Palo Alto PCCSE Certification Exam Syllabus

PCCSE Syllabus, PCCSE Exam Questions PDF, Palo Alto PCCSE Dumps Free, PCCSE PDF, PCCSE Dumps, PCCSE PDF, PCCSE VCE, PCCSE Questions PDF, Palo Alto PCCSE Questions PDF, Palo Alto PCCSE VCEA great way to start the Prisma Certified Cloud Security Engineer (PCCSE) preparation is to begin by properly appreciating the role that syllabus and study guide play in the Palo Alto PCCSE certification exam. This study guide is an instrument to get you on the same page with Palo Alto and understand the nature of the Palo Alto PCCSE exam.

Our team of experts has composed this Palo Alto PCCSE exam preparation guide to provide the overview about Palo Alto Cloud Security Engineer exam, study material, sample questions, practice exam and ways to interpret the exam objectives to help you assess your readiness for the Palo Alto PCCSE exam by identifying prerequisite areas of knowledge. We recommend you to refer the simulation questions and practice test listed in this guide to determine what type of questions will be asked and the level of difficulty that could be tested in the Palo Alto PCCSE certification exam.

Palo Alto PCCSE Exam Overview:

Exam Name Cloud Security Engineer
Exam Number PCCSE
Exam Price $175 USD
Duration 75 minutes
Number of Questions 75-85
Passing Score Variable (70-80 / 100 Approx.)
Recommended Training Prisma Cloud: Cloud Security Posture Management
Prisma Cloud: Cloud Network Security
Prisma Cloud: Cloud Infrastructure Entitlement Management
Exam Registration PEARSON VUE
Sample Questions Palo Alto PCCSE Sample Questions
Practice Exam Prisma Certified Cloud Security Engineer Practice Test

Palo Alto PCCSE Exam Topics:

Section Objectives

Cloud Security Posture Management (CSPM) - 21%

Identify assets in a Cloud account - Inventory of resources in a cloud account
- Resource configuration history
- Asset configuration changes
Configure policies - Custom policies
- Policy types
- Supported variables within configuration-run custom policies
Configure compliance standards - Standards
- Reports
Configure alerting and notifications - Alert states
- Alert rules
- Alert notifications and reports
- Alert workflow
Use third-party integrations - Inbound and outbound notifications
Perform ad hoc investigations - Resource configuration with RQL
- User activity using RQL
- Network activity using RQL
- Anomalous user events
- Asset details using RQL
Remediate alerts - Auto-remediation
- Manual versus automated remediation
Use SecOps Dashboard - Internet-connected assets by source network traffic behavior
- Components

Cloud Workload Protection (CWP) - 21%

Monitor and defend against image vulnerabilities - Options available in the Monitor section
- Options available in the Policies section
Monitor and defend against host vulnerabilities - Options available in the Monitor section
- Options available in the Policies section
Monitor and enforce image/container compliance - Options available in the Monitor section
- Options available in the Policies section
Monitor and enforce host compliance - Options available in the Monitor section
- Options available in the Policies section
Monitor and defend containers and hosts during runtime - Container models
- Host observations
- Runtime policies
- Runtime audits
- Incidents using Incident Explorer
Monitor and protect against serverless vulnerabilities - Monitor
- Policy
- Auto-protect
Configure WAAS - Application specifications
- API methods
- Rest API endpoints
- DoS protection
- Access control to Limit inbound sources
- Network lists
- Access control to enforce HTTP headers and file uploads
- Bot protection
- Rules
- Audit logs
Monitor and protect registries - Scanning
- CI

Install, Upgrade, and Backup / Prisma Cloud Administration - 19%

Deploy and manage Console for the Compute Edition - Prisma Cloud release software
- Console in Onebox configuration
- Upgrade on Console
- Business use case to determine Prisma Cloud version to use
- Tenant versus Scale projects
Deploy and manage defenders - Types
- Networking for Defender-To-Console connectivity
- Upgrade and Compatibility
Configure Agentless Security - Agent versus Agentless
- Cloud discovery
Backup and restore Console - Backup management
- Disaster recovery
Manage authentication - Certificates
- Secrets and credentials store
Onboard accounts - Onboard cloud accounts
- Account Groups
Configure access control - Users, roles, and permission groups
- Access control troubleshooting
- Service accounts and access keys
- Single Sign On
- Role-based access control for Docker Engine (CWP)
- Admission control with Open Policy Agent (CWP)
- Resource lists and collections
Configure logging - Audit logging
- Defender logging
Manage enterprise settings - Anomaly settings
- Idle timeout
- Auto-enable policies
- Alert dismissal reason
- User attribution
- Licensing
- Access key maximum validity
Configure third-party integrations - Inbound and outbound notifications
- Supported capabilities
Leverage Cloud and Compute APIs - Authenticate with APIs
- API documentation
- Policies and custom queries by API
- Alerts and Reports using APIs
- Vulnerability results via API
- Access keys
- Data security and IAM APIs
Leverage Adoption Advisor and Alarm Center - Notification rule
- Adoption Advisor guidance
Access Knowledge Center and Help Center - Knowledge Center
- Help Center
- Feature requests
- PCCSE
- Live Community
- Product status updates
- Docs, Prisma Cloud Privacy and Support options

Cloud Network Security and Identity-Based Microsegmentation Enterprise Edition - 11%

Configure Cloud network analyzer - Network exposure policy
- RQL
Deploy and manage Enforcers - Processing units
- Namespaces
- Tags and identity
- Network rulesets
- Out-of-the-box rules
- Application profiling
Manage local changes in a remote repository (dev-prod) Configuration - Types
- Networking for Enforcers-to-Console connectivity
Use NetSecOps dashboard - Flows

Prisma Cloud Code Security (PCCS) - 12%

Implement scanning for IAC templates - Terraform and Cloudformation scanning configurations
- OOTB IAC scanning integrations
- API scanning
- IAC scanning integration
- Supply-chain security
- Handling scanned issues
- Repository scanning
Configure policies in Console for IAC scanning - OOTB policies
- Custom build policies
- Types of config policies
- Prisma configuration files
Configure CI policies for Compute scanning - Default CI policies
- Custom CI policies
Manage configuration settings - Code reviews
- Code repository settings
- Notifications
- Pull requests and tagging bots

Identity and Access Management (IAM)/Prisma Cloud Data Security (PCDS) - 16%

Calculate net effective permissions - AWS calculation
- Azure calculation
Investigate incidents and create IAM policies - RQL queries
- IAM policies
Integrate IAM with IdP - Azure active directory
- Okta
Remediate alerts - Manual versus automatic
- AWS remediation
- Azure remediation
Monitor Scan Results - Monitor Scan Results
- Data Inventory
- Resource Explorer
- Object Explorer
- Exposure Evaluation
Assess Data Policies and Alerts - Data policy vs data pattern
- Alerts
Define data security scan settings - Scan configuration
- Data profile and pattern
- File extensions
- Snippet masking

Palo Alto PCCSE Exam Description:

The Prisma Certified Cloud Security Engineer (PCCSE) certification validates the knowledge, skills, and abilities required to onboard, deploy, and administer all aspects of Prisma Cloud. Individuals with the PCCSE certification will have demonstrated in-depth knowledge of Palo Alto Networks Prisma Cloud technology and resources.

Rating: 4.9 / 5 (72 votes)