Examice

Exam PCNSA All QuestionsBrowse all questions from this exam

Question 83

The CFO found a malware infected USB drive in the parking lot, which when inserted infected their corporate laptop. The malware contacted a known command- and-control server, which caused the infected laptop to begin exfiltrating corporate data.

Which security profile feature could have been used to prevent the communication with the command-and-control server?

Create an anti-spyware profile and enable DNS Sinkhole feature.

Create an antivirus profile and enable its DNS Sinkhole feature.

Create a URL filtering profile and block the DNS Sinkhole URL category

Create a Data Filtering Profiles and enable its DNS Sinkhole feature.

Correct Answer: A

To prevent communication with a command-and-control server after a malware infection, an anti-spyware profile should be created and the DNS Sinkhole feature enabled. This security measure intercepts and blocks DNS queries to known malicious domains, which would stop the infected device from establishing contact with the command-and-control server.

Discussion

chmaniOption: A

is this correct as i have seen in palo exam correct answer was "A" (create anti-spyware profile with dns sink hole?

nabilzayOption: A

DNS sinkhole is configured under an anti-spyware profile, A should be the correct option

ramasamymuthiahOption: A

Correct answer is A

Veasna_shadowOption: A

Which security profile feature could have been used to prevent the communications with the command and control server? Which security profile feature could have been used to prevent the communication with the command-and-control server? Create an anti-spyware profile and enable DNS Sinkhole feature.

LordScorpiusOption: A

Palo connects "anti-spyware" directly with C&C in all their literature.

[Removed]Option: A

a is the correct answer https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClGECA0 Configure the DNS Sinkhole action in the Anti-Spyware profile. Click on the Objects > Anti-Spyware under Security Profiles..

error_909Option: A

the question is asking about how to prevent " to prevent the communication with the command-and-control server?" so the answer here is A. beside That, DNS Sinkhole is only configurable under Anti-spyware :)

H3kermanOption: A

A should be correct

RivandOption: A

It's A

blu_gandalfOption: A

just answered in Practice exam , its A

ACPMOption: A

Answer is A: Anti-spyware

zeebo340Option: A

Correct answer is A

javimOption: D

"begin exfiltrating corporate data." The correct answer is D, Data filtaring profile to avoid exfiltrate corporate data

error_909

the sinkhole is a feature of antispyware.

Rider85Option: A

A is de correct

JheaxOption: A

Sinkhole is configured in Anti-spyware

francisco87Option: A

A is the correct answer