[2021] PSE-PrismaCloud All-in-One Exam Guide Practice To your PSE-PrismaCloud Exam!
Preparations of PSE-PrismaCloud Exam 2021 PSE-Prisma Cloud Professional Unlimited 62 Questions
NEW QUESTION 32
Which three types of security checks can Prisma Public Cloud perform? (Choose three.)
- A. network where
- B. config where
- C. compliance where
- D. user where
- E. event where
Answer: A,C,E
NEW QUESTION 33
Which RQL string returns a list of all Azure virtual machines that are not currently running?
- A. config where api.name = 'azure-vm-list' AND json.rule = powerState = "running"
- B. config where api.name = 'azure-vm-list' AND json.rule = powerState does not contain "running"
- C. config where api.name = 'azure-vm-list' AND json.rule = powerState contains "running"
- D. config where api.name = 'azure-vm-list' AND json.rule = powerState = "off'
Answer: B
NEW QUESTION 34
Which RQL string monitors all traffic from the Internet and Suspicious IPs destined for your Amazon Web Services databases?
- A. network where source.publicnetwork IN ('Suspicious IPs', 'Internet IPs') and dest resource IN (resource where role IN ('AWS RDS'. 'Database'))
- B. network where source.publicnetwork IN ('Suspicious IPs') and dest.resource IN (resource where role IN ('AWS RDS', 'Database'))
- C. network where source.publicnetwork IN ('Suspicious IPs', 'Internet IPs') and dest.resource IN (resource where role IN ('LDAP'))
- D. network where dest.resource IN (resource where role = 'Database'}
Answer: A
NEW QUESTION 35
The VM-Series integration with Amazon GuardDuty feeds malicious IP addresses to the VM-Series NGFW using XML API to populate a Dynamic Address Group within a Security policy that blocks traffic.
How does Amazon Web Services achieve this integration?
- A. CodeDeploy
- B. Lambda
- C. SNS
- D. SQS
Answer: B
NEW QUESTION 36
Which three features are not supported by VM-Series NGFWs on Azure Stack? (Choose three.)
- A. ARM Template
- B. Azure Security Center
- C. Bootstrapping
- D. Azure Application Insight
- E. Resource Group
Answer: A,C,D
NEW QUESTION 37
Which RQL string searches for all EBS volumes that do not have a "DataClassification" tag?
- A. config where api.name = ,aws-ec2-describe-volumes' AND json.rule = tags[*].key exists
- B. config where api.name = 'aws-ec2-describe-volumes, AND json.rule = tags[*]key contains DataClassification
- C. config where api.name = ,aws-ec2-describe-volumes' AND json.rule = tags[*]key != DataClassification
- D. config where api.name = 'aws-ec2-describe-volumes' AND json.rule = tags[*].key = 1
Answer: C
NEW QUESTION 38
Which Google Cloud Platform project shares its VPC networks with other projects?
- A. Subscribing project
- B. Admin project
- C. Host project
- D. Service project
Answer: C
Explanation:
Explanation
Create a shared VPC using the Trust VPC created when you deployed the firewall template.
Set up a shared VPC for the host (firewall) project:
gcloud compute shared-vpc enable HOST_PROJECT_ID
https://docs.paloaltonetworks.com/vm-series/9-1/vm-series-deployment/set-up-the-vm-series-firewall-on-google
NEW QUESTION 39
A customer CSO has asked you to demonstrate how to identify all "Amazon RDS" resources deployed and the region that they are deployed in. What are two ways that Prisma Public Cloud can show the relevant information?(Choose two.)
- A. Open the Asset dashboard, filter on Amazon Web Services, and click "Amazon RDS" resources.
- B. Write an RQL query from the "Investigate" tab.
- C. Configure an Inventory report from the "Alerts" tab
- D. Generate a compliance report from the Compliance dashboard
Answer: A,B
NEW QUESTION 40
How can you use Prisma Public Cloud to identify Amazon EC2 instances that have been tagged as "Private?
- A. Open the Asset Dashboard, filter on tags: and choose "Private."
- B. Generate a CIS compliance report and review the "Asset Summary."
- C. Create an RQL network query to identify traffic from resources tagged "Private."
- D. Create an RQL config query to identify resources with the tag "Private."
Answer: C
NEW QUESTION 41
Which cloud provider supports iLB-as-next-hop?
- A. Oracle Cloud
- B. Alibaba Cloud
- C. Amazon Web Services
- D. Microsoft Azure
Answer: C
NEW QUESTION 42
Match the logging service with its cloud provider.
Answer:
Explanation:
Explanation
AWS, Azure, GCP, Azure, AWS, GCP
NEW QUESTION 43
What is the scope of the Amazon Web Services 1AM Service?
- A. regional
- B. VPC
- C. global
- D. zonal
Answer: C
NEW QUESTION 44
What are the two options to dynamically register tags used by Dynamic Address Groups that are referenced in policy? (Choose two.)
- A. CFT Template
- B. XML API
- C. VM Monitoring
- D. External Dynamic List
Answer: B,C
Explanation:
Explanation
https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/policy/monitor-changes-in-the-virtual-environment/
NEW QUESTION 45
What is a permanent public IP called on Amazon Web Services?
- A. EIP
- B. Floating IP
- C. Reserved IP
- D. PIP
Answer: A
NEW QUESTION 46
Which option is defined by the creation and change of public cloud services managed in a repeatable and predictable fashion?
- A. platform as a service
- B. software as code
- C. infrastructure as a service
- D. infrastructure as code
Answer: C
NEW QUESTION 47
Which regulatory framework in Prisma Public Cloud measures compliance with EU data privacy regulations in Amazon Web Services workloads?
- A. ISO 27001
- B. EU Data Protection Directive 95/46/EC
- C. Payment Card Industry 3.0
- D. GDPR
Answer: B
NEW QUESTION 48
What is the scope of the Amazon Web Services IAM Service?
- A. regional
- B. VPC
- C. global
- D. zonal
Answer: C
NEW QUESTION 49
Which three features are not supported by VM-Series NGFWs on Azure Stack? (Choose three.)
- A. Bootstrapping
- B. Azure Security Center
- C. Azure Application Insight
- D. ARM Template
- E. Resource Group
Answer: A,B,C
NEW QUESTION 50
Which RQL string using network query attributes returns all traffic destined for Internet or for Suspicious IPs that also exceeds 1GB?
- A. show traffic where destination.network = ('Internet IPs', 'Suspicious IPs') AND bytes > 1000000000
- B. network where publicnetwork = ('Internet IPs', 'Suspicious IPs') AND bytes > 1000000000
- C. network where dest.publicnetwork IN ('Internet IPs', 'Suspicious IPs') AND bytes > 1000000000
- D. network where bytes > 1GB and destination = 'Internet IPs' OR 'Suspicious IPs'
Answer: C
Explanation:
Explanation
https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-rql-reference/rql-reference/rql-examples All network traffic that is greater than 1GB and destined to Internet or Suspicious IPs (allows you to identify data exfiltration attempt on any cloud environment).
network where dest.publicnetwork IN ( 'Internet IPs', 'Suspicious IPs' ) AND bytes > 1000000000
NEW QUESTION 51
The Microsoft Azure virtual network gateway supports which two site-to-site connectivity options? (Choose two.)
- A. ExpressRoute
- B. IPsecVPN
- C. Fast Connect
- D. Direct Connect
Answer: A,B
Explanation:
Explanation
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-portal
NEW QUESTION 52
When protecting against attempts to exploit client-side and server-side vulnerabilities, what is the Palo Alto Networks best practice when using NGFW VulnerabilityProtection Profiles?
- A. Use the default Vulnerability Protection Profile to protect servers from all known critical, high, and medium-severity threats
- B. Clone the predefined Strict Profile, with packet capture settings enabled
- C. Clone the predefined Strict Profile, with packet capture settings disabled
- D. Use the default Vulnerability Protection Profile to protect clients from all known critical, high, and medium-severity threats
Answer: B
NEW QUESTION 53
......
Focus on PSE-PrismaCloud All-in-One Exam Guide For Quick Preparation: https://www.prep4away.com/Palo-Alto-Networks-certification/braindumps.PSE-PrismaCloud.ete.file.html
Practice To PSE-PrismaCloud - Prep4away Remarkable Practice On your PSE Palo Alto Networks System Engineer Professional - Prisma Cloud Exam: https://drive.google.com/open?id=1lT4c7YTWJ24FrESArgghenE9aUfuivxY