CloudSec-Pro Exam Dumps - Palo Alto Networks Cloud Security Professional

Using the Prisma Cloud API, users can fetch various attributes of policies, including the policy label (Option A) and policy mode (Option C). The policy label helps in categorizing and organizing policies, while the policy mode determines how the policy is enforced (e.g., alert, enforce). The policy signature (Option B) is not a standard attribute exposed via the API for fetching, as it relates more to the internal identification and handling of policies. The policy violation (Option D) is an outcome or event resulting from a policy breach, not an attribute of the policy itself that can be fetched via the API.

RESOURCE_DELETED Resource was deleted. USER_DISMISSED Alert was dismissed or snoozed by the Prisma Cloud administrator with role of System admin, Account Group Admin, or Account and Cloud Provisioning Admin. POLICY_UPDATED Policy was updated. This status indicates a change in the policy RQL that results in a resource not being in scope for the policy evaluation.

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000004OQ2CAM

bat --> Data Classification

apk --> Malware Scanning

vb --> Data Classification

py --> Data Classification

https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/prisma-cloud-data-security/monitor-data-security-scan-prisma-cloud/supported-file-extensions

Prisma Cloud Data Security (PCDS) supports various file types for malware scanning, including .apk files, which are Android Package files used for installing applications on Android operating systems. This support is crucial for ensuring that applications deployed on or distributed through Android devices are free from malware and safe for user installation.

Click Delete if you want to remove the notification from the alarm center. Once deleted, a similar alarm will not appear for the next 24 hours, if the same error occurs in that time period. After 24 hours, a similar error will generate a new alarm notification. https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/manage-prisma-cloud-alarms/review-alarms

Web-Application and API Security (WAAS) is a feature within Prisma Cloud that focuses on protecting web applications and APIs from various threats and vulnerabilities. The primary protocols it provides protection for are HTTP (Hypertext Transfer Protocol) and TLS (Transport Layer Security). HTTP is the foundation of data communication for the World Wide Web, and TLS is a cryptographic protocol designed to provide communications security over a computer network. While SSH (Secure Shell) is a protocol for secure remote login and other secure network services, and Tomcat Web Connector via AJP (Apache JServ Protocol) is used for Tomcat server communication, they are not the primary focus of WAAS protection.

Reference tech docs: https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/continuous_integration/set_policy_ci_plugins.html

Vulnerability rules that target the build tool can allow specific vulnerabilities by creating an exception and setting the effect to 'ignore'. Block them by creating an exception and setting hte effect to 'fail'. For example, you could create a vulnerability rule that explicitly allows CVE-2018-1234 to suppress warnings in the scan results.

To fail CI jobs based on a specific CVE contained within an image, the development team should configure the policy within Prisma Cloud's Console, specifically within the Continuous Integration (CI) policy settings. By setting a specific CVE exception in the CI policy, the team can define criteria that will cause the CI process to fail if the specified CVE is detected in the scanned image. This approach allows for granular control over the build process, ensuring that images with known vulnerabilities are not promoted through the CI/CD pipeline, thereby maintaining the security posture of the deployed applications. This method is in line with best practices for integrating security into the CI/CD process, allowing for automated enforcement of security standards directly within the development pipeline.

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000oMkpCAE &lang=en_US%E2%80%A9&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

When configuring Kubernetes to use Prisma Cloud Compute as an admission controller, a crucial step involves D. copy the admission controller configuration from the Console and apply it to Kubernetes. This step is essential for integrating Prisma Cloud Compute's security controls directly into the Kubernetes admission process, enabling real-time security assessments and policy enforcement for new or modified resources within the cluster.

https://docs.paloaltonetworks.com/prisma/prisma-cloud/20-04/prisma-cloud-compute-edition-admin/access_control/open_policy_agent.html step 2

B --> Anomaly Trusted List—Exclude trusted IP addresses when conducting tests for PCI compliance or penetration testing on your network. Any addresses included in this list do not generate alerts against the Prisma Cloud Anomaly Policies that detect unusual network activity such as the policies that detect internal port scan and port sweep activity, which are enabled by default. C --> Trusted Alert IP Addresses—If you have internal networks that connect to your public cloud infrastructure, you can add these IP address ranges (or CIDR blocks) as trusted ... Prisma Cloud default network policies that look for internet exposed instances also do not generate alerts when the source IP address is included in the trusted IP address list and the account hijacking anomaly policy filters out activities from known IP addresses. Also, when you use RQL to query network traffic, you can filter out traffic from known networks that are included in the trusted IP address list.

For a customer who does not want alerts to be generated from network traffic originating from trusted internal networks, the appropriate setting is C. Trusted Alert IP Addresses. This setting allows for specifying certain IP addresses as trusted, meaning alerts will not be triggered by activities from these IPs, ensuring that internal network traffic is not flagged as potentially malicious.