Examice

Exam PCCSE All QuestionsBrowse all questions from this exam

Question 10

A DevOps lead reviewed some system logs and notices some odd behavior that could be a data exfiltration attempt. The DevOps lead only has access to vulnerability data in Prisma Cloud Compute, so the DevOps lead passes this information to SecOps.

Which pages in Prisma Cloud Compute can the SecOps lead use to investigate the runtime aspects of this attack?

The SecOps lead should investigate the attack using Vulnerability Explorer and Runtime Radar.

The SecOps lead should use Incident Explorer and Compliance Explorer.

The SecOps lead should use the Incident Explorer page and Monitor > Events > Container Audits.

The SecOps lead should review the vulnerability scans in the CI/CD process to determine blame.

Correct Answer: C

The SecOps lead should use the Incident Explorer page and Monitor > Events > Container Audits to investigate the runtime aspects of the attack. Incident Explorer provides a detailed view of security incidents, and Container Audits allow for monitoring and investigating events related to container activities. These are the most appropriate tools for examining suspicious runtime behavior and potential data exfiltration attempts.

Discussion

piipoOption: C

Compliance vulnerabilities should already be seen by DevOps. SecOps should see Audits.

JohnOrtizOption: C

option C is the correct

SpippoloOption: C

option C is the correct choice for the SecOps lead to investigate the runtime aspects of the attack in Prisma Cloud Compute.

kumar_57Option: C

C is the correct option. DevOps team has noticed a runtime incident (odd behavior) which you can explore either through Incident Explorer or Container audits.

vaisatOption: C

C container audits under events)