Examice

Exam PCCSE All QuestionsBrowse all questions from this exam

Question 79

An administrator sees that a runtime audit has been generated for a Container. The audit message is `DNS resolution of suspicious name wikipedia.com. type A`.

Why would this message appear as an audit?

The DNS was not learned as part of the Container model or added to the DNS allow list.

This is a DNS known to be a source of malware.

The process calling out to this domain was not part of the Container model.

The Layer7 firewall detected this as anomalous behavior.

Correct Answer: A

The audit message appears because the DNS was not learned as part of the Container model or added to the DNS allow list. When a runtime audit is generated for DNS resolution, it often indicates that the domain being resolved is not recognized based on the established model of usual network behavior for the container. Adding known and trusted domains to the DNS allow list can help prevent such audit messages for legitimate DNS requests.

Discussion

Redrum702Option: A

A https://docs.paloaltonetworks.com/prisma/prisma-cloud/21-08/prisma-cloud-compute-edition-admin/runtime_defense/runtime_audits

SpippoloOption: A

A --> To avoid getting such an event for a known and allowed domain, add the domain name to the Runtime rule’s Domains list under Allowed in the Networking tab.

Chichi23Option: A

A. The DNS was not learned as part of the Container model or added to the DNS allow list.