Amazon
Avaya
Checkpoint
Cisco®
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL®
Juniper
Microsoft
MuleSoft
Okta
Palo Alto Networks
Salesforce
SAP
All Vendors
  1. Home
  2. Palo Alto Networks
  3. PCCSE

Palo Alto Networks PCCSE Exam (page: 8)
Palo Alto Networks Prisma Certified Cloud Security Engineer
Updated on: 28-Jul-2025

Viewing Page 8 of 51
PCCSE PDF 260 Questions

A security team has a requirement to ensure the environment is scanned for vulnerabilities.
What are three options for configuring vulnerability policies? (Choose three.)

  1. individual actions based on package type
  2. output verbosity for blocked requests
  3. apply policy only when vendor fix is available
  4. individual grace periods for each severity level
  5. customize message on blocked requests

Answer(s): A,C,D

Explanation:

Configuring vulnerability policies within Prisma Cloud involves several options that cater to different aspects of vulnerability management and policy enforcement. Options A, C, and D are valid configurations for vulnerability policies:
A) Individual actions based on package type allow for tailored responses to vulnerabilities found in specific types of software packages, enabling more granular control over the remediation process. C) Applying policies only when a vendor fix is available helps prioritize the remediation of vulnerabilities for which a patch or update has been released by the software vendor, ensuring efficient use of resources in addressing the most actionable security issues. D) Setting individual grace periods for each severity level allows organizations to define different time frames for addressing vulnerabilities based on their severity, enabling a prioritized and risk- based approach to vulnerability management.
These configurations support a comprehensive vulnerability management strategy by allowing customization and prioritization based on the nature of the vulnerability, the availability of fixes, and the risk level associated with each vulnerability.



The Unusual protocol activity (Internal) network anomaly is generating too many alerts. An administrator has been asked to tune it to the option that will generate the least number of events without disabling it entirely.

Which strategy should the administrator use to achieve this goal?

  1. Disable the policy
  2. Set the Alert Disposition to Conservative
  3. Change the Training Threshold to Low
  4. Set Alert Disposition to Aggressive

Answer(s): B

Explanation:

To reduce the number of alerts generated by the "Unusual protocol activity (Internal)" network anomaly without entirely disabling the policy, setting the Alert Disposition to Conservative (option B) is the most effective strategy. This configuration adjusts the sensitivity of the anomaly detection, reducing the likelihood of false positives and minimizing alert fatigue without compromising the ability to detect genuine security threats. By adopting a more conservative approach to anomaly detection, the administrator can ensure that only the most significant and potentially harmful activities trigger alerts, thus maintaining a balance between security vigilance and operational efficiency.



What is the behavior of Defenders when the Console is unreachable during upgrades?

  1. Defenders continue to alert, but not enforce, using the policies and settings most recently cached before upgrading the Console.
  2. Defenders will fail closed until the web-socket can be re-established.
  3. Defenders will fail open until the web-socket can be re-established.
  4. Defenders continue to alert and enforce using the policies and settings most recently cached before upgrading the Console.

Answer(s): D

Explanation:

When the Console is unreachable during upgrades, Defenders continue to alert and enforce using the policies and settings most recently cached before the upgrade (option D). This behavior ensures that security enforcement remains active and consistent, even when the central management console is temporarily unavailable. The cached policies enable Defenders to maintain the security posture based on the last known configuration, ensuring continuous protection against threats and compliance with established security policies. This approach reflects Prisma Cloud's design principle of ensuring uninterrupted security enforcement, thereby safeguarding the environment against potential vulnerabilities during maintenance periods.


Reference:

https://docs.paloaltonetworks.com/prisma/prisma-cloud/20-09/prisma-cloud-compute- edition- admin/upgrade/upgrade_process.html



How are the following categorized?
Backdoor account access Hijacked processes Lateral movement Port scanning

  1. audits
  2. incidents
  3. admission controllers
  4. models

Answer(s): B

Explanation:

The activities listed (Backdoor account access, Hijacked processes, Lateral movement, Port scanning) are categorized as incidents (option B). Incidents represent security events or patterns of activity that indicate potential security breaches or malicious behavior within the environment. Prisma Cloud identifies and classifies such activities as incidents to highlight significant security concerns that require investigation and potential remediation. This categorization helps security teams prioritize their response efforts, focusing on activities that pose a real threat to the integrity and security of the cloud environment. By distinguishing incidents from other types of security findings, Prisma Cloud enables more effective incident response and threat management processes.



DRAG DROP (Drag and Drop is not supported)
An administrator needs to write a script that automatically deactivates access keys that have not been used for 30 days.

In which order should the API calls be used to accomplish this task? (Drag the steps into the correct order from the first step to the last.) Select and Place:

  1. See Explanation section for answer.

Answer(s): A

Explanation:


GET https://api.prismacloud.io/access_keys
PATCH https://api.prismacloud.io/access_keys/<id>/status/<status>
POST https://api.prismacloud.io/login

To write a script that automatically deactivates access keys that have not been used for 30 days, an administrator would need to follow an ordered sequence of API calls to the Prisma Cloud platform. The first API call must authenticate the script with the Prisma Cloud API, which is typically done using a POST request to the login endpoint. This step is necessary to establish a session and retrieve an authentication token required for subsequent API calls. Once the script is authenticated, the next call is a GET request to the access_keys endpoint. This retrieves a list of all access keys within the environment. The script can then parse through these keys to determine which ones have not been used within the specified timeframe of 30 days. For each access key that meets the criteria (unused for 30 days), the script must send a PATCH request to the specific access key's endpoint, which includes the access key ID and the desired status. This request will change the status of the access key to 'inactive' or a similar status that denotes deactivation.
Following this ordered sequence ensures that the script systematically authenticates, evaluates, and updates the status of access keys based on their usage, thereby maintaining security and compliance within the Prisma Cloud environment.



Viewing Page 8 of 51



Share your comments for Palo Alto Networks PCCSE exam with other users:

Luis 11/16/2023 1:39:00 PM

can anyone tell me if this is for rhel8 or rhel9?
UNITED STATES


hik 1/19/2024 1:47:00 PM

good content
UNITED STATES


Blessious Phiri 8/15/2023 2:18:00 PM

pdb and cdb are critical to the database
Anonymous


Zuned 10/22/2023 4:39:00 AM

till 104 questions are free, lets see how it helps me in my exam today.
UNITED STATES


Muhammad Rawish Siddiqui 12/3/2023 12:11:00 PM

question # 56, answer is true not false.
SAUDI ARABIA


Amaresh Vashishtha 8/27/2023 1:33:00 AM

i would be requiring dumps to prepare for certification exam
Anonymous


Asad 9/8/2023 1:01:00 AM

very helpful
PAKISTAN


Blessious Phiri 8/13/2023 3:10:00 PM

control file is the heart of rman backup
Anonymous


Senthil 9/19/2023 5:47:00 AM

hi could you please upload the ibm c2090-543 dumps
Anonymous


Harry 6/27/2023 7:20:00 AM

appriciate if you could upload this again
AUSTRALIA


Anonymous 7/10/2023 4:10:00 AM

please upload the dump
SWEDEN


Raja 6/20/2023 5:30:00 AM

i found some questions answers mismatch with explanation answers. please properly update
UNITED STATES


Doora 11/30/2023 4:20:00 AM

nothing to mention
Anonymous


deally 1/19/2024 3:41:00 PM

knowable questions
UNITED STATES


Sonia 7/23/2023 4:03:00 PM

very helpfull
UNITED STATES


binEY 10/6/2023 5:15:00 AM

good questions
Anonymous


Neha 9/28/2023 1:58:00 PM

its helpful
Anonymous


Desmond 1/5/2023 9:11:00 PM

i just took my oracle exam and let me tell you, this exam dumps was a lifesaver! without them, iam not sure i would have passed. the questions were tricky and the answers were obscure, but the exam dumps had everything i needed. i would recommend to anyone looking to pass their oracle exams with flying colors (and a little bit of cheating) lol.
SINGAPORE


Davidson OZ 9/9/2023 6:37:00 PM

22. if you need to make sure that one computer in your hot-spot network can access the internet without hot-spot authentication, which menu allows you to do this? answer is ip binding and not wall garden. wall garden allows specified websites to be accessed with users authentication to the hotspot
Anonymous


381 9/2/2023 4:31:00 PM

is question 1 correct?
Anonymous


Laurent 10/6/2023 5:09:00 PM

good content
Anonymous


Sniper69 5/9/2022 11:04:00 PM

manged to pass the exam with this exam dumps.
UNITED STATES


Deepak 12/27/2023 2:37:00 AM

good questions
SINGAPORE


dba 9/23/2023 3:10:00 AM

can we please have the latest exam questions?
Anonymous


Prasad 9/29/2023 7:27:00 AM

please help with jn0-649 latest dumps
HONG KONG


GTI9982 7/31/2023 10:15:00 PM

please i need this dump. thanks
CANADA


Elton Riva 12/12/2023 8:20:00 PM

i have to take the aws certified developer - associate dva-c02 in the next few weeks and i wanted to know if the questions on your website are the same as the official exam.
Anonymous


Berihun Desalegn Wonde 7/13/2023 11:00:00 AM

all questions are more important
Anonymous


gr 7/2/2023 7:03:00 AM

ques 4 answer should be c ie automatically recover from failure
Anonymous


RS 7/27/2023 7:17:00 AM

very very useful page
INDIA


Blessious Phiri 8/12/2023 11:47:00 AM

the exams are giving me an eye opener
Anonymous


AD 10/22/2023 9:08:00 AM

3rd so far, need to cover more
Anonymous


Matt 11/18/2023 2:32:00 AM

aligns with the pecd notes
Anonymous


Sri 10/15/2023 4:38:00 PM

question 4: b securityadmin is the correct answer. https://docs.snowflake.com/en/user-guide/security-access-control-overview#access-control-framework
GERMANY