PSE-PrismaCloud PSE Palo Alto Networks System Engineer Professional - Prisma Cloud Question and Answers

Both Source and Destination Checks are disabled

Both Source and Destination Checks are enabled

Source Check is disabled and Destination Check is enabled

Source Check is enabled and Destination Check is disabled

Low

Thorough

High

Baseline

credential stuffing

cross-site scripting (XSS)

shoulder surfing

distributed denial of service (DDoS)

config

alert

event

data

issue yum update command on an instance inside Amazon Web Services

Microsoft Windows inside Azure requesting a security patch

web server inside Amazon Web Services receiving web requests from internet

issue apt-get install command on an instance inside Amazon Web Services

outgoing Prisma Public Cloud API calls

Host and serverless rules support blocking, whereas container rules do not.

Rules explain the necessary actions when vulnerabilities are found in the resources of a customer environment.

Policies for containers, hosts, and serverless functions are not separate.

Rules are evaluated in an undefined order.

UUID

new Auth Code

CPU ID

API Key

run the PAN-OS CLI command: set system mgmt-interface-swap enable yes

run the PAN-OS CLI command: set system mgmt-interface-swap setting enable yes

create a bootstrap file that includes the mgmt-interface-swap command

in the Google Cloud Console Metadata Field, enter a key-value pair where mgmt-interface-swap is the key and enable is the value

The server VMs have private use only (RFC 1918) IPs. Amazon's cloud infrastructure translates those addresses to publicly accessible IP addresses. The VM-Series NGFW has publicly accessible IP addresses.

The server VMs have private use only (RFC 1918) IPs. The VM-Series NGFW translates those addresses to publicly accessible IP addresses.

The server VMs and the VM-Series NGFW have private use only (RFC 1918) IPs. Amazons cloud infrastructure translates those addresses to publicly accessible IP addresses

The servers and VM-Series NGFW have publicly accessible IP addresses for management purposes.

Generate a Center for Internet Security (CIS) compliance report and search for "Amazon RDS" policy violations.

View the alert data on the "Asset Inventory" dashboard and filter on "Amazon RDS.

Within the "Alerts" tab. filter on "Amazon RDS" as a service.

Create a custom Resource Query Language (RQL) configuration report.

Generate a new Compliance Report.

Create compliance framework in a spreadsheet then import into Prisma Public Cloud.

From Compliance tab, clone a default framework and customize.

From Compliance tab > Compliance Standards, click "Add New."

AWS CDN

AWS NAT Gateway

AWS ALB

AWS NLB

The image will pass the CI policy, but will be blocked by the deployed policy; therefore, it will not be deployed.

The CI policy will fail the build; therefore, the image will not be deployed.

The image will be deployed successfully, and all vulnerabilities will be reported.

The image will be deployed successfully, but no vulnerabilities will be reported.

purchase a new PAYG license from a reseller

go to Palo Alto Networks Support website to change the BYOL license to a PAYG license

purchase a new PAYG license for Microsoft Azure from Palo Alto Networks

launch a new VM using the PAYG image

Elastic Compute Cloud (EC2) instances

Network Address Translation (NAT) gateways

CloudFront distributions

Security groups

guaranteed proof of concept (POC) extensions beyond 30 days

native integration of network, endpoint, and cloud data to stop attacks

elimination of blind spots

proactive addressing of risks

Microsoft Azure

Alibaba Cloud

Amazon Web Services

Oracle Cloud

The thresholds can be set to informational, low, medium, high, and critical.

The alert threshold always has precedence over, and can be greater than, the block threshold.

The block threshold must always be equal to or greater than the alert threshold.

The block threshold always has precedence over, and can be less than, the alert threshold.

Microsoft Azure

Alibaba Cloud

Oracle Cloud

Amazon Web Services

event from cloud.audit_logs where cloud.type = 'gcp' AND cloud.service = 'Google Bigtable Instance'

event from cloud.audit_logs where cloud.type = 'gcp' AND cloud.service = 'cloudsql.googleapis.com'

event from cloud.audit_logs where cloud.type = 'gcp' AND cloud.service = 'bigquery.googleapis.com'

event from cloud.audit_logs where cloud.type = 'gcp' AND cloud.service = 'dataproc.googleapis.com'

General Data Protection Regulation (GDPR)

International Organization for Standardization (ISO) 27001

Payment Card Industry (PCI) Data Security Standard (DSS) 3.0

EU Data Protection Directive 95/46/EC

resource name

instance

cloud region

feature

Changes will take effect after a new learning phase of 30 days.

System will perform a reboot, deleting all past alerts.

Existing alerts and new alerts are regenerated based on the new setting.

New alerts are generated based on the new setting.

Linux, macOS, and Windows

Windows only

Linux and Windows

Linux, macOS, PAN-OS, and Windows

Generate a compliance report from the Compliance dashboard

Write an RQL query from the "Investigate" tab.

Configure an Inventory report from the "Alerts" tab

Open the Asset dashboard, filter on Amazon Web Services, and click "Amazon RDS" resources.

VM Monitoring

External Dynamic List

CFT Template

XML API

registry path for image name

password

console address

username

hose from

network from

system from

event from

consistent controls from build time to runtime

prebuilt and customizable polices to detect data such as personally identifiable information (PII) in publicly exposed objects

support for multiple languages, runtimes and frameworks

continuous monitoring of all could resources for vulnerabilities, misconfigurations, and other threats

Google Kubernetes Engine

BigQuery

Compute Engine

App Engine

Google Virtual Private Cloud