Palo Alto Networks PSE-PrismaCloud Exam - Topic 6 Question 4 Discussion

Actual exam question for Palo Alto Networks's PSE-PrismaCloud exam

Question #: 4
Topic #: 6

Which RQL string using network query attributes returns all traffic destined for Internet or for Suspicious IPs that also exceeds 1GB?

Anetwork where publicnetwork = ('Internet IPs', 'Suspicious IPs') AND bytes > 1000000000

Bnetwork where dest publicnetwork IN ('Internet IPs', 'Suspicious IPs') AND bytes > 1000000000

Cshow traffic where destination.network = ('Internet IPs', 'Suspicious IPs') AND bytes > 1000000000

Dnetwork where bytes > 1GB and destination = 'Internet IPs' OR 'Suspicious IPs'
https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-rql-reference/rql-reference/rql-examples
All network traffic that is greater than 1GB and destined to Internet or Suspicious IPs (allows you to identify data exfiltration attempt on any cloud environment).
network where dest.publicnetwork IN ( 'Internet IPs', 'Suspicious IPs' ) AND bytes > 1000000000

Show Suggested Answer

Suggested Answer: B

by Lavonna at May 07, 2022, 03:37 AM

Limited Time Offer

25%

Off

Get Premium PSE-PrismaCloud Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Magda

3 months ago

I thought it was C at first, but B makes more sense.

upvoted 0 times

...

Markus

3 months ago

A looks off, should be IN not =.

upvoted 0 times

...

Aleshia

4 months ago

Wait, isn't 1GB a bit low for suspicious traffic?

upvoted 0 times

...

Moon

4 months ago

Definitely agree with B!

upvoted 0 times

...

Hildegarde

4 months ago

I think option B is the right one.

upvoted 0 times

...

Pok

4 months ago

I definitely remember that we need to check for bytes greater than 1GB, but I’m confused about how to structure the conditions correctly.

upvoted 0 times

...

Maryrose

4 months ago

I feel like "destination.network" might be the correct attribute, but I can't recall if it should be "dest" instead.

upvoted 0 times

...

Jin

4 months ago

I think option B looks familiar; it seems to match the syntax we used in the last practice exam.

upvoted 0 times

...

Cordie

5 months ago

I remember practicing RQL queries, but I'm not sure if "IN" is the right operator here.

upvoted 0 times

...

Adelina

5 months ago

Okay, let's see. The question is asking about the technique used by the audit software tool, not just the purpose of the audit software. I'm leaning towards B - Parallel simulation, but I'll double-check the other options just to be sure.

upvoted 0 times

...

Gertude

5 months ago

Hmm, I'm not totally sure about the difference between some of these terms like "function" and "workflow." I'll have to think it through and see if I can eliminate any options that don't seem to fit the description.

upvoted 0 times

...

Terrilyn

5 months ago

Hmm, I'm a bit confused on the difference between custom products and the content library. I'll need to review that material again to make an informed decision.

upvoted 0 times

...

Aleshia

5 months ago

Using to enforce strict type definitions definitely sounds familiar, and it's crucial for data validation.

upvoted 0 times

...

Vesta

5 months ago

Okay, let's see. I know password and Social Security number are definitely personal data under GDPR. I'm a bit less sure about the other options, but I'll give it my best shot.

upvoted 0 times

...