Which RQL will trigger the following audit event activity?
A.
event from cloud.audit_logs where operation = ConsoleLogin AND user = ‘root’
B.
event from cloud.audit_logs where cloud.service = ‘s3.amazonaws.com’ AND json.rule = $.userAgent contains ‘parrot’
C.
event from cloud.audit_logs where operation IN (‘cloudsql.instances.update’,‘cloudsql.sslCerts.create’,‘cloudsql.instances.create’,‘cloudsql.instance’)
D.
event from cloud.audit_logs where operation IN (‘GetBucketWebsite’, ‘PutBucketWebsite’, ‘DeleteBucketWebsite’)
A
Event Query- Used to detect and investigate console and API access events, monitor privileged activities, detect account compromise, and detect unusual user behavior in your cloud environments.
See Event Query Attributes & Examples (https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-rql-reference/rql-reference/event-query#id7f21ba55-c711-4996-be59-3e6ce80ea9e4)
The RQL "event from cloud.audit_logs where operation = ConsoleLogin AND user = ‘root’’ searches for console login operations performed by a root user.
This section is not available anymore. Please use the main Exam Page.PCCSE Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
assadhashmi
8 months agoJihe
10 months, 3 weeks agoSpippolo
11 months ago