PCNSE · Question #287
PCNSE Question #287: Real Exam Question with Answer & Explanation
The correct answer is A: Anti-Spyware. Best Practice Internet Gateway Anti-Spyware Profile Attach an Anti-Spyware profile to all allowed traffic to detect command and control traffic (C2) initiated from malicious code running on a server or endpoint and prevent compromised systems from establishing an outbound connect
Question
A firewall administrator has been asked to configure a Palo Alto Networks NGFW to prevent against compromised hosts trying to phone-home or beacon out to external command-and- control (C2) servers. Which Security Profile type will prevent these behaviors?
Options
- AAnti-Spyware
- BWildFire
- CVulnerability Protection
- DAntivirus
Explanation
Best Practice Internet Gateway Anti-Spyware Profile Attach an Anti-Spyware profile to all allowed traffic to detect command and control traffic (C2) initiated from malicious code running on a server or endpoint and prevent compromised systems from establishing an outbound connection from your network. Clone the predefined strict Anti- Spyware profile and edit it. To ensure availability for business-critical applications, follow the Transition Anti-Spyware Profiles Safely to Best Practices advice as you move from your current state to the best practice profile. Edit the profile to enable DNS sinkhole and packet capture to help you track down the endpoint that attempted to resolve the malicious domain. The best practice Anti-Spyware profile retains the default Action to reset the connection when the firewall detects a medium, high, or critical severity threat, and enables single packet capture (PCAP) for those threats. https://docs.paloaltonetworks.com/best-practices/10-0/internet-gateway-best-practices/best- practice-internet-gateway-security-policy/create-best-practice-security-profiles.html https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/policy/security-profiles
Topics
Community Discussion
No community discussion yet for this question.