Prisma Certified Cloud Security Engineer (PCCSE) — Question 6
The Unusual protocol activity (Internal) network anomaly is generating too many alerts. An administrator has been asked to tune it to the option that will generate the least number of events without disabling it entirely.
Which strategy should the administrator use to achieve this goal?
Answer options
- A. Disable the policy
- B. Set the Alert Disposition to Conservative
- C. Change the Training Threshold to Low
- D. Set Alert Disposition to Aggressive
Correct answer: C
Explanation
The correct answer is C because lowering the Training Threshold to Low will reduce the sensitivity of the anomaly detection, resulting in fewer alerts. Options A and D either disable the feature or increase alerts, while B, although reducing alerts, does not do so as effectively as changing the Training Threshold.