Prisma Certified Cloud Security Engineer (PCCSE) — Question 239

An S3 bucket within AWS has generated an alert by violating the Prisma Cloud Default policy `AWS S3 buckets are accessible to public`. The policy definition follows: config where cloud.type = 'aws' AND api.name='aws-s3api-get-bucket-acl' AND json.rule="((((acl.grants[?(@.grantee=='AllUsers')] size > 0) or policyStatus.isPublic is true) and publicAccessBlockConfiguration does not exist) or ((acl.grants[?(@.grantee=='AllUsers')] size > 0) and publicAccessBlockConfiguration.ignorePublicAcis is false) or (policyStatus.isPublic is true and publicAccessBlockConfiguration.restrictPublicBuckets is false)) and websiteConfiguration does not exist"
Why did this alert get generated?

Answer options

• A. an event within the cloud account
• B. network traffic to the S3 bucket
• C. configuration of the S3 bucket
• D. anomalous behaviors

Correct answer: B

Explanation

The alert was generated due to the configuration of the S3 bucket being set to public access, which violates the Prisma Cloud policy. While network traffic may indicate access attempts, the key issue is the bucket's configuration allowing public access, making option C the correct choice instead of B.