Prisma Certified Cloud Security Engineer (PCCSE) — Question 168

Which IAM Azure RQL query would correctly generate an output to view users who have sufficient permissions to create security groups within Azure AD and create applications?

Answer options

• A. config where api.name = ‘azure-active-directory-authorization-policy’ AND json.rule = defaultUserRolePermissions.allowedToCreateSecurityGroups is true and defaultUserRolePermissions.allowedToCreateApps is true
• B. config from cloud.resource where api.name = ‘azure-active-directory-authorization-policy’ AND json.rule = defaultUserRolePermissions exists
• C. config from network where api.name = ‘azure-active-directory-authorization-policy’ AND json.rule = defaultUserRolePermissions.allowedToCreateSecurityGroups is false and defaultUserRolePermissions.allowedToCreateApps is true
• D. config from cloud.resource where api.name = ‘azure-active-directory-authorization-policy’ AND json.rule = defaultUserRolePermissions.allowedToCreateSecurityGroups is true and defaultUserRolePermissions.allowedToCreateApps is true

Correct answer: D

Explanation

The correct answer, D, accurately filters for users who can create both security groups and applications by checking that both permissions are true. Option A is incorrect as it uses 'where' instead of 'from cloud.resource'. Option B does not specify the permissions, and therefore does not meet the requirement. Option C incorrectly checks for false permission on security groups, which is not what is needed.