Which profile must be applied to the Security policy rule to block spyware on compromised hosts from trying to phone-home or beacon out to external command-and-control (C2) servers?
Which profile must be applied to the Security policy rule to block spyware on compromised hosts from trying to phone-home or beacon out to external command-and-control (C2) servers?
To block spyware on compromised hosts from trying to phone-home or beacon out to external command-and-control (C2) servers, an Anti-spyware profile must be applied to the Security policy rule. This profile is specifically designed to detect and block malicious traffic, including spyware attempting to connect with external C2 servers.
https://docs.paloaltonetworks.com/network-security/security-policy/security-profiles/security-profile-anti-spyware
Anti-Spyware profiles blocks spyware on compromised hosts from trying to phone-home or beacon out to external command-and-control (C2) servers, allowing you to detect malicious traffic leaving the network from infected clients.
A is the way
sure A
...Anti-Spyware profiles blocks spyware on compromised hosts from trying to phone-home or beacon out to external command-and-control (C2) servers, allowing you to detect malicious traffic leaving the network from infected clients... (https://docs.paloaltonetworks.com/network-security/security-policy/security-profiles/security-profile-anti-spyware)
...Anti-Spyware profiles blocks spyware on compromised hosts from trying to phone-home or beacon out to external command-and-control (C2) servers, allowing you to detect malicious traffic leaving the network from infected clients... (https://docs.paloaltonetworks.com/network-security/security-policy/security-profiles/security-profile-anti-spyware)
Answer should be A!!!!
Mostly because the admin will not know what websites the compromised hosts will communicate with so using the URL filtering profile will not be effective. The Anti Spyware sec profile however will sort you out fine, it's the chef's kiss in this situation!!!!