Palo Alto Networks System Engineer – Prisma Cloud — Question 46

Which Resource Query Language (RQL) query searches for all Relational Database Service (RDS) instances that have a public IP address?

Answer options

• A. config from cloud.resource where api.name = 'aws-rds-describe-db-instances' and json.rule = publicIpAddress exists
• B. config from cloud.resource where api.name = 'aws-rds-describe-db-instances' and json.rule = 0.0.0.0/0
• C. config from cloud.resource where api.name = 'aws-rds-describe-db-instances' and json.rule = publiclyAccessible is true
• D. config from cloud.resource where api.name = 'aws-rds-describe-db-snapshots' and json.rule = publicIpAddress is true

Correct answer: C

Explanation

The correct answer is C because it specifically checks if the RDS instances are publicly accessible, which indicates they have a public IP address. Option A incorrectly looks for the existence of the publicIpAddress field, while option B uses a CIDR notation that does not directly confirm public accessibility. Option D queries RDS snapshots instead of instances, making it irrelevant to the question.