nerdexam
Palo_Alto_Networks

PCCSE · Question #216

Which policy type should be used to detect and alert on cryptominer network activity?

The correct answer is A. Anomaly. Anomaly policies (A) are the correct type for detecting cryptominer network activity. Prisma Cloud Anomaly policies use machine learning and behavioral baselines to detect unusual network traffic patterns, such as DNS lookups to known mining pools, high-volume outbound connection

Cloud Network Security

Question

Which policy type should be used to detect and alert on cryptominer network activity?

Options

  • AAnomaly
  • BConfig-run
  • CConfig-build
  • DAudit event

How the community answered

(33 responses)
  • A
    88% (29)
  • B
    6% (2)
  • C
    3% (1)
  • D
    3% (1)

Explanation

Anomaly policies (A) are the correct type for detecting cryptominer network activity. Prisma Cloud Anomaly policies use machine learning and behavioral baselines to detect unusual network traffic patterns, such as DNS lookups to known mining pools, high-volume outbound connections on non-standard ports, or traffic to cryptomining infrastructure - all hallmarks of cryptominer activity. Config-run (B) and Config-build (C) policies check resource configurations for misconfigurations, not network behavior. Audit event policies (D) trigger on specific API calls recorded in CloudTrail, not on network-level activity patterns.

Topics

#Anomaly detection#Threat detection#Cryptomining#Network security policies

Community Discussion

No community discussion yet for this question.

Full PCCSE Practice