Prisma Certified Cloud Security Engineer (PCCSE) — Question 127

An administrator needs to detect and alert on any activities performed by a root account.

Which policy type should be used?

Answer options

• A. config-run
• B. config-build
• C. network
• D. audit event

Correct answer: D

Explanation

The correct answer is D, 'audit event', as this policy type is specifically designed to track and report on activities, including those performed by root accounts. The other options, such as 'config-run', 'config-build', and 'network', do not provide the necessary monitoring capabilities for user activities.