What are the three states of the Container Runtime Model? (Choose three.)
Correct Answer: A,D,E
Question 12
Which two bot types are part of Web Application and API Security (WAAS) bot protection? (Choose two.)
Correct Answer: B,C
Web Application and API Security (WAAS) bot protection within the Prisma Cloud ecosystem includes various types of bots, with "User-defined bots" and "Unknown bots" being two key categories. User-defined bots refer to bots that organizations have explicitly identified and categorized based on their behavior and purpose. These can include legitimate bots such as search engine crawlers or internal automation tools, which are recognized and allowed based on predefined criteria set by the user. Unknown bots, on the other hand, encompass bots that have not been explicitly identified or categorized by the user or the system. These can potentially include malicious bots that attempt to scrape data, perform DDoS attacks, or exploit vulnerabilities in web applications and APIs. The categorization of unknown bots is crucial for maintaining security, as it allows for the monitoring and analysis of bot behavior to identify potential threats and take appropriate actions. In the context of Prisma Cloud and its emphasis on securing cloud-native applications, the differentiation between user-defined and unknown bots is significant. Prisma Cloud's approach to WAAS bot protection is designed to provide granular control over bot traffic, enabling organizations to distinguish between beneficial and harmful bot activities. This aligns with the broader goal of ensuring the security and integrity of web applications and APIs in a cloud environment, as highlighted in documents such as the "Prisma-Cloud-Visibility-and-Control-Qualification-Guide" and "Guide-to-CSPM-Tools-Email-Social -LP-Copy." These resources emphasize the importance of comprehensive security measures that include the management of bot traffic to protect against a wide range of web-based threats. Reference: "Prisma-Cloud-Visibility-and-Control-Qualification-Guide" discusses the importance of visibility and control in cloud environments, including the management of bot traffic as part of a comprehensive security strategy. "Guide-to-CSPM-Tools-Email-Social -LP-Copy" highlights the need for advanced security tools and practices, such as WAAS bot protection, to manage and mitigate the risks associated with web applications and APIs in the cloud.
Question 13
Which role must be assigned to DevOps users who need access to deploy Container and Host Defenders in Compute?
Correct Answer: B
The role that should be assigned to DevOps users who need access to deploy Container and Host Defenders in Compute within Prisma Cloud is typically "Build and Deploy Security." This role is designed to provide the necessary permissions for users involved in the development and deployment phases of the application lifecycle. It allows them to integrate security measures, such as deploying Container and Host Defenders, into their workflows. By having this role, DevOps teams can ensure that security is embedded into the build and deployment processes, helping to maintain the security of containerized and host-based applications from the outset.
Question 14
An administrator has deployed Console into a Kubernetes cluster running in AWS. The administrator also has configured a load balancer in TCP passthrough mode to listen on the same ports as the default Prisma Compute Console configuration. In the build pipeline, the administrator wants twistcli to talk to Console over HTTPS. Which port will twistcli need to use to access the Prisma Compute APIs?
Correct Answer: C
By default Prisma Cloud listens on: 8083 HTTPS management port for access to Console. 8084 WSS port for Defender to Console communication. https://docs.paloaltonetworks.com/prisma/prisma-cloud/19-11/prisma-cloud-compute-edition-admin/install/insta
Question 15
Review this admission control policy: match[{"msg": msg}] { input.request.operation == "CREATE" input.request.kind.kind == "Pod" input.request.resource.resource == "pods" input.request.object.spec.containers[_].securityContext.privileged msg := "Privileged" } Which response to this policy will be achieved when the effect is set to "block"?
Correct Answer: D
The given admission control policy is designed to evaluate pod creation requests in a Kubernetes environment, specifically targeting the creation of privileged pods, which can pose significant security risks. Option D: The policy will block the creation of a privileged pod is the correct answer when the effect of the policy is set to "block". In this context, the policy's logic checks if a pod being created is set to run in privileged mode (a high-risk configuration that grants the pod extended system privileges). If such a configuration is detected, the policy triggers an action to block the pod's creation, thereby preventing the deployment of privileged pods that could undermine the security posture of the Kubernetes environment. Reference: Kubernetes Admission Controllers Documentation: Provides a comprehensive overview of admission controllers in Kubernetes, including how they can be used to enforce policy decisions, such as preventing the creation of privileged pods. Best Practices for Kubernetes Security: Discusses the importance of admission control policies in maintaining the security and integrity of Kubernetes environments, with specific emphasis on the risks associated with privileged pods.
