A network administrator notices there is a false-positive situation after enabling Security profiles. When the administrator checks the threat prevention logs, the related signature displays: threat type: spyware category: dns-c2 threat ID: 1000011111
Which set of steps should the administrator take to configure an exception for this signature?
To configure an exception for a spyware signature categorized as DNS Command and Control (dns-c2), the appropriate steps involve navigating to the Anti-Spyware profile within the Security Profiles, selecting the DNS Exceptions tab (as this is specific to DNS threats), searching for the related threat ID, and enabling the exception. This addresses the identification of the DNS signature accurately. Therefore, the correct option is to navigate to Objects > Security Profiles > Anti-Spyware, select the related profile, select the DNS exceptions tab, search for the related threat ID, and click enable, then commit.
100% D A. Navigate to Objects > Security Profiles > Anti-Spyware Select related profile Select the signature exceptions tab and then click show all signatures Search related threat ID and click enable Change the default action Commit there is no option to change default action only enable B. Navigate to Objects > Security Profiles > Anti-Spyware Select related profile Select the Exceptions tab and then click show all signatures Search related threat ID and click enable Commit there is no any tab for Exception only signature Exception or DNS exception C. Navigate to Objects > Security Profiles > Vulnerability Protection Select related profile Select the Exceptions tab and then click show all signatures Search related threat ID and click enable Commit for sure not vulnerability D. Navigate to Objects > Security Profiles > Anti-Spyware Select related profile Select DNS exceptions tabs Search related threat ID and click enable Commit
100% bro
agree D Step 3 here - DNS signatures are handled differently https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/threat-prevention/create-threat-exceptions
https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/threat-prevention/create-threat-exceptions
100 % d checked on the Panorama
D: Select Objects>Security Profiles>Anti-Spyware. Add or modify the Anti-Spyware profile from which you want to exclude the threat signature, and select DNS Exceptions. Search for the DNS Threat ID for the DNS signature that you want to exclude from enforcement and select the box of the applicable signature. . . https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/threat-prevention/create-threat-exceptions
https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/threat-prevention/create-threat-exceptions
B - Easy: Just see GUI capture https://docs.paloaltonetworks.com/content/dam/techdocs/en_US/dita/_graphics/9-1/threat-prevention/threat-exception-antispyware.png/jcr:content/renditions/original
I chose D as this threat in the question is specifically a DNS threat so you follow Step 3
Correct answer is A, enable a specific signature, change the default action from reset both to allow and commit. https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClcrCAC
spyware category: dns-c2 - Option D
DNS Exceptions for sure !
D is correct