ExamTopics Logo
Mail Us[email protected]
Menu
Palo-Alto-Networks Discussions
exam questions

Exam PCNSA All Questions

View all questions & answers for the PCNSA exam
Go to Exam

Exam PCNSA topic 1 question 186 discussion

Actual exam question from Palo Alto Networks's PCNSA
Question #: 186
Topic #: 1
[All PCNSA Questions]

A coworker found a USB labeled "confidential in the parking lot. They inserted the drive and it infected their corporate laptop with unknown malware The malware caused the laptop to begin infiltrating corporate data.
Which Security Profile feature could have been used to detect the malware on the laptop?

  • A. DNS Sinkhole
  • B. WildFire Analysis
  • C. Antivirus
  • D. DoS Protection
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by Hyay at Sept. 20, 2022, 10:18 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Surfside92
Highly Voted 2 years, 9 months ago
Selected Answer: C
The key word in the question = Detect Antivirus security profiles protect against viruses, worms, and trojans as well as spyware downloads. Answer A will indeed deal with the spyware when it kicks in and tries to do its stuff - but its Antivirus that detects it.
upvoted 10 times
Racoon1
1 year, 10 months ago
It only detects it while the traffic content in transit on the FW is being inspected. In addition, you can enable the DNS Sinkholing action in Anti-Spyware profiles to enable the firewall to forge a response to a DNS query for a known malicious domain, causing the malicious domain name to resolve to an IP address that you define. This feature helps to identify infected hosts on the protected network using DNS traffic. Infected hosts can then be easily identified in the traffic and threat logs because any host that attempts to connect to the sinkhole IP address is most likely infected with malware. Anti-Spyware and Vulnerability Protection profiles are configured similarly.
upvoted 2 times
...
...
Gabyi
Highly Voted 1 year, 2 months ago
I would say that the right answer would be B, Wildfire Analysis. The laptop was infected with UNKNOWN malware, there are no AV signatures that could detect it, there is no KNOWN malicious domain for a DNS Sinkhole, and DoS protection does not apply here. So the only possible way to detect a Zero-day or UNKNOWN malware would be a Wildfire Analysis.
upvoted 5 times
...
dragossky
Most Recent 10 months, 1 week ago
Selected Answer: C
Antivirus
upvoted 1 times
...
abbasr
10 months, 2 weeks ago
Correct Answer is B WildFire Analysis: This feature provides advanced threat detection by analyzing files and malware in a cloud-based sandbox environment. WildFire can detect and identify new and unknown malware that may not yet have signatures in the antivirus database. It helps in analyzing suspicious files and determining if they exhibit malicious behavior, which would be useful in identifying and mitigating the malware from the USB drive.
upvoted 3 times
...
Janhattal
1 year ago
the correct answer is C. not A - DNS sinkholing helps you to identify infected hosts on the protected network using DNS traffic in situations where the firewall cannot see the infected client's
upvoted 1 times
...
DIG_Tofu
1 year, 3 months ago
Selected Answer: C
Seems to be C. The question talking about "security profile feature". That's more logic to talk about of the "feature" in the "global" aspect knowing that the sinkhole is an option of the anti-spyware security profile feature. In this case if the correct answer is A, the answer should be "anti-spyware" instead of sinkhole. Maybe i'm wrong. Curious to know your thoughts about it.
upvoted 1 times
...
TG_Viper
1 year, 3 months ago
"Unknown malware" has NO signature yet...therefore needs Wildfire to detect and analyze the unknown threat...you can use DNS sinkhole to detect the infected hosts when they are attempting outbound connections to known malicious sites...best answer is use both...this question needs improvement on the wording!
upvoted 4 times
...
443Annny
1 year, 6 months ago
Selected Answer: A
i think its A
upvoted 1 times
...
Racoon1
1 year, 10 months ago
Selected Answer: A
With C: Antivirus It only detects it while the traffic content is in transit on the FW is being inspected. File has been transferred already via USB, hence bypassing the AV on the FW>.
upvoted 1 times
...
Zeruz
1 year, 11 months ago
Selected Answer: C
C: The question says: detect malware.
upvoted 1 times
...
Sanjug2022
2 years ago
Answer is C , Antivirus profiles protect against viruses, worms, and trojans as well as spyware downloads. Using a stream-based malware prevention engine, which inspects traffic the moment the first packet is received, the Palo Alto Networks antivirus solution can provide protection for clients without significantly impacting the performance of the firewall. This profile scans for a wide variety of malware in executables, PDF files, HTML and JavaScript viruses
upvoted 2 times
...
Ermbmx2
2 years, 1 month ago
Selected Answer: C
Because it says "detect malware ON the laptop" I will have to vote C. As DNS sinkhole wouldn't be actually ON the laptop and would have to be detected on the firewall or sinkhole log. It's a poorly worded question IMO.
upvoted 2 times
...
Kalender
2 years, 1 month ago
Selected Answer: C
DNS Sinkhole is for "Malicious Domain" detection. But Antivius is for malvare detection And the question is about "Malware Detection" ..."In addition, you can enable the DNS Sinkholing action in Anti-Spyware profiles to enable the firewall to forge a response to a DNS query for a known malicious domain, causing the malicious domain name to resolve to an IP address that you define..." (https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/policy/security-profiles)
upvoted 1 times
...
nolox
2 years, 3 months ago
Selected Answer: A
Because of word "Feature" https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/policy/security-profiles
upvoted 1 times
...
SillyGoose123
2 years, 3 months ago
Selected Answer: C
A DNS sinkhole can be set up to prevent C2 communications, but will not detect a virus
upvoted 2 times
...
khaled_ellaboudy
2 years, 4 months ago
Selected Answer: A
Security profile "feature" and not security profile. So it is DNS Sinkhole which is a "feature" of anti-spywear profile.
upvoted 3 times
Ermbmx2
2 years, 1 month ago
Yeah its a poorly worded question cause Palo Alto describes their security profiles as "Security Profile Features". Like stated here. "Additionally, Palo Alto Networks also comes with security profile features, such as antivirus, anti-spyware, VPN, URL Filtering and WildFire features, that are useful in averting both known and unknown threats.”
upvoted 1 times
Ermbmx2
2 years, 1 month ago
https://www.paloaltonetworks.com/customers/bank-ocbc-nisp The link to the source of the quote.
upvoted 1 times
...
Ermbmx2
2 years, 1 month ago
However, now that I am reading that article more in depth, it looks like it may be from the POV of the PA customer and not PA themselves. So I would delete my previous comment if I could LOL.
upvoted 1 times
...
...
...
OhEmGee
2 years, 5 months ago
Selected Answer: A
The PA AV isnt running on the endpoint. Malware is delivered via USB. S, now only DNS sinkhole can get info about infected endpoints. https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/threat-prevention/use-dns-queries-to-identify-infected-hosts-on-the-network/dns-sinkholing.
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel