Prisma Certified Cloud Security Engineer (PCCSE) — Question 209

What is the purpose of Incident Explorer in Prisma Cloud Compute under the "Monitor" section?

Answer options

• A. To store large amounts of forensic data on the host where Console runs to enable a more rapid and effective response to incidents
• B. To sort through large amounts of audit data manually in order to identify developing attacks
• C. To identify and suppress all audit events generated by the defender
• D. To correlate individual events to identify potential attacks and provide a sequence of process, file system, and network events for a comprehensive view of an incident

Correct answer: D

Explanation

The correct answer is D because Incident Explorer is designed to correlate individual events, helping to identify potential attacks and providing a comprehensive view of the incident. Option A is incorrect as it focuses on forensic data storage rather than event correlation. Option B is wrong because it implies manual sorting, which is not the primary function of Incident Explorer. Option C is not accurate since Incident Explorer does not suppress audit events generated by the defender.