Prisma Certified Cloud Security Engineer (PCCSE) — Question 244

A customer has a requirement to terminate any Container from image topSecret:latest when a process named ransomWare is executed.
How should the administrator configure Prisma Cloud Compute to satisfy this requirement?

Answer options

• A. set the Container model to manual relearn and set the default runtime rule to block for process protection.
• B. set the Container model to relearn and set the default runtime rule to prevent for process protection.
• C. add a new runtime policy targeted at a specific Container name, add ransomWare process into the denied process list, and set the action to ג€preventג€.
• D. choose ג€copy into ruleג€ for the Container, add a ransomWare process into the denied process list, and set the action to ג€blockג€.

Correct answer: C

Explanation

The correct answer is C because it specifically addresses the need to create a runtime policy that targets the Container and includes the ransomWare process in the denied list, ensuring it is prevented from executing. The other options either do not create a targeted policy or use incorrect actions that do not fulfill the requirement to terminate the process.