Block - Defender stops the entire container if a process that violates your policy attempts to run.
https://docs.prismacloudcompute.com/docs/enterprise_edition/runtime_defense/runtime_defense_containers.
html#_effect

The activities listed (Backdoor account access, Hijacked processes, Lateral movement, Port scanning) are categorized as incidents (option B). Incidents represent security events or patterns of activity that indicate potential security breaches or malicious behavior within the environment. Prisma Cloud identifies and classifies such activities as incidents to highlight significant security concerns that require investigation and potential remediation. This categorization helps security teams prioritize their response efforts, focusing on activities that pose a real threat to the integrity and security of the cloud environment. By distinguishing incidents from other types of security findings, Prisma Cloud enables more effective incident response and threat management processes.

In the MITRE ATT&CK framework, the tactic "Exploit Public-Facing Application" is categorized under Initial Access. This tactic involves leveraging vulnerabilities in public-facing applications to gain unauthorized access to an organization's external services or applications. Initial Access tactics are concerned with the methods adversaries use to gain an initial foothold within a network, and exploiting public-facing applications is a common approach used by attackers to breach external defenses and establish a presence within a target network.

The correct command to scan the nginx:latest image for vulnerabilities and compliance issues using the Prisma Cloud twistcli tool is shown in Option D. This command uses twistcli images scan with specified parameters for the console address, username, and password, and it outputs the results to a file named scan- results.json. This allows for the scanning results to be saved and reviewed in a structured format, which aids in further analysis and tracking of vulnerabilities and compliance issues.

In Prisma Cloud, to automatically enable all severity levels for alerts, a user would need to navigate to the Policies section, then to Settings. Within this area, there is an option for "auto-enable default policies," which, when checked for all severity levels, ensures that any default policies related to those severities are automatically activated. This is a configuration setting that streamlines the alerting process by ensuring that all relevant severity levels are covered by the default policies without the need for manual intervention.
https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/prisma-cloud-policies/manage- prisma-cloud-policies Step 1- To enable global settings for Prisma Cloud default policies click "Settings" and select "Enterprise Settings" Step 2- To enable policies based on severity, select Auto enable new default policies of the type- Critical, High, Medium, Low or Informational.