D
You can choose one or both the policy subtypes options:
Run subtype enables you to scan cloud resources that are already deployed on a supported cloud platform.
Build subtype enables you to scan code repositories and IaC templates that are used to deploy cloud resources.
E --> The correct place to add the JSON query when creating a Config policy is in the "Build Your Rule (Build tab)" of the Config policy creation. In the Build Your Rule section, you can define the conditions and rules using JSON-based queries to specify the desired policy criteria.
RQL type is run
JSON query type is build --> The policies used for scanning IaC templates use a JSON query instead of RQL.
D
The doc below shows: in Step 3 select Subtype
Select Run or Build
in Step 5 Under Run tab
Build the query to define the match criteria for your policy.
2) Add a rule for the Build phase.
*Build phase policies do not support remediation CLI; however add the instructions for manually fixing the issue.
(https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/prisma-cloud-policies/create-a-policy)
Agree:
config from cloud.resource where json.rule = $.resource[*].aws_s3_bucket exists
is OK
upvoted 3 times
...
...
...
This section is not available anymore. Please use the main Exam Page.PCCSE Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
tipzzz
Highly Voted 1 year, 3 months agogoofball
Most Recent 9 months, 1 week agogoofball
9 months, 1 week agoSpippolo
11 months agoJihe
11 months agoChichi23
1 year agoRedrum702
1 year, 3 months agoRedrum702
1 year, 3 months agopoiuytr
1 year, 3 months ago