An administrator wants to prevent users from unintentionally accessing malicious domains where data can be exfiltrated through established connections to remote systems. From the Pre-defined Categories tab within the URL Filtering profile what is the right configuration to prevent such connections?
To prevent users from unintentionally accessing malicious domains where data can be exfiltrated through established connections to remote systems, the appropriate configuration in the URL Filtering profile is to block the Command and Control category. This category specifically targets URLs and domains used by malware or compromised systems to communicate with an attacker's remote server, thus preventing data exfiltration and the execution of malicious commands.
https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/url-filtering/url-categories/url-category-best-practices
A could be correct since CC is part of what the malware does. However, if there is a category for CC traffic then that is what I would go with.
Answer B: "command-and-control—Command-and-control URLs and domains used by malware and/or compromised systems to surreptitiously communicate with an attacker's remote server to receive malicious commands or exfiltrate data."
"established connections to remote system"->Command and Control The correct is B
Command-and-control (C2) URLs and domains used by malware or compromised systems to surreptitiously communicate with an attacker's remote server to receive malicious commands or exfiltrate data.
B is correct
C2 domains
Looks like A is also correct? malware—Sites known to host malware or used for command and control (C2) traffic. May also exhibit Exploit Kits. (From the same web link)
"command-and-control—Command-and-control URLs and domains used by malware and/or compromised systems to surreptitiously communicate with an attacker's remote server to receive malicious commands or exfiltrate data." so the answer is B, not A. cuz the question said: "from unintentionally accessing malicious domains".