

A.

event from cloud.audit_logs where cloud.type = 'gcp' AND cloud.service = 'Google Bigtable Instance'

B.

event from cloud.audit_logs where cloud.type = 'gcp' AND cloud.service = 'cloudsql.googleapis.com'

C.

event from cloud.audit_logs where cloud.type = 'gcp' AND cloud.service = 'bigquery.googleapis.com'

D.

event from cloud.audit_logs where cloud.type = 'gcp' AND cloud.service = 'dataproc.googleapis.com'

Full Access
Question # 25

Which regulatory framework in Prisma Cloud measures compliance with European Union (EU) data privacy regulations in Amazon Web services (AWS) workloads?

A.

General Data Protection Regulation (GDPR)

B.

International Organization for Standardization (ISO) 27001

C.

Payment Card Industry (PCI) Data Security Standard (DSS) 3.0

D.

EU Data Protection Directive 95/46/EC

Full Access
Question # 26

Which filter type is valid in Asset Explorer?

A.

resource name

B.

instance

C.

cloud region

D.

feature

Full Access
Question # 27

What happens in Prisma Cloud after Training Model Threshold or Alert Disposition is changed?

A.

Changes will take effect after a new learning phase of 30 days.

B.

System will perform a reboot, deleting all past alerts.

C.

Existing alerts and new alerts are regenerated based on the new setting.

D.

New alerts are generated based on the new setting.

Full Access
Question # 28

Under which operating systems (OSs) is twistcli supported?

A.

Linux, macOS, and Windows

B.

Windows only

C.

Linux and Windows

D.

Linux, macOS, PAN-OS, and Windows

Full Access
Question # 29

A customer CSO has asked you to demonstrate how to identify all "Amazon RDS" resources deployed and the region that they are deployed in. What are two ways that Prisma Public Cloud can show the relevant information?(Choose two.)

A.

Generate a compliance report from the Compliance dashboard

B.

Write an RQL query from the "Investigate" tab.

C.

Configure an Inventory report from the "Alerts" tab

D.

Open the Asset dashboard, filter on Amazon Web Services, and click "Amazon RDS" resources.

Full Access
Question # 30

What are the two options to dynamically register tags used by Dynamic Address Groups that are referenced in policy? (Choose two.)

A.

VM Monitoring

B.

External Dynamic List

C.

CFT Template

D.

XML API

Full Access
Question # 31

The following error is received when performing a manual twistcli scan on an image:

What is missing from the command?

A.

registry path for image name

B.

password

C.

console address

D.

username

Full Access
Question # 32

Which two types of Resource Query Language (RQL) queries can be used to create policies? (Choose two.)

A.

hose from

B.

network from

C.

system from

D.

event from

Full Access
Question # 33

What are two business values of Cloud Code Security? (Choose two.)

A.

consistent controls from build time to runtime

B.

prebuilt and customizable polices to detect data such as personally identifiable information (PII) in publicly exposed objects

C.

support for multiple languages, runtimes and frameworks

D.

continuous monitoring of all could resources for vulnerabilities, misconfigurations, and other threats

Full Access
Question # 34

Which three services can Google Cloud Security Scanner assess? (Choose three.)

A.

Google Kubernetes Engine

B.

BigQuery

C.

Compute Engine

D.

App Engine

E.

Google Virtual Private Cloud

Full Access