An administrator sees that a runtime audit has been generated for a container.
The audit message is:
“/bin/ls launched and is explicitly blocked in the runtime rule. Full command: ls -latr”
Which protection in the runtime rule would cause this audit?
The audit message indicates that the execution of the command /bin/ls is explicitly blocked. This suggests that there is a rule in place that prevents certain processes from being executed. Therefore, the relevant protection category in the runtime rule that would cause such an audit is related to 'Processes'.
Processes is correct
C is correct (https://docs.paloaltonetworks.com/prisma/prisma-cloud/22-12/prisma-cloud-compute-edition-admin/runtime_defense/runtime_audits)
Should be C.
C is correct