Prisma Certified Cloud Security Engineer (PCCSE) — Question 131
An administrator sees that a runtime audit has been generated for a container.
The audit message is:
“/bin/ls launched and is explicitly blocked in the runtime rule. Full command: ls -latr”
Which protection in the runtime rule would cause this audit?
Answer options
- A. Networking
- B. File systems
- C. Processes
- D. Container
Correct answer: C
Explanation
The correct answer is C, as the audit indicates that the process '/bin/ls' is blocked, which directly relates to process management in the runtime rules. Options A and B are incorrect because they pertain to networking and file system protections, which do not govern process execution. Option D is also incorrect, as it refers to container-level settings rather than specific process restrictions.