nerdexam
Palo_Alto_Networks

PCNSC · Question #44

PCNSC Question #44: Real Exam Question with Answer & Explanation

The correct answer is C. The IP Address specified in the sinkhole configuration. Change the "Action on DNS queries" to 'sinkhole'. Click in the Sinkhole IPv4 field and type in the fake IP. The example here shows using 1.1.1.1 for simplicity, but as long as this fake IP is not used inside of the network, then it should be Ok. Alternatively, you can also use ei

Question

When a malware-infected host attempts to resolve a known command-and-control server, the traffic matches a security policy with DNS sinhole enabled, generating a traffic log. What will be the destination IP Address in that log entry?

Exhibit

PCNSC question #44 exhibit

Options

  • AThe IP Address of sinkhole.paloaltonetworks.com
  • BThe IP Address of the command-and-control server
  • CThe IP Address specified in the sinkhole configuration
  • DThe IP Address of one of the external DNS servers identified in the anti-spyware database

Explanation

Change the "Action on DNS queries" to 'sinkhole'. Click in the Sinkhole IPv4 field and type in the fake IP. The example here shows using 1.1.1.1 for simplicity, but as long as this fake IP is not used inside of the network, then it should be Ok. Alternatively, you can also use either a Loopback IP (127.0.0.1) or Palo Alto Networks Sinkhole IP (71.19.152.112). https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Configure-DNS-Sinkhole/ta-

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full PCNSC Practice