ExamTopics Logo
Mail Us[email protected]
Menu
Palo-Alto-Networks Discussions
exam questions

Exam PCCSE All Questions

View all questions & answers for the PCCSE exam
Go to Exam

Exam PCCSE topic 1 question 5 discussion

Actual exam question from Palo Alto Networks's PCCSE
Question #: 5
Topic #: 1
[All PCCSE Questions]

A customer has a requirement to terminate any Container from image topSecret:latest when a process named ransomWare is executed.
How should the administrator configure Prisma Cloud Compute to satisfy this requirement?

  • A. set the Container model to manual relearn and set the default runtime rule to block for process protection.
  • B. set the Container model to relearn and set the default runtime rule to prevent for process protection.
  • C. add a new runtime policy targeted at a specific Container name, add ransomWare process into the denied process list, and set the action to ג€preventג€.
  • D. choose ג€copy into ruleג€ for the Container, add a ransomWare process into the denied process list, and set the action to ג€blockג€.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by [deleted] at Sept. 11, 2021, 7:03 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
[Removed]
Highly Voted 3 years, 7 months ago
Correct answer is D. Block terminate container. Prevent only terminate process.
upvoted 11 times
Phoennix
2 years, 8 months ago
Bro have you given this exam ? Did you passed ? Any link for Dump and study
upvoted 1 times
...
...
elzm
Most Recent 10 months ago
Prevent  — Defender stops the process (and just the process) that violates your policy from executing. Block  — Defender stops the entire container if a process that violates your policy attempts to run. D. https://docs.prismacloud.io/en/classic/compute-admin-guide/runtime-defense/runtime-defense-containers#effect
upvoted 1 times
...
JohnOrtiz
11 months, 2 weeks ago
Selected Answer: D
Option D is the correct answer
upvoted 1 times
...
steven_xie2
1 year, 6 months ago
Correct answer is D
upvoted 1 times
...
Spippolo
1 year, 11 months ago
Selected Answer: D
D. Block terminate container
upvoted 1 times
...
kumar_57
2 years, 1 month ago
The correct option is D because 'prevent' just tells you that operation is not permitted but on enabling 'block', it will terminate your container.
upvoted 1 times
...
Shivam_ayir
2 years, 1 month ago
D is the right option. Prevent only blocks containers from running processes, whereas the requirment is to terminate the container, which is only possible by Block. https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/runtime_defense/runtime_defense_containers
upvoted 1 times
...
NodummyIQ
2 years, 3 months ago
Option C is the correct answer. The administrator should add a new runtime policy targeted at a specific Container name, add the ransomWare process into the denied process list, and set the action to "prevent". This will prevent the ransomWare process from being executed in the Container image topSecret:latest.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago