A financial services firm is using Prisma Cloud to monitor its AWS environment. A security administrator needs to create a policy that alerts whenever an S3 bucket is created without server-side encryption enabled. The policy must also provide a one-click remediation option for the security operations team. Which type of policy and remediation approach should be configured?
A DevOps team is deploying containerized applications on a self-managed Kubernetes cluster. To enforce runtime security, they have deployed Prisma Cloud Defenders as a DaemonSet. During a security review, an analyst observes that Defenders are not reporting any runtime events for a specific node in the cluster. All other nodes are reporting correctly. What is the MOST likely cause of this issue?
A company is using Prisma Cloud's CI/CD scanning capabilities to identify vulnerabilities in their application code before deployment. They want to ensure that any third-party libraries with high-severity vulnerabilities or restrictive licenses (e.g., GPL) are flagged. Which two features within the Application Security module should they primarily use? (Select TWO).
A security architect is designing a threat detection strategy for a multi-cloud environment using Prisma Cloud. The primary goal is to identify anomalous user behavior, such as an administrator accessing resources from an unusual location or at an odd time. Which Prisma Cloud capability directly addresses this requirement by leveraging machine learning?
True or False: In Prisma Cloud, a single Defender can be used to protect containers, hosts, and serverless functions simultaneously if they are all running on the same underlying host machine.
A SOC analyst is investigating a Prisma Cloud alert indicating that an EC2 instance is communicating with a known malicious IP address. To understand the context of this event, the analyst needs to determine what other internal and external systems the compromised instance has communicated with over the past 7 days. Which feature in Prisma Cloud provides this network-level visibility?
**Case Study** A large e-commerce company, GlobalRetail, has fully migrated to a multi-cloud environment, using both AWS and Azure for their main application platform. The platform is built on Kubernetes (EKS in AWS, AKS in Azure) and uses various PaaS services like RDS, S3, and Azure Blob Storage. The CISO has mandated a unified security strategy that provides consistent visibility, compliance enforcement, and runtime protection across both clouds from a single console. The key requirements are: 1. Enforce PCI DSS 4.0 compliance across all cloud resources. 2. Scan all container images for critical vulnerabilities in their CI/CD pipeline before they are pushed to the registry. 3. Protect the production Kubernetes applications against zero-day exploits and anomalous network connections. 4. Discover and classify any credit card numbers accidentally stored in S3 or Blob storage. Which combination of Prisma Cloud modules offers the most comprehensive solution to meet all of GlobalRetail's requirements?
A security team needs to create a Prisma Cloud RQL query to find all publicly accessible virtual machines in their GCP project that are also tagged with 'Project: Phoenix'. Which RQL query correctly implements this logic?
The command `twistcli hosts scan --address --user --password ` is used to scan what type of asset for vulnerabilities?
A cloud administrator is configuring data source ingestion for their Prisma Cloud tenant. They want to ingest AWS CloudTrail logs to enable threat detection and anomaly policies. What is the recommended and most secure method for Prisma Cloud to gain the necessary access to these logs?