A financial services company has deployed Prisma Cloud to monitor its AWS environment. A security architect needs to create a custom policy to detect any S3 bucket that is publicly accessible but does NOT have a 'data-classification' tag with the value 'public'. Which RQL query correctly identifies these non-compliant S3 buckets?
A SecOps team is investigating a container runtime incident where an anomalous process, `kdevtmpfsi`, was detected and blocked by a Host Defender. To perform forensic analysis, the team needs to find the original container image that was used to launch the compromised container. Which Prisma Cloud feature provides the most direct path to identify the source image for a specific runtime event?
A DevOps team is using a Jenkins pipeline to build and push container images to a private registry. They need to configure a step that fails the build if the image contains any vulnerabilities with a CVSS score of 9.0 or higher, or if it uses a package with a non-compliant license such as GPL-3.0. Which `twistcli` command structure correctly implements these dual conditions?
A cloud administrator is configuring a Prisma Cloud Enterprise tenant and needs to integrate it with an external SAML 2.0 Identity Provider (IdP) for Single Sign-On (SSO). The IdP requires a unique identifier for the Service Provider (SP), which is Prisma Cloud in this case. Where in the Prisma Cloud console can the administrator find the 'Audience URI (SP Entity ID)' required by the IdP?
A security team is deploying Prisma Cloud WAAS to protect a web application running on a Kubernetes cluster. They want to prevent common injection attacks. Which of the following WAAS features should be configured to achieve this? (Select TWO)
True or False: When a Prisma Cloud Container Defender is deployed using a DaemonSet in a Kubernetes cluster, it automatically scales and protects new nodes as they are added to the cluster without manual intervention.
A healthcare organization is using Prisma Cloud's Data Security module to discover and classify sensitive patient data in their AWS S3 buckets. After an initial scan, they find that many objects containing Protected Health Information (PHI) have been misclassified. They need to create a new, highly accurate data pattern for identifying National Provider Identifier (NPI) numbers, which are 10-digit numbers that may or may not have a checksum. What is the most effective way to improve classification accuracy for this specific data type?
A cloud security engineer needs to establish a network baseline for an application and then enforce a strict microsegmentation policy. The application consists of three tiers: a web front-end, an application logic tier, and a database tier, all running as separate services in a Kubernetes namespace. What is the correct sequence of steps using Prisma Cloud's Cloud Network Security (CNS) capabilities?
A company has onboarded its AWS Organization to Prisma Cloud. A junior cloud engineer, who is part of a team that only manages the 'Staging' OU, needs access to view compliance findings for accounts within that OU. However, they must be prevented from seeing findings for the 'Production' OU. Which Prisma Cloud feature should be used to enforce this granular access control?
A security analyst is reviewing a high-priority alert in Prisma Cloud titled 'Anomalous Compute Provisioning Activity'. The alert indicates that an unusually high number of VMs were launched in a short period by an IAM user. The analyst needs to quickly assess the potential impact and gather more context. Which TWO actions within the alert details would be most effective for this initial investigation? (Select TWO)