Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Palo Alto Networks Exam PCCSE Topic 1 Question 77 Discussion

Actual exam question for Palo Alto Networks's Prisma Certified Cloud Security Engineer exam
Question #: 77
Topic #: 1
[All Prisma Certified Cloud Security Engineer Questions]

Which IAM RQL query would correctly generate an output to view users who enabled console access with both access keys and passwords?

Show Suggested Answer Hide Answer

Contribute your Thoughts:

Marlon
4 months ago
Option B for the win! Though I have to say, the exam team really likes to make these IAM queries as complicated as possible, don't they?
upvoted 0 times
...
Glendora
4 months ago
Haha, looks like the exam writers are trying to trick us with all these 'cloud.resource' and 'json.rule' shenanigans. I'd go with the simplest option, which is B.
upvoted 0 times
...
Donte
4 months ago
Hmm, option B looks good, but shouldn't we use 'AND' instead of 'OR' between the access key and password checks? Just to be sure we get users with both.
upvoted 0 times
...
Carmen
4 months ago
Option B it is! But I'm wondering, do we really need to check for both access keys? Wouldn't just one active key be enough?
upvoted 0 times
...
Twana
4 months ago
The query in option B seems a bit convoluted. Shouldn't it be simpler, like just checking for 'access_key_1_active' or 'access_key_2_active' and 'password_enabled'?
upvoted 0 times
Selma
3 months ago
User 3: That would make it easier to understand and use.
upvoted 0 times
...
Emmett
3 months ago
User 2: Maybe they could simplify it by just checking for 'access_key_1_active' or 'access_key_2_active' and 'password_enabled'.
upvoted 0 times
...
Marylyn
3 months ago
User 1: Option B does seem a bit complex.
upvoted 0 times
...
...
Kiera
4 months ago
I'm not sure about the use of 'cloud.resource' in the query. Shouldn't it be 'network' since we're looking for IAM users?
upvoted 0 times
Nakisha
4 months ago
I'm not sure about the use of 'cloud.resource' in the query. Shouldn't it be 'network' since we're looking for IAM users?
upvoted 0 times
...
Kara
4 months ago
B) config from cloud.resource where api.name = 'aws-iam-get-credential-report' AND json.rule = access_key_1_active is true or access_key_2_active is true and password_enabled equals "true"
upvoted 0 times
...
Kanisha
4 months ago
A) config from network where api.name = 'aws-iam-get-credential-report' AND json.rule = cert_1_active is true or cert_2_active is true and password_enabled equals "true"
upvoted 0 times
...
...
Marvel
5 months ago
Option B looks correct to me. It checks for users with active access keys and enabled passwords.
upvoted 0 times
Fletcher
4 months ago
Let's try both options and see which one gives us the most accurate results.
upvoted 0 times
...
Margery
4 months ago
Yes, it seems like either option A or B could generate the desired output.
upvoted 0 times
...
Glory
4 months ago
I see, so both option A and B could potentially work for this query.
upvoted 0 times
...
Dulce
4 months ago
Option A seems to be checking for both access keys and passwords as well.
upvoted 0 times
...
Oneida
4 months ago
Yes, I agree. It specifically looks for users with active access keys and enabled passwords.
upvoted 0 times
...
Ozell
4 months ago
But what about option A? It also mentions checking for password_enabled equals 'true'.
upvoted 0 times
...
Mohammad
4 months ago
I think option B is the correct one.
upvoted 0 times
...
Arlette
5 months ago
I agree, option B checks for users with active access keys and enabled passwords.
upvoted 0 times
...
Vincenza
5 months ago
I think option B is the correct one.
upvoted 0 times
...
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77