EMT Practice Test

1. Question Content...


Question List

Question1: Which two elements are included in the audit trail section of the asset detail view? (Choose two).

Question2: A customer finds that an open alert from the previous day has been resolved. No auto-remediation was configured.
Which two reasons explain this change in alert status? (Choose two.)

Question3: Which two integrated development environment (IDE) plugins are supported by Prisma Cloud as part of its Code Security? (Choose two.)

Question4: Which step is included when configuring Kubernetes to use Prisma Cloud Compute as an admission controller?

Question5: Which of the below actions would indicate - "The timestamp on the compliance dashboard?

Question6: Which statement applies to Adoption Advisor?

Question7: Which component(s), if any, will Palo Alto Networks host and run when a customer purchases Prisma Cloud Enterprise Edition?

Question8: Taking which action will automatically enable all severity levels?

Question9: Which step should a SecOps engineer implement in order to create a network exposure policy that identifies instances accessible from any untrusted internet sources?

Question10: Console is running in a Kubernetes cluster, and Defenders need to be deployed on nodes within this cluster.
How should the Defenders in Kubernetes be deployed using the default Console service name?

Question11: How are the following categorized?
Backdoor account access Hijacked processes Lateral movement
Port scanning

Question12: Which Defender type performs registry scanning?

Question13: Which three types of buckets exposure are available in the Data Security module? (Choose three.)

Question14: Which of the following is displayed in the asset inventory?

Question15: Which order of steps map a policy to a custom compliance standard?
(Drag the steps into the correct order of occurrence, from the first step to the last.)

Question16: Which role must be assigned to DevOps users who need access to deploy Container and Host Defenders in Compute?

Question17: An administrator has access to a Prisma Cloud Enterprise.
What are the steps to deploy a single container Defender on an ec2 node?

Question18: An administrator sees that a runtime audit has been generated for a container.
The audit message is:
"/bin/ls launched and is explicitly blocked in the runtime rule. Full command: ls -latr" Which protection in the runtime rule would cause this audit?

Question19: Given the following audit event activity snippet:

Which RQL will be triggered by the audit event?

Question20: Which type of query is used for scanning Infrastructure as Code (laC) templates?

Question21: In which Console menu would an administrator verify whether a custom compliance check is failing or passing?

Question22: Which two attributes are required for a custom config RQL? (Choose two.)

Question23: Which two integrations enable ingesting host findings to generate alerts? (Choose two.)

Question24: Which RQL will trigger the following audit event activity?

Question25: Anomaly policy uses which two logs to identify unusual network and user activity? (Choose two.)

Question26: A security team has been asked to create a custom policy.
Which two methods can the team use to accomplish this goal? (Choose two.)

Question27: A business unit has acquired a company that has a very large AWS account footprint. The plan is to immediately start onboarding the new company's AWS accounts into Prisma Cloud Enterprise tenant immediately. The current company is currently not using AWS Organizations and will require each account to be onboarded individually.
The business unit has decided to cover the scope of this action and determined that a script should be written to onboard each of these accounts with general settings to gain immediate posture visibility across the accounts.
Which API endpoint will specifically add these accounts into the Prisma Cloud Enterprise tenant?

Question28: Which alert deposition severity must be chosen to generate low and high severity alerts in the Anomaly settings when user wants to report on an unknown browser and OS, impossible time travel, or both due to account hijacking attempts?

Question29: Which three actions are required in order to use the automated method within Azure Cloud to streamline the process of using remediation in the identity and access management (IAM) module? (Choose three.)

Question30: Which command correctly outputs scan results to stdout in tabular format and writes scan results to a JSON file while still sending the results to Console?

Question31: A customer has a requirement to scan serverless functions for vulnerabilities.
What is the correct option to configure scanning?

Question32: An administrator wants to install the Defenders to a Kubernetes cluster. This cluster is running the console on the default service endpoint and will be exporting to YAML.
Console Address: $CONSOLE_ADDRESS Websocket Address: $WEBSOCKET_ADDRESS User: $ADMIN_USER Which command generates the YAML file for Defender install?

Question33: Which policy type in Prisma Cloud can protect against malware?

Question34: When an alert notification from the alarm center is deleted, how many hours will a similar alarm be suppressed by default?

Question35: On which cloud service providers can you receive new API release information for Prisma Cloud?

Question36: Which option shows the steps to install the Console in a Kubernetes Cluster?

Question37: Which two statements are true about the differences between build and run config policies? (Choose two.)

Question38: Put the steps involved to configure and scan using the IntelliJ plugin in the correct order.

Question39: A security team notices a number of anomalies under Monitor > Events. The incident response team works with the developers to determine that these anomalies are false positives.
What will be the effect if the security team chooses to Relearn on this image?

Question40: The administrator wants to review the Console audit logs from within the Console.
Which page in the Console should the administrator use to review this data, if it can be reviewed at all?

Question41: Which two statements apply to the Defender type Container Defender - Linux?

Question42: A security team is deploying Cloud Native Application Firewall (CNAF) on a containerized web application. The application is running an NGINX container. The container is listening on port 8080 and is mapped to host port 80.
Which port should the team specify in the CNAF rule to protect the application?

Question43: Given the following RQL:

Which audit event snippet is identified by the RQL?

Question44: Which three types of classifications are available in the Data Security module? (Choose three.)

Question45: An administrator for Prisma Cloud needs to obtain a graphical view to monitor all connections, including connections across hosts and connections to any configured network objects.
Which setting does the administrator enable or configure to accomplish this task?

Question46: An administrator has deployed Console into a Kubernetes cluster running in AWS. The administrator also has configured a load balancer in TCP passthrough mode to listen on the same ports as the default Prisma Compute Console configuration.
In the build pipeline, the administrator wants twistcli to talk to Console over HTTPS. Which port will twistcli need to use to access the Prisma Compute APIs?

Question47: Prisma Cloud cannot integrate which of the following secrets managers?

Question48: What is the purpose of Incident Explorer in Prisma Cloud Compute under the "Monitor" section?

Question49: You are tasked with configuring a Prisma Cloud build policy for Terraform. What type of query is necessary to complete this policy?

Question50: An administrator wants to retrieve the compliance policies for images scanned in a continuous integration (CI) pipeline.
Which endpoint will successfully execute to enable access to the images via API?

Question51: Which ROL query is used to detect certain high-risk activities executed by a root user in AWS?

Question52: Which statement is true regarding CloudFormation templates?

Question53: What should be used to associate Prisma Cloud policies with compliance frameworks?

Question54: A customer does not want alerts to be generated from network traffic that originates from trusted internal networks.
Which setting should you use to meet this customer's request?

Question55: Which Prisma Cloud policy type detects port scanning activities in a customer environment?

Question56: Which data storage type is supported by Prisma Cloud Data Security?

Question57: In Prisma Cloud for Azure Net Effective Permissions Calculation, the following Azure permission levels are supported by which three permissions? (Choose three).

Question58: A customer has a large environment that needs to upgrade Console without upgrading all Defenders at one time.
What are two prerequisites prior to performing a rolling upgrade of Defenders? (Choose two.)

Question59: Which three steps are involved in onboarding an account for Data Security? (Choose three.)

Question60: An administrator has a requirement to ingest all Console and Defender logs to Splunk.
Which option will satisfy this requirement in Prisma Cloud Compute?

Question61: Which alerts are fixed by enablement of automated remediation?

Question62: The attempted bytes count displays?

Question63: The development team is building pods to host a web front end, and they want to protect these pods with an application firewall.
Which type of policy should be created to protect this pod from Layer7 attacks?

Question64: Which intensity setting for anomaly alerts is used for the measurement of 100 events over 30 days?

Question65: How does assigning an account group to an administrative user on Prisma Cloud help restrict access to resources?

Question66: An administrator has been tasked with a requirement by your DevSecOps team to write a script to continuously query programmatically the existing users, and the user's associated permission levels, in a Prisma Cloud Enterprise tenant.
Which public documentation location should be reviewed to help determine the required attributes to carry out this step?

Question67: What is the correct method for ensuring key-sensitive data related to SSNs and credit card numbers cannot be viewed in Dashboard > Data view during investigations?

Question68: Which ban for DoS protection will enforce a rate limit for users who are unable to post five (5) ". tar.gz" files within five (5) seconds?

Question69: You wish to create a custom policy with build and run subtypes. Match the query types for each example.
(Select your answer from the pull-down list. Answers may be used more than once or not at all.)

Question70:

Question71: Which component of a Kubernetes setup can approve, modify, or reject administrative requests?

Question72: A Systems Engineer is the administrator of a self-hosted Prisma Cloud console. They upgraded the console to the latest version. However, after the upgrade, the console does not show all the policies configured. Before they upgraded the console, they created a backup manually and exported it to a local drive. Now they have to install a Prisma Cloud to restore from the backup that they manually created. Which Prisma Cloud version can they can restore with the backup?

Question73: The security team wants to protect a web application container from an SQLi attack. Which type of policy should the administrator create to protect the container?

Question74: When would a policy apply if the policy is set under Defend > Vulnerability > Images > Deployed?

Question75: Which three public cloud providers are supported for VM image scanning? (Choose three.)

Question76: The security team wants to enable the "block" option under compliance checks on the host.
What effect will this option have if it violates the compliance check?

Question77: Which three actions are available for the container image scanning compliance rule? (Choose three.)

Question78: Which three incident types will be reflected in the Incident Explorer section of Runtime Defense? (Choose three.)

Question79: Which two filters are available in the SecOps dashboard? (Choose two.)

Question80: On which cloud service providers can new API release information for Prisma Cloud be received?

Question81: Put the steps of integrating Okta with Prisma Cloud in the right order in relation to CIEM or SSO okra integration.

Question82: An administrator of Prisma Cloud wants to enable role-based access control for Docker engine.
Which configuration step is needed first to accomplish this task?

Question83: Move the steps to the correct order to set up and execute a serverless scan using AWS DevOps.

Question84: Per security requirements, an administrator needs to provide a list of people who are receiving e-mails for Prisma Cloud alerts.
Where can the administrator locate this list of e-mail recipients?

Question85: Which RQL query will help create a custom identity and access management (1AM) policy to alert on Lambda functions that have permission to terminate FP9 instances?

Question86: You are an existing customer of Prisma Cloud Enterprise. You want to onboard a public cloud account and immediately see all of the alerts associated with this account based off ALL of your tenant's existing enabled policies. There is no requirement to send alerts from this account to a downstream application at this time.
Which option shows the steps required during the alert rule creation process to achieve this objective?

Question87: Which three AWS policy types and identities are used to calculate the net effective permissions? (Choose three).

Question88: A customer has Prisma Cloud Enterprise and host Defenders deployed.
What are two options that allow an administrator to upgrade Defenders? (Choose two.)

Question89: Which port should a security team use to pull data from Console's API?

Question90: A customer has multiple violations in the environment including:
User namespace is enabled
An LDAP server is enabled
SSH root is enabled
Which section of Console should the administrator use to review these findings?

Question91: In Prisma Cloud Software Release 22.06 (Kepler), which Registry type is added?

Question92: A customer is interested in PCI requirements and needs to ensure that no privilege containers can start in the environment.
Which action needs to be set for "do not use privileged containers"?

Question93: If you are required to run in an air-gapped environment, which product should you install?

Question94: Prisma Cloud supports sending audit event records to which three targets? (Choose three.)

Question95: The InfoSec team wants to be notified via email each time a Security Group is misconfigured. Which Prisma Cloud tab should you choose to complete this request?

Question96: A customer wants to scan a serverless function as part of a build process. Which twistcli command can be used to scan serverless functions?

Question97: What must be created in order to receive notifications about alerts generated when the operator is away from the Prisma Cloud Console?

Question98: What is an example of an outbound notification within Prisma Cloud?

Question99: Which three OWASP protections are part of Prisma Cloud Web-Application and API Security (WAAS) rule? (Choose three.)

Question100: Which command should be used in the Prisma Cloud twistcli tool to scan the nginx:latest image for vulnerabilities and compliance issues?

Question101: What is the most reliable and extensive source for documentation on Prisma Cloud APIs?

Question102: Web-Application and API Security (WAAS) provides protection for which two protocols? (Choose two.)

Question103: A customer wants to monitor its Amazon Web Services (AWS) accounts via Prisma Cloud, but only needs the resource configuration to be monitored at present.
Which two pieces of information are needed to onboard this account? (Choose two.)

Question104: Which three fields are mandatory when authenticating the Prisma Cloud plugin in the IntelliJ application? (Choose three.)

Question105: Which statement about build and run policies is true?

Question106: A security team has a requirement to ensure the environment is scanned for vulnerabilities. What are three options for configuring vulnerability policies? (Choose three.)

Question107: How many CLI remediation commands can be added in a custom policy sequence?

Question108: Which two fields are required to configure SSO in Prisma Cloud? (Choose two.)

Question109: Which options show the steps required after upgrade of Console?

Question110: Order the steps involved in onboarding an AWS Account for use with Data Security feature.

Question111: Based on the following information, which RQL query will satisfy the requirement to identify VM hosts deployed to organization public cloud environments exposed to network traffic from the internet and affected by Text4Shell RCE (CVE-2022-42889) vulnerability?
* Network flow logs from all virtual private cloud (VPC) subnets are ingested to the Prisma Cloud Enterprise Edition tenant.
* All virtual machines (VMs) have Prisma Cloud Defender deployed.

Question112: What is required for Prisma Cloud to successfully execute auto-remediation commands?

Question113: One of the resources on the network has triggered an alert for a Default Config policy.
Given the following resource JSON snippet:

Which RQL detected the vulnerability?

Question114: A customer has a requirement to terminate any Container from image topSecret:latest when a process named ransomWare is executed.
How should the administrator configure Prisma Cloud Compute to satisfy this requirement?

Question115: The compliance team needs to associate Prisma Cloud policies with compliance frameworks. Which option should the team select to perform this task?