config where cloud type = 'aws' AND api name='aws-s3api-get-bucket-acr AND json.rule="((((acl grants{?

Posted by: Pdfprep Category: PCCSE Tags: PCCSE exam questions, PCCSE practice exam, PCCSE Certifications Post Date: April 9, 2021

A S3 bucket within AWS has generated an alert by violating the Prisma Cloud Default policy "AWS S3 buckets are accessible to public".

The policy definition follows:

config where cloud type = ‘aws’ AND api name=’aws-s3api-get-bucket-acr AND json.rule="((((acl grants{?(@ grantee=’AllUsers’)] size > 0) or policyStatusisPubiic is true) and publicAccessBlockConfiguration does not exist) or ((ad.grantsp(@ grantee==’AII Users’)] size > 0) and publicAccessBlockConfiguration ignorePubhcAds is false) or (policyStatus isPublic is true and publicAccessBlockConfiguration.restrictPublicBuckets is false)) and websiteConfiguration does not exist"

Why did this alert get generated?
A . anomalous behaviors
B . network traffic to the S3 bucket
C . configuration of the S3 bucket
D . an event within the cloud account

Answer: A

config where cloud type = ‘aws’ AND api name=’aws-s3api-get-bucket-acr AND json.rule="((((acl grants{?

Author

Leave a Reply Cancel reply