New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Palo Alto Networks PCCSE Exam - Topic 5 Question 84 Discussion

Actual exam question for Palo Alto Networks's PCCSE exam
Question #: 84
Topic #: 5
[All PCCSE Questions]

Which ROL query is used to detect certain high-risk activities executed by a root user in AWS?

Show Suggested Answer Hide Answer
Suggested Answer: A

https://docs.prismacloud.io/en/classic/rql-reference/rql-reference/event-query/event-query-examples https://docs.prismacloud.io/en/classic/rql-reference/rql-reference/event-query/event-query-examples#idda895fd2-4496-4b31-9766-7d50215dcc18


by Maia at Aug 24, 2024, 05:21 PM

Limited Time Offer

25%

Off

Get Premium PCCSE Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Kimberlie
3 months ago
I thought it was D at first, but A makes more sense.
upvoted 0 times
...
Tasia
3 months ago
Wait, are we sure about A? Seems too specific.
upvoted 0 times
...
Alyssa
3 months ago
A all the way! Those operations are key.
upvoted 0 times
...
Iola
4 months ago
I think B could be right too, but not sure.
upvoted 0 times
...
Afton
4 months ago
It's definitely A, that's the right log for auditing.
upvoted 0 times
...
Beatriz
4 months ago
I feel like option D could be relevant too, but it seems too broad with just 'Risk.Level = high'. I think we need to focus on specific operations.
upvoted 0 times
...
Precious
4 months ago
I’m a bit confused between A and B. They both mention 'cloud.audit_logs' and 'cloud.security_logs', but I can't recall which one is specifically for high-risk activities.
upvoted 0 times
...
Sherron
4 months ago
I remember practicing a similar question, and I think it was about using 'cloud.audit_logs' for tracking root user activities.
upvoted 0 times
...
Willodean
5 months ago
I think the answer might be A, but I'm not completely sure if 'event' is the right keyword for this type of query.
upvoted 0 times
...
Brock
5 months ago
Ah, I see now. We're looking for a query that checks the audit logs for specific high-risk operations performed by the root user. Option A seems to fit the bill.
upvoted 0 times
...
Kirk
5 months ago
I'm a bit confused by the different log types mentioned. I'll need to review my notes on AWS logging and monitoring to make sure I understand the differences.
upvoted 0 times
...
German
5 months ago
The key here is to look for high-risk activities performed by the root user. I think option A is the best choice based on the list of operations.
upvoted 0 times
...
Karma
5 months ago
This looks like a straightforward question about AWS security monitoring. I'm pretty confident I can figure this out.
upvoted 0 times
...
Edna
5 months ago
Hmm, I'm a bit unsure about the difference between audit logs and security logs. I'll need to think this through carefully.
upvoted 0 times
...
Kizzy
5 months ago
This looks like a configuration question related to EVPN VPWS. I'll need to carefully review the options and think through the requirements for proper EVPN VPWS operation.
upvoted 0 times
...
Vanna
1 year ago
Haha, good one Detra. But seriously, A is the answer. Gotta love those audit logs, am I right?
upvoted 0 times
...
Reyes
1 year ago
I agree with Sheridan, A) seems to be the most relevant option for detecting high-risk activities by a root user
upvoted 0 times
...
Detra
1 year ago
Yeah, option A is the way to go. Gotta keep an eye on that root user, am I right? *wink wink*
upvoted 0 times
Isreal
1 year ago
Definitely, gotta keep an eye on that root user.
upvoted 0 times
...
Lindsey
1 year ago
Yeah, option A is the way to go.
upvoted 0 times
...
...
Sheridan
1 year ago
But A) specifically mentions high-risk activities, so I think it's more accurate
upvoted 0 times
...
Samira
2 years ago
I disagree, I believe the correct answer is D)
upvoted 0 times
...
Stephania
2 years ago
I agree with Quentin. The wording of option A matches the question perfectly.
upvoted 0 times
...
Quentin
2 years ago
Option A looks like the correct answer to me. It's specifically querying the audit logs for high-risk activities executed by the root user.
upvoted 0 times
Judy
1 year ago
Yes, option A seems to be the most relevant choice for detecting high-risk activities by the root user.
upvoted 0 times
...
Omega
1 year ago
I agree, option A is specifically querying the audit logs for high-risk activities by the root user.
upvoted 0 times
...
Talia
1 year ago
I think option A is the correct answer.
upvoted 0 times
...
...
Sheridan
2 years ago
I think the answer is A)
upvoted 0 times
...

Save Cancel