PSE-PrismaCloud PSE Palo Alto Networks System Engineer Professional - Prisma Cloud Questions and Answers

Questions 4

How can all alerts related to "Amazon RDS" be quickly identified within the Prisma Cloud dashboard?

Options:

Generate a Center for Internet Security (CIS) compliance report and search for "Amazon RDS" policy violations.

View the alert data on the "Asset Inventory" dashboard and filter on "Amazon RDS.

Within the "Alerts" tab. filter on "Amazon RDS" as a service.

Create a custom Resource Query Language (RQL) configuration report.

Buy Now

Questions 5

Which type of Prisma Cloud Enterprise alert supports autoremediation?

Options:

network

audit

anomaly

config

Buy Now

Questions 6

Which option is defined by the creation and change of public cloud services managed in a repeatable and predictable fashion?

Options:

platform as a service

infrastructure as a service

software as code

infrastructure as code

Buy Now

Questions 7

What are two benefits of Cloud Security Posture Management (CSPM) over other solutions? (Choose two.)

Options:

guaranteed proof of concept (POC) extensions beyond 30 days

native integration of network, endpoint, and cloud data to stop attacks

elimination of blind spots

proactive addressing of risks

Buy Now

Questions 8

How does Prisma Cloud Enterprise autoremediate unwanted violations to public cloud infrastructure?

Options:

It inspects the application program interface (API) call made to public cloud and blocks the change if a policy violation is found.

It makes changes after a policy violation has been identified in monitoring.

It locks all changes to public cloud infrastructure and stops any configuration changes without prior approval.

It uses machine learning (ML) to identify unusual changes to infrastructure.

Buy Now

Questions 9

Which three anomaly policies are predefined in Prisma Public Cloud? (Choose three.)

Options:

Excessive login failures

Unusual user activity

Denial-of-service activity

Account hijacking attempts

Suspicious file activity

Buy Now

Questions 10

Which RQL query should be used to quickly identify any events related to an organization's Google Cloud Platform Big Query database the last 24 hours?

Options:

event from cloud.audit_logs where cloud.type = 'gcp' AND cloud.service = 'Google Bigtable Instance'

event from cloud.audit_logs where cloud.type = 'gcp' AND cloud.service = 'cloudsql.googleapis.com'

event from cloud.audit_logs where cloud.type = 'gcp' AND cloud.service = 'bigquery.googleapis.com'

event from cloud.audit_logs where cloud.type = 'gcp' AND cloud.service = 'dataproc.googleapis.com'

Buy Now

Questions 11

Which Resource Query Language (RQL) query monitors all "delete" activities for the user "user1"?

Options:

event where crud = 'delete’ AND subject = 'user1'

event where crud = 'delete'

event where crud = 'delete' AND subject = 'user1' AND cloud.type = 'aws'

event where subject = 'user1'

Buy Now

Questions 12

Which Resource Query Language (RQL) query searches for all Relational Database Service (RDS) instances that have a public IP address?

Options:

config from cloud.resource where api.name = 'aws-rds-describe-db-instances' AND json.rule = storageEncrypted is false

event from cloud.audit_logs where api.name = 'aws-rds-describe-db-instances' AND json.rule = publiclyAccessible is true

config from cloud.resource where api.name = 'aws-rds-describe-db-instances' AND json.rule = publiclyAccessible is true

config from cloud.resource where api.name = 'aws-ec2-describe-instances' AND json.rule = publiclyAccessible is true

Buy Now

Questions 13

Which pillar of the Prisma Cloud platform provides support for both public and private clouds as well as flexible agentless scanning and agent-based protection?

Options:

Cloud Network Security

Cloud Security Posture Management

Cloud Identity Security

Cloud Workload Protection (CWP)

Buy Now

Questions 14

Which statement is specific for Prisma Cloud when integrating into cloud environments?

Options:

An AutoFocus license is included in Prisma Cloud.

For multi-cloud environment licenses are required for the number of Prisma Cloud instances.

Can be natively integrated into Prisma Access.

No agents or proxies are required.

Buy Now

Questions 15

What is Prisma Public Cloud licensing based on?

Options:

number of alerts generated

number of accounts onboarded

number of monitored workloads

volume of flow logs consumed

Buy Now

Questions 16

An administrator has deployed an AWS transit gateway and used multiple VPC spokes to segregate a multi-tier application. The administrator also created a security VPC with multiple VM-Series NGFWs in an active/active deployment model via ECMP using Amazon Web Services VPN-based attachments.

What must be configured on the firewall to avoid asymmetric routing?

Options:

source address translation

destination address translation

port address translation

source and destination address translation

Buy Now

Questions 17

Which statement reflects the default vulnerability management policy?

Options:

Policy rule order has little impact on optimization.

Prisma Cloud scans images in all containers immediately upon policy activation.

The default vulnerability policy rule has an alert threshold to critical.

Prisma Cloud ships all vulnerability policy with a default alert for containers, hosts, and serverless functions.

Buy Now

Questions 18

Under which operating systems (OSs) is twistcli supported?

Options:

Linux, macOS, and Windows

Windows only

Linux and Windows

Linux, macOS, PAN-OS, and Windows

Buy Now

Questions 19

What are two ways to enable interface swap when deploying a VM-Series NGFW in Google Cloud Platform? (Choose two.)

Options:

run the PAN-OS CLI command: set system mgmt-interface-swap enable yes

run the PAN-OS CLI command: set system mgmt-interface-swap setting enable yes

create a bootstrap file that includes the mgmt-interface-swap command

in the Google Cloud Console Metadata Field, enter a key-value pair where mgmt-interface-swap is the key and enable is the value

Buy Now

Questions 20

Which option is true about VM-Series NGFW templates available from the Palo Alto Networks GitHub repository?

Options:

Palo Alto Networks provides full support if a valid support license is in place.

Support for the templates is available through Professional Services from Palo Alto Networks.

Unless otherwise noted, these templates are released under an as-is. best effort support policy.

The author of the template provides full support as long as the PAN-OS version specific to the template is supported.

Buy Now

Questions 21

In which two ways can Prisma Cloud Compute (PCC) edition be installed? (Choose two.)

Options:

self-managed in a customer's own container platform

self-contained hardware appliance

as a stand-alone Windows application

Cloud-hosted as part of a Prisma Cloud Enterprise tenant from Palo Alto Networks

Buy Now

Questions 22

What are the asset severity levels within Prisma Cloud asset inventory?

Options:

Low, Medium, and High

Low, Medium, High, and Critical

Informational, Low, Medium, and High

Low, Medium, High, Severe, and Critical

Buy Now

Questions 23

What are two valid image identifiers to designate trust? (Choose two.)

Options:

repo

trusted publisher

registry

base layer

Buy Now

Questions 24

Which two templates are supported by Cloud Code Security scan service? (Choose two.)

Options:

Azure Resource Manager (ARM)

Hyper Text Markup Language (HTML)

GitHub

Terraform

Buy Now

Questions 25

Which two resource types are included in the Prisma Cloud Enterprise licensing count? (Choose two.)

Options:

Elastic Compute Cloud (EC2) instances

Network Address Translation (NAT) gateways

CloudFront distributions

Security groups

Buy Now

Questions 26

Which two cloud providers support Load Balancers as next hop configurations for outbound connections? (Choose two.)

Options:

Google Cloud Platform

Microsoft Azure

Oracle Cloud

Amazon Web Services

Buy Now

Questions 27

The Microsoft Azure virtual network gateway supports which two site-to-site connectivity options? (Choose two.)

Options:

Direct Connect

Fast Connect

IPsecVPN

ExpressRoute

Buy Now

Questions 28

Which statement applies to vulnerability management policies?

Options:

Host and serverless rules support blocking, whereas container rules do not.

Rules explain the necessary actions when vulnerabilities are found in the resources of a customer environment.

Policies for containers, hosts, and serverless functions are not separate.

Rules are evaluated in an undefined order.

Buy Now

Questions 29

An Azure VNet has the IP network 10.0.0.0/16 with two subnets, 10.0.1.0/24 (used for web servers) and 10.0.2.0/24 (used for database servers). Which is a valid IP address to manage the VM-Series NGFW?

Options:

10.0.1.254

10.0.2.1

10.0.3.255

10.0.3.1

Buy Now

Questions 30

can you create a custom compliance standard in Prisma Public Cloud?

Options:

Generate a new Compliance Report.

Create compliance framework in a spreadsheet then import into Prisma Public Cloud.

From Compliance tab, clone a default framework and customize.

From Compliance tab > Compliance Standards, click "Add New."

Buy Now

Questions 31

What are three examples of outbound traffic flow? (Choose three.)

Options:

issue yum update command on an instance inside Amazon Web Services

Microsoft Windows inside Azure requesting a security patch

web server inside Amazon Web Services receiving web requests from internet

issue apt-get install command on an instance inside Amazon Web Services

outgoing Prisma Public Cloud API calls

Buy Now

Questions 32

Which Resource Query Language (RQL) query returns a list of all TERMINATED Google Compute Engine (GCE) instances?

Options:

Config from.cloud.resource where api.name = „gcloud-compute-instance-list" and json.rule = status == TERMINATED

Config from.cloud.resource where api.name = „gcloud-compute-instance-list" and json.rule = TERMINATED

Config from.cloud.resource where api.name = „gcloud-compute-instance-list" and json.rule = status contains TERMINATED

Config from.cloud.resource where api.name = „gcloud-compute-instance-list" and json.rule = is TERMINATED

Buy Now

Questions 33

Which two actions are appropriate when configuring Prisma Cloud to scan a registry? (Choose two.)

Options:

Allow Prisma Cloud to automatically optimize registry scans with version pattern matching.

Allow Prisma Cloud to automatically distribute the scan job across a pool of available Defenders.

Explicitly specify the Defender to do the job.

Explicitly specify the predefined version pattern-matching algorithm.

Buy Now

Questions 34

In which two ways does Palo Alto Networks VM orchestration help service providers automatically provision security instances and policies? (Choose two.)

Options:

fully instrumented API

Aperture Orchestration Engine

VM Orchestration Policy Editor

support for Dynamic Address Groups

Buy Now

Exam Code: PSE-PrismaCloud

Exam Name: PSE Palo Alto Networks System Engineer Professional - Prisma Cloud

Last Update: May 26, 2026

Questions: 115

PDF + Testing Engine

$64.99 ~~$185.69~~

Testing Engine

$49.99 ~~$142.83~~

PDF (Q&A)

$54.99 ~~$157.11~~

PSE-PrismaCloud PSE Palo Alto Networks System Engineer Professional - Prisma Cloud Questions and Answers

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

PDF + Testing Engine

Testing Engine

PDF (Q&A)