An administrator receives a global notification for a new malware that infects hosts. The infection will result in the infected host attempting to contact and command-and-control (C2) server.
Which security profile components will detect and prevent this threat after the firewall's signature database has been updated?
The correct security profile component to detect and prevent the threat of an infected host attempting to contact a command-and-control (C2) server is the antivirus profile applied to outbound security policies. An updated antivirus profile includes signatures that detect and block malware communications, including those attempting to reach C2 servers. Data filtering profiles are primarily designed for preventing data leaks, not specifically for blocking C2 traffic. Therefore, an antivirus profile is the most appropriate choice for this scenario.
Correct answer is A, only AV, URL filtering, Wilfire & Anti spyware can block C2. Data filtering is DLP (data lost prevention) so wrong answer.
totally agree
agreed A is the answer
Best answer is C, read PCNSA Study Guide at page 27. Because Antivirus Profile can prevent downloading spyware from internet (inboud traffic). In this question, user has been infected. Now malware establish a connection with C2 Server and leak client's data to outsite (Outbound). You can use Data Filter to prevent exfiltration. Also use Anti-spam profile but that's not listed in this question.
That's not what the question reads.
Palo Alto Networks Certified Network Security Administrator Study Guide page 61 Antivirus: Includes new and updated antivirus signatures, including WildFire signatures and automatically generated command-and-control (C2) signatures. WildFire signatures detect malware seen first by firewalls from around the world. You must have a Threat Prevention subscription to get these updates. New antivirus signatures are published daily.
answer A : https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-upgrade/software-and-content-updates/dynamic-content-updates#:~:text=Antivirus%20updates%20are%20released%20every,ll%20need%20a%20WildFire%20subscription.
A is the correct option
A. C is technically possible, but it's talking about updating signature databases, the answer is clearly hinting at the AV profile.
but you can block outbound C2 communications with traffic that matches file and data patterns with a Data filtering profile. Study Guide (July 2021 page 37) Actions on the Objective.
while this is true, the question is only asking which one will inherently prevent C2. You have to manually configure a solution in the case of answer C. Answer A will protect against this communication as the signature is updated.
A is the answer
Correct Answer A
Should be A
Which administrator receives a global notification for a new malware that infects hosts. The infection will result in the infected host attempting to contact and command-and-control (C2) server. Which security profile components will detect and prevent this threat after the firewall`s signature database has been updated?
I think the correct answer is absent the correct answer "Spyware profile applied to outbound security policies" Not AV or sure Data Filtering . But AV profile may be near to the right
Wrong Use Data Filtering Profiles to prevent sensitive, confidential, and proprietary information from leaving your network. Predefined patterns, built-in settings, and customizable options make it easy for you to protect files that contain certain file properties (such as a document title or author), credit card numbers, regulated information from different countries (like social security numbers), and third-party data loss prevention (DLP) labels.
The best answer is C. Data filtering can be used for blocking uploads that match file and data pattern upload. It is explaind in PCNSA Study Guide at page 27.
The correct answer is A.
A is correct
"data filtering" cannot be correct. URL filtering would be however, it ain't no where's to be seen.
Only A