One of the resources on the network has triggered an alert for a Default Config policy.
Given the following resource JSON snippet:
Which RQL detected the vulnerability?
Exam PCCSE All QuestionsBrowse all questions from this exam
Question 92
Correct Answer: B
The resource JSON snippet shows that 'access_key_1_active' is true and 'access_key_1_last_rotated' indicates that the access key was last rotated on 2021-02-09, which implies that it might not have been rotated for over 90 days. This matches the criteria specified in option B, which focuses on active access keys not being rotated for more than 90 days. Therefore, the RQL in option B correctly identifies the described vulnerability.
Discussion
JiheOption: B
B is correct As the RQL Lists resource names where access keys are not rotated for 90 days. (https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-rql-reference/rql-reference/operators)
assadhashmiOption: B
B is the correct answer. Verified in the console on the investigate tab.
SpippoloOption: B
B is correct. config from cloud.resource where api.name = 'aws-iam-get-credential-report' AND json.rule = '(access_key_1_active is true and access_key_1_last_rotated != N/A and _DateTime.ageInDays(access_key_1_last_rotated) > 90) or (access_key_2_active is true and access_key_2_last_rotated != N/A and _DateTime.ageInDays(access_key_2_last_rotated) > 90)'