PSE-PLATFORM · Question #72
PSE-PLATFORM Question #72: Real Exam Question with Answer & Explanation
The correct answer is A. Anti-Spyware profiles applied outbound security policies with DNS Query action set to sinkhole. Explanation/Reference: Starting with PAN-OS 6.0, DNS sinkhole is an action that can be enabled in Anti-Spyware profiles. A DNS sinkhole can be used to identify infected hosts on a protected network using DNS traffic in environments where the firewall can see the DNS query to a ma
Question
Options
- AAnti-Spyware profiles applied outbound security policies with DNS Query action set to sinkhole
- BFile Blocking profiles applied to outbound security policies with action set to alert
- CVulnerability Protection profiles applied to outbound security policies with action set to block
- DAntivirus profiles applied to outbound security policies with action set to alert
Explanation
Explanation/Reference: Starting with PAN-OS 6.0, DNS sinkhole is an action that can be enabled in Anti-Spyware profiles. A DNS sinkhole can be used to identify infected hosts on a protected network using DNS traffic in environments where the firewall can see the DNS query to a malicious URL. The DNS sinkhole enables the Palo Alto Networks device to forge a response to a DNS query for a known malicious domain/URL and causes the malicious domain name to resolve to a definable IP address (fake IP) that is given to the client. If the client attempts to access the fake IP address and there is a security rule in place that blocks traffic to this IP, the information is recorded in the logs. https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Configure-DNS-Sinkhole/ta-p/58891
Community Discussion
No community discussion yet for this question.