Which statement is true about obtaining Console images for Prisma Cloud Compute Edition?
Which statement is true about obtaining Console images for Prisma Cloud Compute Edition?
To retrieve Prisma Cloud Console images using basic authentication, the correct procedure involves accessing the registry at registry.paloaltonetworks.com and authenticating using 'docker login'. After authentication, the images can be retrieved using 'docker pull.' This process ensures that the console images are obtained from the correct source and follows the proper steps for basic authentication.
Which two statements are true about the differences between build and run config policies? (Choose two.)
Run policies monitor resources, and check for potential issues after these cloud resources are deployed. Build policies enable you to check for security misconfigurations in the IaC templates and ensure that these issues do not get into production.
A security team notices a number of anomalies under Monitor > Events. The incident response team works with the developers to determine that these anomalies are false positives.
What will be the effect if the security team chooses to Relearn on this image?
When the security team chooses to Relearn on an image, the existing model is retained, and any new behavior observed during the new learning period will be added to the existing model. This process is additive, meaning the existing static and behavioral modeling remains in place while new information gets incorporated.
A customer does not want alerts to be generated from network traffic that originates from trusted internal networks.
Which setting should you use to meet this customer's request?
To prevent alerts from being generated by traffic originating from trusted internal networks, use the 'Trusted Alert IP Addresses' setting. This allows you to add IP address ranges or CIDR blocks that represent your trusted internal networks. Alerts will not be generated for traffic from these trusted addresses, effectively reducing false positives and helping to focus on real threats.
A DevOps lead reviewed some system logs and notices some odd behavior that could be a data exfiltration attempt. The DevOps lead only has access to vulnerability data in Prisma Cloud Compute, so the DevOps lead passes this information to SecOps.
Which pages in Prisma Cloud Compute can the SecOps lead use to investigate the runtime aspects of this attack?
The SecOps lead should use the Incident Explorer page and Monitor > Events > Container Audits to investigate the runtime aspects of the attack. Incident Explorer provides a detailed view of security incidents, and Container Audits allow for monitoring and investigating events related to container activities. These are the most appropriate tools for examining suspicious runtime behavior and potential data exfiltration attempts.