Palo Alto Networks System Engineer – Prisma Cloud — Question 38

Which Resource Query Language (RQL) query monitors all traffic from the internet and suspicious internet protocols (IPs) destined for Amazon Web Services (AWS) databases?

Answer options

• A. network from vpc.flow_record where dest.resource IN ( resource where role = 'Database')
• B. network from vpc.flow_record where source.publicnetworк IN ( 'Suspicious IPs' , 'Internet IPs' ) and dest.resource IN ( resource where role IN ( 'LDAP' ) )
• C. network from vpc.flow_record where source. publicr.etwork IN ( 'Suspicious IPs' ) and dest.resource IN ( resource where role IN ( 'AWS RDS' , 'Database' ) )
• D. network from vpc.flow_record where source.publicnetwork IN ( 'Suspicious IPs' , 'Internet IPs' ) and dest.resource IN ( resource where role IN ( 'AWS RDS' , 'Database' ) )

Correct answer: D

Explanation

Option D is correct because it correctly filters for internet traffic and suspicious IPs while targeting AWS databases. The other options either miss the inclusion of both 'Internet IPs' and 'Suspicious IPs' or do not focus on the appropriate roles for AWS databases, thereby making them less suitable for monitoring the required traffic.