You receive notification about new malware that is being used to attack hosts. The malware exploits a software bug in common application.
Which Security Profile detects and blocks access to this threat after you update the firewall's threat signature database?
To detect and block access to threats that exploit software bugs in common applications, the appropriate choice is the Vulnerability Protection Profile applied to inbound Security policy rules. This profile is specifically designed to detect attempts to exploit known software vulnerabilities, such as buffer overflows and illegal code execution, which are common attack vectors for malware. By applying this profile to inbound security policy rules, you can block such threats before they penetrate the network and compromise hosts.
Agree, should be D. See study guide p153: Vulnerability Protection - Detects attempts to exploit known software vulnerabilities
Vulnerability Protection Security Profiles stop attempts to exploit system flaws or gain unauthorized access to systems. Anti-Spyware Security Profiles identify infected hosts as traffic leaves the network, but Vulnerability Protection Security Profiles protect against threats entering the network. For example, Vulnerability Protection Security Profiles protect against buffer overflows, illegal code execution, and other attempts to exploit system vulnerabilities Correct answer is D Ref - PCNSA Study Guide 2022 - P157
I would think that D is the most accurate because it can detect and block traffic which uses known vulnererabilies. But AntiVirus could help to avoid downloading the malware itself.. But how the question sounds, it's more likely D what they want to hear.
https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/datasheets/education/pcnsa-study-guide.pdf Page 153 Vulnerability Protection - Detects attempts to exploit known software vulnerabilities
Apply a Vulnerability Protection profile to every Security Policy rule that allows traffic to protect against buffer overflows, illegal code execution, and other attempts to exploit client- and server-side vulnerabilities. https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-web-interface-help/objects/objects-security-profiles-vulnerability-protection.html
https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/policy/security-profiles
The correct answer is D. Vulnerability Protection Profile applied to inbound Security policy rules. Vulnerability Protection Profiles are designed to detect and block attempts to exploit software bugs in common applications. When a new malware is identified and the firewall’s threat signature database is updated, the Vulnerability Protection Profile can detect and block access to this threat. This profile is typically applied to inbound Security policy rules to protect the network from external threats.
Vulnerability Protection profiles stop attempts to exploit system flaws or gain unauthorized access to systems. While Anti-Spyware profiles help identify infected hosts as traffic leaves the network, Vulnerability Protection profiles protect against threats entering th e network. For example, Vulnerability Protection profiles help protect against buffer overflows, illegal code execution, and other attempts to exploit system vulnerabilities. [Palo Alto Networks]
D is correct
the exploit is on a Vulnerability. The issue is whether Palo calls it that or combines it in "antivirus". Looking at the previous comments, it is obvious that Vulnerability is a separate security policy concern.
the exploit is on a Vulnerability. The issue is whether Palo calls it that or combines it in "antivirus". Looking at the previous comments, it is obvious that Vulnerability is a separate security policy concern.
D is correct
D is Correct
I think it's D, but no one has come to this last question so there are no comments..