PCCSE · Question #216
Which policy type should be used to detect and alert on cryptominer network activity?
The correct answer is A. Anomaly. Anomaly policies (A) are the correct type for detecting cryptominer network activity. Prisma Cloud Anomaly policies use machine learning and behavioral baselines to detect unusual network traffic patterns, such as DNS lookups to known mining pools, high-volume outbound connection
Question
Which policy type should be used to detect and alert on cryptominer network activity?
Options
- AAnomaly
- BConfig-run
- CConfig-build
- DAudit event
How the community answered
(33 responses)- A88% (29)
- B6% (2)
- C3% (1)
- D3% (1)
Explanation
Anomaly policies (A) are the correct type for detecting cryptominer network activity. Prisma Cloud Anomaly policies use machine learning and behavioral baselines to detect unusual network traffic patterns, such as DNS lookups to known mining pools, high-volume outbound connections on non-standard ports, or traffic to cryptomining infrastructure - all hallmarks of cryptominer activity. Config-run (B) and Config-build (C) policies check resource configurations for misconfigurations, not network behavior. Audit event policies (D) trigger on specific API calls recorded in CloudTrail, not on network-level activity patterns.
Topics
Community Discussion
No community discussion yet for this question.