Prisma Certified Cloud Security Engineer (PCCSE) — Question 207

In Azure, what permissions need to be added to Management Groups to allow Prisma Cloud to calculate net effective permissions?

Answer options

• A. PaloAltoNetworks.PrismaCloud/managementGroups/*
• B. Microsoft.Management/managementGroups/descendants/read
• C. PaloAltoNetworks.PrismaCloud/managementGroups/descendants/read
• D. Microsoft.Management/managementGroups/descendants/calculate

Correct answer: B

Explanation

The correct answer is B because the permission 'Microsoft.Management/managementGroups/descendants/read' allows Prisma Cloud to read the hierarchy of management groups, which is essential for calculating net effective permissions. Options A and C are incorrect as they pertain to Prisma Cloud's management groups but do not provide the necessary read access. Option D is also incorrect since it relates to calculating permissions but does not facilitate the reading of management group data.