Prisma Certified Cloud Security Engineer (PCCSE) — Question 12

A DevOps lead reviewed some system logs and notices some odd behavior that could be a data exfiltration attempt. The DevOps lead only has access to vulnerability data in Prisma Cloud Compute, so the DevOps lead passes this information to SecOps.
Which pages in Prisma Cloud Compute can the SecOps lead use to investigate the runtime aspects of this attack?

Answer options

• A. The SecOps lead should investigate the attack using Vulnerability Explorer and Runtime Radar.
• B. The SecOps lead should use Incident Explorer and Compliance Explorer.
• C. The SecOps lead should use the Incident Explorer page and Monitor > Events > Container Audits.
• D. The SecOps lead should review the vulnerability scans in the CI/CD process to determine blame.

Correct answer: C

Explanation

The correct answer is C because the Incident Explorer page and Monitor > Events > Container Audits provide the necessary runtime information to investigate potential attacks. Options A and B focus on vulnerability scanning and compliance, which are not directly related to runtime investigation. Option D discusses vulnerability scans in the CI/CD process, which is not relevant for runtime attack analysis.