Prisma Certified Cloud Security Engineer (PCCSE) — Question 148

A customer has a requirement to restrict any container from resolving the name www.evil-url.com.

How should the administrator configure Prisma Cloud Compute to satisfy this requirement?

Answer options

• A. Choose “copy into rule” for any Container, set www.evil-url.com as a blocklisted DNS name in the Container policy and set the policy effect to alert.
• B. Set www.evil-url.com as a blocklisted DNS name in the default Container runtime policy, and set the effect to block.
• C. Choose “copy into rule” for any Container, set www.evil-url.com as a blocklisted DNS name, and set the effect to prevent.
• D. Set www.evil-url.com as a blocklisted DNS name in the default Container policy and set the effect to prevent.

Correct answer: D

Explanation

The correct answer is D, as it directly addresses the requirement by setting the domain as a blocklisted DNS name in the default Container policy with a preventive effect. Option A only provides an alerting mechanism without blocking, while option B blocks it in the runtime policy but is not the default policy, and option C uses a copy into rule which is unnecessary for this requirement.