Examice

Exam PCNSA All QuestionsBrowse all questions from this exam

Question 25

An administrator receives a global notification for a new malware that infects hosts. The infection will result in the infected host attempting to contact a command- and-control (C2) server.

Which two security profile components will detect and prevent this threat after the firewall's signature database has been updated? (Choose two.)

vulnerability protection profile applied to outbound security policies

anti-spyware profile applied to outbound security policies

antivirus profile applied to outbound security policies

URL filtering profile applied to outbound security policies

Correct Answer: B, C

To detect and prevent malware infections that contact command-and-control (C2) servers, the most effective security profile components are the Anti-Spyware and Antivirus profiles. The Anti-Spyware profile is specifically designed to detect and block spyware and malware attempting to communicate with C2 servers, thus preventing further compromise. The Antivirus profile detects and blocks viruses, worms, and other malware based on updated signature databases, which includes preventing the initial infection and subsequent attempts to contact C2 servers. Both profiles working together ensure comprehensive detection and prevention of such threats.

Discussion

Cyril_the_SquirlOptions: BD

B & D are Correct

agaticaOptions: BD

B&D -Anti-spyware is the only profile type that specifies c2 protections. -URL Filtering (command and control category) because the IP and URL associated with the c2 server will be added to a table of known malicious actors with the signature update.

AiazdOptions: BC

Read the question: Which profiles will DETECT (anti-virus, URL doesn't do detection it does filtering) and PREVENT from communicating (anti-spyware) + it's based on the signature database update So A & C

83KGOptions: BC

Page 35 https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/datasheets/education/pcnsa-study-guide.pdf

davidmdlp85Options: BC

I believe the key is in the question, when says Detect (spyware) and prevent (antivirus). Antivirus profiles protect against viruses, worms, and trojans as well as spyware downloads. Anti-Spyware profiles blocks spyware on compromised hosts from trying to phone-home or beacon out to external command-and-control (C2) servers, allowing you to detect malicious traffic leaving the network from infected clients.

rt_85Options: BD

B&D -Anti-spyware is the only profile type that specifies c2 protections. -URL Filtering because the IP and URL associated with the c2 server will be added to a table of known malicious actors with the signature update.

gbongainOptions: BC

This is Anti-Spyware but also Antivirus. The question says how the FW will detect it after 'signature update', meaning the malware signatures that the device can detect. URL filtering provide another solution but nothing to do with signatures.

PLOOptions: BD

B & D are correct

azzawimOptions: BD

answer is B&D

cjaceOptions: BC

B & C is correct

cjaceOptions: BC

While URL filtering (D) is beneficial and can contribute to preventing access to known malicious sites, it is not as effective as Anti-spyware (B) and Antivirus (C) profiles in detecting and preventing malware infections and their subsequent C2 communications directly. Thus, the primary tools for handling this threat after the signature database update would be Anti-spyware and Antivirus profiles.

cjace

B & D is correct

BMRobertsonOptions: BC

Its B&C; Take a look at the PCNSA studyguide (https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/datasheets/education/pcnsa-study-guide.pdf) and do a ctrl-F for "C2"...the only things that come up explicitly are Antispyware (p. 86, 90) and Antivirus (p. 35). Page 86 connects Antivirus with Wildfire which "also provides signatures for the persistent threats that are more evasive and have not yet been discovered by other antivirus solutions. As WildFire discovers threats, signatures are quickly created and then integrated into the standard antivirus signatures, which Threat Prevention subscribers can then download daily (sub-hourly for WildFire subscribers)"

argyris23Options: CD

I was thinking B and D and I gmade this question to ChatGPT. It replied C and D and here is what is answers when I asked why B is not a correct answer: B. Anti-spyware profile is a type of security profile that is typically used to prevent spyware and other malicious software from being installed on a network's endpoints. It may not be the best solution to detect and prevent malware that has already infected a host and is attempting to communicate with a C2 server. In this case, an antivirus profile (C.), which specifically detects and prevents the spread of viruses and other malicious software, would be more appropriate. Additionally, a URL filtering profile (D.), which blocks access to malicious or undesirable websites, could be used to prevent the infected host from communicating with the C2 server.

halifax

ChatGPT is stupid lol - How is website address blocking going to help you? The malware is already inside your network. The malware isn't going to use url to contact the C2 server it is already on the same network; it will use other protocols for the special delivery to C2 server.

captainpratt

you are right about that..

Merlin0oOptions: BC

B & C Should be correct, pages of the study guide: 36: Antivirus 133 4.1.2 Anti-Spyware

PunkSpOptions: BC

https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/policy/security-profiles

domesticpigOptions: AD

A & D - Page 134