The development team wants to fail CI jobs where a specific CVE is contained within the image. How should the development team Configure the pipeline or policy to produce this outcome?
A. Set the specific CVE exception as an option in Jenkins or twistcli.
B. Set the specific CVE exception as an option in Defender running the scan.
C. Set the specific CVE exception as an option using the magic string in the Console.
D. Set the specific CVE exception in Console's CI policy.
Which two processes ensure that builds can function after a Console upgrade? (Choose two.)
A. allowing Jenkins to automatically update the plugin
B. updating any build environments that have twistcli included to use the latest version
C. configuring build pipelines to download twistcli at the start of each build
D. creating a new policy that allows older versions of twistcli to connect the Console
A customer has a development environment with 50 connected Defenders. A maintenance window is set for Monday to upgrade 30 stand-alone Defenders in the development environment, but there is no maintenance window available until
Sunday to upgrade the remaining 20 stand-alone Defenders.
Which recommended action manages this situation?
A. Go to Manage > Defender > Manage, then click Defenders, and use the Scheduler to choose which Defenders will be automatically upgraded during the maintenance window.
B. Find a maintenance window that is suitable to upgrade all stand-alone Defenders in the development environment.
C. Upgrade a subset of the Defenders by clicking the individual Actions > Upgrade button in the row that corresponds to the Defender that should be upgraded during the maintenance window.
D. Open a support case with Palo Alto Networks to arrange an automatic upgrade.
Which three options are selectable in a CI policy for image scanning with Jenkins or twistcli? (Choose three.)
A. Scope - Scans run on a particular host
B. Credential
C. Apply rule only when vendor fixes are available
D. Failure threshold
E. Grace Period
An administrator sees that a runtime audit has been generated for a container.
The audit message is:
"/bin/ls launched and is explicitly blocked in the runtime rule. Full command: ls -latr"
Which protection in the runtime rule would cause this audit?
A. Networking
B. File systems
C. Processes
D. Container
Which two options may be used to upgrade the Defenders with a Console v20.04 and Kubernetes deployment? (Choose two.)
A. Run the provided curl | bash script from Console to remove Defenders, and then use Cloud Discovery to automatically redeploy Defenders.
B. Remove Defenders DaemonSet, and then use Cloud Discovery to automatically redeploy the Defenders.
C. Remove Defenders, and then deploy the new DaemonSet so Defenders do not have to automatically update on each deployment.
D. Let Defenders automatically upgrade.
How often do Defenders share logs with Console?
A. Every 10 minutes
B. Every 30 minutes
C. Every 1 hour
D. Real time
Where can Defender debug logs be viewed? (Choose two.)
A. /var/lib/twistlock/defender.log
B. From the Console, Manage > Defenders > Manage > Defenders. Select the Defender from the deployed Defenders list, then click Actions > Logs
C. From the Console, Manage > Defenders > Deploy > Defenders. Select the Defender from the deployed Defenders list, then click Actions > Logs
D. /var/lib/twistlock/log/defender.log
Which categories does the Adoption Advisor use to measure adoption progress for Cloud Security Posture Management?
A. Visibility, Compliance, Governance, and Threat Detection and Response
B. Network, Anomaly, and Audit Event
C. Visibility, Security, and Compliance
D. Foundations, Advanced, and Optimize
Prisma Cloud Compute has been installed on Onebox. After Prisma Cloud Console has been accessed. Defender is disconnected and keeps returning the error "No console connectivity" in the logs. What could be causing the disconnection between Console and Defender in this scenario?
A. Port 8083 is not open for Console and Defender communication.
B. The license key provided to the Console is invalid.
C. Onebox script installed an older version of the Defender.
D. Port 8084 is not open for Console and Defender communication.
