EMT Practice Test

1. Question Content...


Question List

Question1: A customer has a requirement to automatically protect all Lambda functions with runtime protection. What is the process to automatically protect all the Lambda functions?

Question2: While writing a custom RQL with array objects in the investigate page, which type of auto-suggestion a user can leverage?

Question3: What is an example of an outbound notification within Prisma Cloud?

Question4: Web-Application and API Security (WAAS) provides protection for which two protocols? (Choose two.)

Question5: Which statement is true about obtaining Console images for Prisma Cloud Compute Edition?

Question6: Order the steps involved in onboarding an AWS Account for use with Data Security feature.

Question7: Which method should be used to authenticate to Prisma Cloud Enterprise programmatically?

Question8: The development team wants to block Cross Site Scripting attacks from pods in its environment. How should the team construct the CNAF policy to protect against this attack?

Question9: Which three actions are required in order to use the automated method within Azure Cloud to streamline the process of using remediation in the identity and access management (IAM) module? (Choose three.)

Question10: Which two variables must be modified to achieve automatic remediation for identity and access management (IAM) alerts in Azure cloud? (Choose two.)

Question11: The administrator wants to review the Console audit logs from within the Console Which page in the Console should the administrator use to review this data, if it can be reviewed at all?

Question12: Which intensity setting for anomaly alerts is used for the measurement of 100 events over 30 days?

Question13: Which options show the steps required after upgrade of Console?

Question14: What is the order of steps in a Jenkins pipeline scan?
(Drag the steps into the correct order of occurrence, from the first step to the last.)

Question15: A customer has a requirement to terminate any Container from image topSecret:latest when a process named ransomWare is executed How should the administrator configure Prisma Cloud Compute to satisfy this requirement?

Question16: Which statement accurately characterizes SSO Integration on Prisma Cloud?

Question17: Which three types of classifications are available in the Data Security module? (Choose three.)

Question18: Per security requirements, an administrator needs to provide a list of people who are receiving e-mails for Prisma Cloud alerts.
Where can the administrator locate this list of e-mail recipients?

Question19: What is the function of the external ID when onboarding a new Amazon Web Services (AWS) account in Prisma Cloud?

Question20: What will happen when a Prisma Cloud Administrator has configured agentless scanning in an environment that also has Host and Container Defenders deployed?

Question21: Match the service on the right that evaluates each exposure type on the left.
(Select your answer from the pull-down list. Answers may be used more than once or not at all.)

Question22: What must be created in order to receive notifications about alerts generated when the operator is away from the Prisma Cloud Console?

Question23: A security team has a requirement to ensure the environment is scanned for vulnerabilities. What are three options for configuring vulnerability policies? (Choose three.)

Question24: You wish to create a custom policy with build and run subtypes. Match the query types for each example.
(Select your answer from the pull-down list. Answers may be used more than once or not at all.)

Question25: What happens when a role is deleted in Prisma Cloud?

Question26: Which three elements are part of SSH Events in Host Observations? (Choose three.)

Question27: An administrator has been tasked with a requirement by your DevSecOps team to write a script to continuously query programmatically the existing users, and the user's associated permission levels, in a Prisma Cloud Enterprise tenant.
Which public documentation location should be reviewed to help determine the required attributes to carry out this step?

Question28: An administrator has been tasked with creating a custom service that will download any existing compliance report from a Prisma Cloud Enterprise tenant.
In which order will the APIs be executed for this service?
(Drag the steps into the correct order of occurrence, from the first step to the last.)

Question29: An administrator has a requirement to ingest all Console and Defender logs to Splunk.
Which option will satisfy this requirement in Prisma Cloud Compute?

Question30: What is the order of steps in a Jenkins pipeline scan?
(Drag the steps into the correct order of occurrence, from the first step to the last.)

Question31: A customer does not want alerts to be generated from network traffic that originates from trusted internal networks.
Which setting should you use to meet this customer's request?

Question32: Match the correct scanning mode for each given operation.
(Select your answer from the pull-down list. Answers may be used more than once or not at all.)

Question33: The development team is building pods to host a web front end, and they want to protect these pods with an application firewall.
Which type of policy should be created to protect this pod from Layer7 attacks?

Question34: The development team wants to fail CI jobs where a specific CVE is contained within the image. How should the development team configure the pipeline or policy to produce this outcome?

Question35: A customer has a requirement to terminate any Container from image topSecret:latest when a process named ransomWare is executed.
How should the administrator configure Prisma Cloud Compute to satisfy this requirement?

Question36: An administrator wants to install the Defenders to a Kubernetes cluster. This cluster is running the console on the default service endpoint and will be exporting to YAML.
Console Address: $CONSOLE_ADDRESS Websocket Address: $WEBSOCKET_ADDRESS User: $ADMIN_USER Which command generates the YAML file for Defender install?

Question37: What is the maximum number of access keys a user can generate in Prisma Cloud with a System Admin role?

Question38: A customer does not want alerts to be generated from network traffic that originates from trusted internal networks.
Which setting should you use to meet this customer's request?

Question39: Given the following JSON query:
$.resource[*].aws_s3_bucket exists
Which tab is the correct place to add the JSON query when creating a Config policy?

Question40: A customer wants to be notified about port scanning network activities in their environment. Which policy type detects this behavior?

Question41: Which statement is true about obtaining Console images for Prisma Cloud Compute Edition'?
To retrieve Prisma Cloud Console images using URL auth;

Question42: A customer wants to be notified about port scanning network activities in their environment Which policy type detects this behavior?

Question43: Which options show the steps required after upgrade of Console?

Question44: Which statement about build and run policies is true?

Question45: A customer has configured the JIT, and the user created by the process is trying to log in to the Prisma Cloud console. The user encounters the following error message:

What is the reason for the error message?

Question46: Which options show the steps required to upgrade Console when using projects?

Question47: A security team has been asked to create a custom policy.
Which two methods can the team use to accomplish this goal? (Choose two )

Question48: Which two of the following are required to be entered on the IdP side when setting up SSO in Prisma Cloud? (Choose two.)

Question49: Review this admission control policy:

Which response to this policy will be achieved when the effect is set to "block"?

Question50: You have onboarded a public cloud account into Prisma Cloud Enterprise. Configuration Resource ingestion is visible in the Asset Inventory for the onboarded account, but no alerts are being generated for the configuration assets in the account.
Config policies are enabled in the Prisma Cloud Enterprise tenant, with those policies associated to existing alert rules. ROL statements on the investigate matching those policies return config resource results successfully.
Why are no alerts being generated?

Question51: Which two statements apply to the Defender type Container Defender - Linux?

Question52: An administrator has been tasked with creating a custom service that will download any existing compliance report from a Prisma Cloud Enterprise.
tenant-In which order will the APIs be executed for this service? (Drag the steps into the correct order of occurrence from the first step to the last)

Question53: What is the behavior of Defenders when the Console is unreachable during upgrades?

Question54: The Unusual protocol activity (Internal) network anomaly is generating too many alerts. An administrator has been asked to tune it to the option that will generate the least number of events without disabling it entirely.
Which strategy should the administrator use to achieve this goal?

Question55: An administrator has deployed Console into a Kubernetes cluster running in AWS. The administrator also has configured a load balancer in TCP passthrough mode to listen on the same ports as the default Prisma Compute Console configuration In the build pipeline, the administrator wants twistcli to talk to Console over HTTPS Which port will twistcli need to use to access the Prisma Compute APIs?

Question56: Which type of compliance check is available for rules under Defend > Compliance > Containers and Images > CI?

Question57: Which file extension type is supported for Malware scanning in Prisma Cloud Data Security (PCDS)?

Question58: A S3 bucket within AWS has generated an alert by violating the Prisma Cloud Default policy "AWS S3 buckets are accessible to public" The policy definition follows:
config where cloud type = 'aws' AND api name='aws-s3api-get-bucket-acr AND json.rule="((((acl grants{?(@ grantee='AllUsers')] size > 0) or policyStatusisPubiic is true) and publicAccessBlockConfiguration does not exist) or ((ad.grantsp(@ grantee=='AII Users')] size > 0) and publicAccessBlockConfiguration ignorePubhcAds is false) or (policyStatus isPublic is true and publicAccessBlockConfiguration.restrictPublicBuckets is false)) and websiteConfiguration does not exist" Why did this alert get generated?

Question59: A customer has a requirement to terminate any Container from image topSecret:latest when a process named ransomWare is executed.
How should the administrator configure Prisma Cloud Compute to satisfy this requirement?

Question60: Which two bot types are part of Web Application and API Security (WAAS) bot protection? (Choose two.)

Question61: Given an existing ECS Cluster, which option shows the steps required to install the Console in Amazon ECS?

Question62: A security team has been asked to create a custom policy.
Which two methods can the team use to accomplish this goal? (Choose two.)

Question63: A customer has a development environment with 50 connected Defenders. A maintenance window is set for Monday to upgrade 30 stand-alone Defenders in the development environment, but there is no maintenance window available until Sunday to upgrade the remaining 20 stand-alone Defenders.
Which recommended action manages this situation?

Question64: The development team wants to block Cross Site Scripting attacks from pods in its environment. How should the team construct the CNAF policy to protect against this attack?

Question65: An administrator sees that a runtime audit has been generated for a Container The audit message is DNS resolution of suspicious name wikipedia.com. type A".
Why would this message appear as an audit?

Question66: A customer finds that an open alert from the previous day has been resolved. No auto-remediation was configured.
Which two reasons explain this change in alert status? (Choose two.)

Question67: Which two fields are required to configure SSO in Prisma Cloud? (Choose two.)

Question68: Which statement is true about obtaining Console images for Prisma Cloud Compute Edition?

Question69: A customer is deploying Defenders to a Fargate environment. It wants to understand the vulnerabilities in the image it is deploying.
How should the customer automate vulnerability scanning for images deployed to Fargate?

Question70: What is the order of steps to create a custom network policy?
(Drag the steps into the correct order of occurrence, from the first step to the last.)

Question71: What are two ways to scan container images in Jenkins pipelines? (Choose two.)

Question72: A customer is reviewing Container audits, and an audit has identified a cryptominer attack. Which three options could have generated this audit? (Choose three.)

Question73: An administrator needs to write a script that automatically deactivates access keys that have not been used for 30 days.
In which order should the API calls be used to accomplish this task? (Drag the steps into the correct order from the first step to the last.) Select and Place:

Question74: How are the following categorized?
* Backdoor account access
* Hijacked processes
* Lateral movement
* Port scanning

Question75: Which two attributes of policies can be fetched using API? (Choose two.)

Question76: Put the steps involved to configure and scan using the IntelliJ plugin in the correct order.

Question77: The security team wants to protect a web application container from an SQLi attack? Which type of policy should the administrator create to protect the container?

Question78: Order the steps involved in onboarding an AWS Account for use with Data Security feature.

Question79: Which option identifies the Prisma Cloud Compute Edition?

Question80: Which component(s), if any, will Palo Alto Networks host and run when a customer purchases Prisma Cloud Enterprise Edition?

Question81: A customer has a large environment that needs to upgrade Console without upgrading all Defenders at one time. What are two prerequisites prior to performing a rolling upgrade of Defenders? (Choose two.)

Question82: A customer wants to scan a serverless function as part of a build process. Which twistcli command can be used to scan serverless functions?

Question83: A customer wants to monitor the company's AWS accounts via Prisma Cloud, but only needs the resource configuration to be monitored for now.
Which two pieces of information do you need to onboard this account? (Choose two.)

Question84: Which two processes ensure that builds can function after a Console upgrade? (Choose two )

Question85: Which resource and policy type are used to calculate AWS Net Effective Permissions? (Choose two.)

Question86: Which two bot categories belong to unknown bots under Web-Application and API Security (WAAS) bot protection? (Choose two.)

Question87: What is an automatically correlated set of individual events generated by the firewall and runtime sensors to identify unfolding attacks?

Question88: Which policy type in Prisma Cloud can protect against malware?

Question89: Match the correct scanning mode for each given operation.
(Select your answer from the pull-down list. Answers may be used more than once or not at all.)

Question90: A customer has serverless functions that are deployed in multiple clouds.
Which serverless cloud provider is covered be "overly permissive service access" compliance check?

Question91: A customer has a requirement to scan serverless functions for vulnerabilities.
What is the correct option to configure scanning?

Question92: Which intensity setting for anomaly alerts is used for the measurement of 100 events over 30 days?

Question93: What is the correct method for ensuring key-sensitive data related to SSNs and credit card numbers cannot be viewed in Dashboard > Data view during investigations?

Question94: Which statement is true regarding CloudFormation templates?

Question95: A customer is interested in PCI requirements and needs to ensure that no privilege containers can start in the environment.
Which action needs to be set for "do not use privileged containers"?

Question96: Which statement about build and run policies is true?

Question97: What is the default namespace created by Defender DaemonSet during deployment?

Question98: Which two CI/CD plugins are supported by Prisma Cloud as part of its DevOps Security? (Choose two.).

Question99: Which three fields are mandatory when authenticating the Prisma Cloud plugin in the IntelliJ application? (Choose three.)

Question100: An administrator has deployed Console into a Kubernetes cluster running in AWS. The administrator also has configured a load balancer in TCP passthrough mode to listen on the same ports as the default Prisma Compute Console configuration.
In the build pipeline, the administrator wants twistcli to talk to Console over HTTPS. Which port will twistcli need to use to access the Prisma Compute APIs?

Question101: You are tasked with configuring a Prisma Cloud build policy for Terraform. What type of query is necessary to complete this policy?

Question102: The Prisma Cloud administrator has configured a new policy.
Which steps should be used to assign this policy to a compliance standard?

Question103: The Compute Console has recently been upgraded, and the administrator plans to delay upgrading the Defenders and the Twistcli tool until some of the team's resources have been rescaled. The Console is currently one major release ahead.
What will happen as a result of the Console upgrade?

Question104: A customer is interested in PCI requirements and needs to ensure that no privilege containers can start in the environment.
Which action needs to be set for "do not use privileged containers"?

Question105: What is the order of steps in a Jenkins pipeline scan?
(Drag the steps into the correct order of occurrence, from the first step to the last.)

Question106: Match the correct scanning mode for each given operation.
(Select your answer from the pull-down list. Answers may be used more than once or not at all.)

Question107: Which two attributes are required for a custom config RQL? (Choose two.)

Question108: Which authentication mechanism is supported by Prisma Cloud?

Question109: A customer wants to harden its environment from misconfiguration.
Prisma Cloud Compute Compliance enforcement for hosts covers which three options? (Choose three.)

Question110: A Prisma Cloud administrator is tasked with pulling a report via API. The Prisma Cloud tenant is located on app2.prismacloud.io.
What is the correct API endpoint?

Question111: Which of the following is displayed in the asset inventory?

Question112: Which component of a Kubernetes setup can approve, modify, or reject administrative requests?

Question113: A business unit has acquired a company that has a very large AWS account footprint The plan is to immediately start onboarding the new company's AWS accounts into Prisma Cloud Enterprise tenant immediately The current company is currently not using AWS Organizations and will require each account to be onboarded individually The business unit has decided to cover the scope of this action and determined that a script should be written to onboard each of these accounts with general settings to gam immediate posture visibility across the accounts.
Which API endpoint will specifically add these accounts into the Prisma Cloud Enterprise tenant?

Question114: Which two actions are required in order to use the automated method within Amazon Web Services (AWS) Cloud to streamline the process of using remediation in the identity and access management (IAM) module? (Choose two.)

Question115: An administrator needs to detect and alert on any activities performed by a root account.
Which policy type should be used?

Question116: Which statement is true regarding CloudFormation templates?

Question117: You wish to create a custom policy with build and run subtypes.
Match the query types for each example.
(Select your answer from the pull-down list. Answers may be used more than once or not at all.)

Question118: Which three serverless runtimes are supported by Prisma Cloud for vulnerability and compliance scans? (Choose three.)