Given the following RQL:
event from cloud.audit_logs where operation IN (‘CreateCryptoKey’, ‘DestroyCryptoKeyVersion’, ‘v1.compute.disks.createSnapshot’)
Which audit event snippet is identified?
Given the following RQL:
event from cloud.audit_logs where operation IN (‘CreateCryptoKey’, ‘DestroyCryptoKeyVersion’, ‘v1.compute.disks.createSnapshot’)
Which audit event snippet is identified?
The correct audit event snippet is identified by matching the specific operations listed in the RQL query. The operations include 'CreateCryptoKey', 'DestroyCryptoKeyVersion', and 'v1.compute.disks.createSnapshot'. Option D contains the operation 'compute.disks.createSnapshot', which corresponds directly to one of the specified operations in the query, confirming it as the correct answer.
Should be D --> List all events with sensitive user actions on GCP. https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-rql-reference/rql-reference/event-query/event-query-examples
Answer D