Exam PCNSA topic 1 question 25 discussion

B & D are Correct

Anti-virus will protect against virus and worms while antispyware will prevent infected hosts from trying to contact C2 which is the attacker host

answer is B&D

B & C is correct

While URL filtering (D) is beneficial and can contribute to preventing access to known malicious sites, it is not as effective as Anti-spyware (B) and Antivirus (C) profiles in detecting and preventing malware infections and their subsequent C2 communications directly. Thus, the primary tools for handling this threat after the signature database update would be Anti-spyware and Antivirus profiles.

B & D is correct

B&D -Anti-spyware is the only profile type that specifies c2 protections. -URL Filtering (command and control category) because the IP and URL associated with the c2 server will be added to a table of known malicious actors with the signature update.

Read the question: Which profiles will DETECT (anti-virus, URL doesn't do detection it does filtering) and PREVENT from communicating (anti-spyware) + it's based on the signature database update So A & C

B&D -Anti-spyware is the only profile type that specifies c2 protections. -URL Filtering because the IP and URL associated with the c2 server will be added to a table of known malicious actors with the signature update.

Its B&C; Take a look at the PCNSA studyguide (https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/datasheets/education/pcnsa-study-guide.pdf) and do a ctrl-F for "C2"...the only things that come up explicitly are Antispyware (p. 86, 90) and Antivirus (p. 35). Page 86 connects Antivirus with Wildfire which "also provides signatures for the persistent threats that are more evasive and have not yet been discovered by other antivirus solutions. As WildFire discovers threats, signatures are quickly created and then integrated into the standard antivirus signatures, which Threat Prevention subscribers can then download daily (sub-hourly for WildFire subscribers)"

Page 35 https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/datasheets/education/pcnsa-study-guide.pdf

I was thinking B and D and I gmade this question to ChatGPT. It replied C and D and here is what is answers when I asked why B is not a correct answer: B. Anti-spyware profile is a type of security profile that is typically used to prevent spyware and other malicious software from being installed on a network's endpoints. It may not be the best solution to detect and prevent malware that has already infected a host and is attempting to communicate with a C2 server. In this case, an antivirus profile (C.), which specifically detects and prevents the spread of viruses and other malicious software, would be more appropriate. Additionally, a URL filtering profile (D.), which blocks access to malicious or undesirable websites, could be used to prevent the infected host from communicating with the C2 server.

This is Anti-Spyware but also Antivirus. The question says how the FW will detect it after 'signature update', meaning the malware signatures that the device can detect. URL filtering provide another solution but nothing to do with signatures.

B & C Should be correct, pages of the study guide: 36: Antivirus 133 4.1.2 Anti-Spyware

https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/policy/security-profiles

B & D are correct

A & D - Page 134