When a Prisma Cloud administrator is onboarding a single GCP project to Prisma Cloud, the Terraform script can perform several steps to facilitate this integration. The steps include B. create the Prisma Cloud role, which is essential for defining the permissions and capabilities that Prisma Cloud will have within the GCP environment, and C. enable the required APIs for Prisma Cloud, ensuring that Prisma Cloud can access the necessary GCP services and features for comprehensive cloud security management.

In a Prisma Cloud environment where both agentless scanning and Defender-based scans (Host and Container Defenders) are configured, there is no inherent conflict between these two scanning methods. Both agentless scans and Defender scans are designed to complement each other, providing comprehensive coverage and depth in the security analysis of the environment. Agentless scans offer a broad, less intrusive overview, while Defender scans provide deep, detailed insights into the security posture. Therefore, both types of scans will run concurrently, enhancing the overall security visibility and protection of the environment without disabling or interfering with each other's operations.
The agentless scanning architecture lets you inspect a host and the container images in that host without having to install an agent or affecting its execution.
https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/agentless-scanning/onboar

Adoption Advisor is a feature within Prisma Cloud that provides organizations with guidance on adopting various security capabilities based on their unique needs and the stage they are at in their cloud security journey. It doesn't enforce a fixed pace but rather suggests a tailored path for enhancing security posture, taking into account the organization's specific requirements and the complexity of their cloud environment.
The Adoption Advisor supports a broad range of security capabilities, encompassing Cloud Security Posture Management (CSPM), Cloud Workload Protection (CWP), Cloud Code Security (CCS), Out-of-Band (OEM), and Data Security. This comprehensive approach ensures that organizations can secure their cloud environments effectively across different phases of the application lifecycle, from development to deployment, and across various cloud resources and services.

In AWS, the net effective permissions are calculated based on various policy types and identities. The correct choices are:
A) AWS service control policies (SCPs): SCPs are used in AWS Organizations to manage permissions for all accounts within the organization, affecting the net effective permissions.
B) AWS IAM group: IAM groups define a set of permissions for a collection of users, influencing their effective permissions.
C) AWS IAM role: IAM roles provide temporary security credentials to assume a set of permissions, impacting the net effective permissions. Option D (AWS IAM User) and E (AWS IAM tag policy) also play roles in defining permissions, but A, B, and C are the primary types used in calculating net effective permissions, making them the correct choices.

In the context of Defend > Compliance > Containers and Images > CI within Prisma Cloud by Palo Alto Networks, the compliance checks are focused on the security posture and compliance of container images.
Therefore, the type of compliance check available under this section would be related to Images, ensuring they adhere to security best practices and compliance standards before being deployed.