Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us [email protected]
Menu

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
Palo-Alto-Networks Discussions

Exam PCNSA topic 1 question 186 discussion

Actual exam question from Palo Alto Networks's PCNSA
Question #: 186
Topic #: 1
[All PCNSA Questions]

A coworker found a USB labeled "confidential in the parking lot. They inserted the drive and it infected their corporate laptop with unknown malware The malware caused the laptop to begin infiltrating corporate data.
Which Security Profile feature could have been used to detect the malware on the laptop?

  • A. DNS Sinkhole
  • B. WildFire Analysis
  • C. Antivirus
  • D. DoS Protection
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Hyay at Sept. 20, 2022, 10:18 a.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
Surfside92
Highly Voted 1 year, 7 months ago
Selected Answer: C
The key word in the question = Detect Antivirus security profiles protect against viruses, worms, and trojans as well as spyware downloads. Answer A will indeed deal with the spyware when it kicks in and tries to do its stuff - but its Antivirus that detects it.
upvoted 8 times
Racoon1
8 months, 2 weeks ago
It only detects it while the traffic content in transit on the FW is being inspected. In addition, you can enable the DNS Sinkholing action in Anti-Spyware profiles to enable the firewall to forge a response to a DNS query for a known malicious domain, causing the malicious domain name to resolve to an IP address that you define. This feature helps to identify infected hosts on the protected network using DNS traffic. Infected hosts can then be easily identified in the traffic and threat logs because any host that attempts to connect to the sinkhole IP address is most likely infected with malware. Anti-Spyware and Vulnerability Protection profiles are configured similarly.
upvoted 1 times
...
...
Gabyi
Most Recent 1 week, 4 days ago
I would say that the right answer would be B, Wildfire Analysis. The laptop was infected with UNKNOWN malware, there are no AV signatures that could detect it, there is no KNOWN malicious domain for a DNS Sinkhole, and DoS protection does not apply here. So the only possible way to detect a Zero-day or UNKNOWN malware would be a Wildfire Analysis.
upvoted 1 times
...
davidmdlp85
3 weeks, 3 days ago
Selected Answer: A
Sorry I might be wrong in my last comment. The PA AV isn't running on the endpoint. Malware is delivered via USB. S, now only DNS sinkhole can get info about infected endpoints.https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/threat-prevention/use-dns-queries-toidentify-infected-hosts-on-the-network/dns-sinkholing.
upvoted 1 times
...
davidmdlp85
3 weeks, 3 days ago
Selected Answer: C
I would say that he key word in the question = Detect on the laptop for detections on the user endpoint is the antivirus for detections on outgoing traffic is the DNS SinkHole
upvoted 1 times
...
DIG_Tofu
1 month, 3 weeks ago
Selected Answer: C
Seems to be C. The question talking about "security profile feature". That's more logic to talk about of the "feature" in the "global" aspect knowing that the sinkhole is an option of the anti-spyware security profile feature. In this case if the correct answer is A, the answer should be "anti-spyware" instead of sinkhole. Maybe i'm wrong. Curious to know your thoughts about it.
upvoted 1 times
...
TG_Viper
2 months ago
"Unknown malware" has NO signature yet...therefore needs Wildfire to detect and analyze the unknown threat...you can use DNS sinkhole to detect the infected hosts when they are attempting outbound connections to known malicious sites...best answer is use both...this question needs improvement on the wording!
upvoted 1 times
...
443Annny
5 months ago
Selected Answer: A
i think its A
upvoted 1 times
...
Racoon1
8 months, 2 weeks ago
Selected Answer: A
With C: Antivirus It only detects it while the traffic content is in transit on the FW is being inspected. File has been transferred already via USB, hence bypassing the AV on the FW>.
upvoted 1 times
...
Zeruz
9 months, 2 weeks ago
Selected Answer: C
C: The question says: detect malware.
upvoted 1 times
...
Sanjug2022
10 months, 3 weeks ago
Answer is C , Antivirus profiles protect against viruses, worms, and trojans as well as spyware downloads. Using a stream-based malware prevention engine, which inspects traffic the moment the first packet is received, the Palo Alto Networks antivirus solution can provide protection for clients without significantly impacting the performance of the firewall. This profile scans for a wide variety of malware in executables, PDF files, HTML and JavaScript viruses
upvoted 2 times
...
Ermbmx2
1 year ago
Selected Answer: C
Because it says "detect malware ON the laptop" I will have to vote C. As DNS sinkhole wouldn't be actually ON the laptop and would have to be detected on the firewall or sinkhole log. It's a poorly worded question IMO.
upvoted 2 times
...
Kalender
1 year ago
Selected Answer: C
DNS Sinkhole is for "Malicious Domain" detection. But Antivius is for malvare detection And the question is about "Malware Detection" ..."In addition, you can enable the DNS Sinkholing action in Anti-Spyware profiles to enable the firewall to forge a response to a DNS query for a known malicious domain, causing the malicious domain name to resolve to an IP address that you define..." (https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/policy/security-profiles)
upvoted 1 times
...
nolox
1 year, 2 months ago
Selected Answer: A
Because of word "Feature" https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/policy/security-profiles
upvoted 1 times
...
SillyGoose123
1 year, 2 months ago
Selected Answer: C
A DNS sinkhole can be set up to prevent C2 communications, but will not detect a virus
upvoted 2 times
...
khaled_ellaboudy
1 year, 2 months ago
Selected Answer: A
Security profile "feature" and not security profile. So it is DNS Sinkhole which is a "feature" of anti-spywear profile.
upvoted 3 times
Ermbmx2
1 year ago
Yeah its a poorly worded question cause Palo Alto describes their security profiles as "Security Profile Features". Like stated here. "Additionally, Palo Alto Networks also comes with security profile features, such as antivirus, anti-spyware, VPN, URL Filtering and WildFire features, that are useful in averting both known and unknown threats.”
upvoted 1 times
Ermbmx2
1 year ago
https://www.paloaltonetworks.com/customers/bank-ocbc-nisp The link to the source of the quote.
upvoted 1 times
...
Ermbmx2
1 year ago
However, now that I am reading that article more in depth, it looks like it may be from the POV of the PA customer and not PA themselves. So I would delete my previous comment if I could LOL.
upvoted 1 times
...
...
...
OhEmGee
1 year, 3 months ago
Selected Answer: A
The PA AV isnt running on the endpoint. Malware is delivered via USB. S, now only DNS sinkhole can get info about infected endpoints. https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/threat-prevention/use-dns-queries-to-identify-infected-hosts-on-the-network/dns-sinkholing.
upvoted 1 times
...
J2J2J2J
1 year, 3 months ago
Selected Answer: C
Answer : C (DETECT the malware ON the laptop)
upvoted 1 times
...
Load full discussion...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel