Palo Alto Networks CloudSec-Pro Exam - Topic 4 Question 2 Discussion

Actual exam question for Palo Alto Networks's CloudSec-Pro exam

Question #: 2
Topic #: 4

A customer has a requirement to restrict any container from resolving the name www.evil-url.com.

How should the administrator configure Prisma Cloud Compute to satisfy this requirement?

AChoose ''copy into rule'' for any Container, set www.evil-url.com as a blocklisted DNS name in the Container policy and set the policy effect to alert.

BSet www.evil-url.com as a blocklisted DNS name in the default Container runtime policy, and set the effect to block.

CChoose ''copy into rule'' for any Container, set www.evil-url.com as a blocklisted DNS name, and set the effect to prevent.

DSet www.evil-url.com as a blocklisted DNS name in the default Container policy and set the effect to prevent.

Show Suggested Answer

Suggested Answer: D

To restrict any container from resolving the name www.evil-url.com, the administrator should set www.evil-url.com as a blocklisted DNS name in the default Container policy and set the effect to prevent. This configuration in Prisma Cloud, or similar CSPM tools, ensures that any attempt to resolve the specified blocklisted DNS name within any container will be prevented, thus enhancing security by proactively blocking potential communication with known malicious domains.

Reference to this feature can be found in the documentation of CSPM tools that offer runtime protection for containers. These tools allow administrators to define security policies that can include DNS-based controls to prevent containers from accessing known malicious or undesirable URLs, thereby preventing potential data exfiltration, malware communication, or other security threats

by Vivan at Mar 06, 2026, 01:37 PM

Limited Time Offer

25%

Off

Get Premium CloudSec-Pro Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!