Palo Alto Networks System Engineer – Prisma Cloud — Question 18

Which Resource Query Language (RQL) string using network query attributes returns all traffic destined for Internet or Suspicious IPs, what also exceed 1GB?

Answer options

• A. network from vpc.flow_record where publicnetwork = ( 'Internet IPs', 'Suspicious IPs' ) AND bytes > 1000000000
• B. network from vpc.flow_record where bytes > 1GB and destination = 'Internet IPs' OR 'Suspicious IPs'
• C. show traffic from vpc.flow_record where destination.network = ( 'Internet IPs', 'Suspicious IPs' ) AND bytes > 1000000000
• D. network from vpc.flow_record where dest.publicnetwork IN ( 'Internet IPs', 'Suspicious IPs' ) AND bytes > 1000000000

Correct answer: D

Explanation

The correct answer is D because it properly uses the IN clause to filter for destinations that belong to either 'Internet IPs' or 'Suspicious IPs' while also checking that the byte count exceeds 1GB. Option A incorrectly uses the '=' operator instead of IN, while option B has logical errors in the OR statement, and option C is not using the correct syntax for filtering network attributes.