ExamTopics Logo
Mail Us[email protected]
Menu
Palo-Alto-Networks Discussions
exam questions

Exam PCCSE All Questions

View all questions & answers for the PCCSE exam
Go to Exam

Exam PCCSE topic 1 question 92 discussion

Actual exam question from Palo Alto Networks's PCCSE
Question #: 92
Topic #: 1
[All PCCSE Questions]

An administrator needs to detect and alert on any activities performed by a root account.

Which policy type should be used?

  • A. config-run
  • B. config-build
  • C. network
  • D. audit event
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by poiuytr at Jan. 22, 2023, 7:57 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Leonel01
10 months, 2 weeks ago
D - It should be with event type RQL, but I did it with config-run policy type as well, in AWS can be done with that type of policy
upvoted 1 times
...
Spippolo
1 year, 11 months ago
Selected Answer: D
D --> Audit Event—A set of RQL based policies that monitors audit events in your environment for potential policy violations. You create audit policies to flag sensitive events such as root activities or configuration changes that may potentially put your cloud environment at risk. To view all of the audit event policies available, apply a filter for Policy Type and select Audit Event. Refer to Create a Network or Audit Event Policy to learn how to create custom audit event policies.
upvoted 1 times
...
Chichi23
2 years ago
D. audit event
upvoted 1 times
...
poiuytr
2 years, 3 months ago
Selected Answer: D
D https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/prisma-cloud-policies/prisma-cloud-threat-detection
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago