Prisma Certified Cloud Security Engineer (PCCSE) Practice Exam

The Palo Alto Networks Certified Cloud Security Engineer (PCCSE) certification confirms the expertise, capabilities, and proficiencies necessary for implementing, deploying, and managing all aspects of Prisma Cloud. PCCSE encompasses Prisma Cloud, Prisma Cloud Enterprise, and Prisma Cloud Compute, demonstrating an individual's understanding of Prisma Cloud platform applications, data, and the entire cloud-native technology stack. This knowledge spans across the development lifecycle and encompasses multi- and hybrid cloud environments.

Who should take the exam?

This certification is suitable for individuals seeking to showcase their proficiency with Prisma Cloud, including those in roles such as cloud security professionals, customer success representatives, DevOps practitioners, cloud support specialists, professional services consultants, application security engineers, cybersecurity architects, and team leaders.

Knowledge Requirement:

Candidates:

• Have the ability to create, build, and uphold detection measures for cloud security policies and compliance standards.
• Can investigate cloud attack methodologies, strategies, and detection methods utilizing event and network flow logs.
• Can engage in public outreach forums and advocate for recommendations aligned with Palo Alto Networks standards.
• Have 0-3 years of experience in public cloud environments, proficiency in Python, familiarity with containers, Kubernetes, Terraform, and cloud technologies.

Exam Details

• Exam Name: Prisma Certified Cloud Security Engineer (PCCSE)
• Exam Languages: English
• Exam Questions: 75-85
• Time: 70-80 minutes

Course Outline 

The Exam covers the given topics  - 

Domain 1: Learn about Cloud Security Posture Management (CSPM) 21%

Task 1.1 Identify assets in a Cloud account

Task 1.2 Configure policies

Task 1.3 Configure compliance standards

Task 1.4 Configure alerting and notifications

Task 1.5 Use third-party integrations

Task 1.6 Perform ad hoc investigations

Task 1.7 Remediate alerts

Task 1.8 Use SecOps Dashboard

Domain 2: Understand Cloud Workload Protection (CWP) 21%

Task 2.1 Monitor and defend against image vulnerabilities

Task 2.2 Monitor and defend against host vulnerabilities

Task 2.3 Monitor and enforce image/container compliance

Task 2.4 Monitor and enforce host compliance

Task 2.5 Monitor and defend containers and hosts during runtime

Task 2.6 Monitor and protect against serverless vulnerabilities

Task 2.7 Configure WAAS

Task 2.8 Monitor and protect registries

Domain 3: Install, Upgrade, and Backup / Prisma Cloud Administration 19%

Task 3.1 Deploy and manage Console for the Compute Edition

Task 3.2 Deploy and manage defenders

Task 3.3 Configure Agentless Security

Task 3.4 Backup and restore Console

Task 3.5 Manage authentication

Task 3.6 Onboard accounts

Task 3.7 Configure access control

Task 3.8 Configure logging

Task 3.9 Manage enterprise settings

Task 3.10 Configure third-party integrations

Task 3.11 Leverage Cloud and Compute APIs

Task 3.12 Leverage Adoption Advisor and Alarm Center

Task 3.13 Access Knowledge Center and Help Center

Domain 4: Cloud Network Security and Identity-Based Microsegmentation Enterprise Edition 11%

Task 4.1 Configure Cloud network analyzer

Task 4.2 Deploy and manage Enforcers

Task 4.3 Manage local changes in a remote repository (dev-prod)

Task 4.4 Use NetSecOps dashboard

Domain 5: Prisma Cloud Code Security (PCCS) 12%

Task 5.1 Implement scanning for IAC templates

Task 5.2 Configure policies in Console for IAC scanning

Task 5.3 Configure CI policies for Compute scanning

Task 5.4 Manage configuration settings

Domain 6: Understand Identity and Access Management (IAM)/Prisma Cloud Data Security (PCDS) 16%

Task 6.1 Calculate net effective permissions

Task 6.2 Investigate incidents and create IAM policies

Task 6.3 Integrate IAM with IdP

Task 6.4 Remediate alerts

Task 6.5 Monitor Scan Results

Task 6.6 Assess Data Policies and Alerts

Task 6.7 Define data security scan settings