BlackFriday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Palo Alto Networks Exam PCNSC Topic 1 Question 70 Discussion

Actual exam question for Palo Alto Networks's PCNSC exam
Question #: 70
Topic #: 1
[All PCNSC Questions]

When a malware-infected host attempts to resolve a known command-and-control server, the traffic matches a security policy with DNS sinhole enabled, generating a traffic log.

What will be the destination IP Address in that log entry?

Show Suggested Answer Hide Answer
Suggested Answer: C

https://live.paloaltonetworks.com/t5/Management-Articles/How-to-Verify-DNS-Sinkhole-Function-is-Working/ta-p/65864


by Devora at Mar 06, 2024, 07:23 PM

Limited Time Offer

25%

Off

Get Premium PCNSC Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Peggie
5 months ago
In that case, I believe the destination IP Address in the log entry would be the IP Address specified in the sinkhole configuration.
upvoted 0 times
...
Amber
5 months ago
But what if the IP Address specified in the sinkhole configuration is different?
upvoted 0 times
...
Kati
6 months ago
I agree with you, Corinne. The traffic matches the security policy with DNS sinkhole enabled.
upvoted 0 times
...
Corinne
6 months ago
I think the destination IP Address will be the IP Address of sinkhole.paloaltonetworks.com.
upvoted 0 times
...
Shawana
7 months ago
Haha, you guys are really overthinking this. It's obviously C - the IP address specified in the sinkhole configuration. The sinkhole is where the traffic is being redirected, so that's what's going to be logged.
upvoted 0 times
Rosalia
6 months ago
I see your point. It does make sense that the IP address specified in the sinkhole configuration is what would be logged.
upvoted 0 times
...
Allene
6 months ago
No, it wouldn't be the command-and-control server's IP address. It's definitely the one specified in the sinkhole configuration.
upvoted 0 times
...
Janna
6 months ago
I think it might actually be the IP address of the command-and-control server that is logged.
upvoted 0 times
...
Carey
6 months ago
But the traffic is redirected to the sinkhole, so it makes sense that its IP address will be logged.
upvoted 0 times
...
Charlena
6 months ago
No, it will be the IP address of the sinkhole.paloaltonetworks.com.
upvoted 0 times
...
Selene
6 months ago
The destination IP address in the log entry will be the IP address specified in the sinkhole configuration.
upvoted 0 times
...
...
Carlton
7 months ago
I'm not so sure about that, Sanjuana. If the traffic is being redirected to the sinkhole, then I think the log would show the IP address of the sinkhole, which is C. That's my guess.
upvoted 0 times
...
Sanjuana
7 months ago
I'm leaning towards B - the IP address of the command-and-control server. That's the original destination the malware-infected host was trying to reach, so I think that's what would be logged.
upvoted 0 times
...
Jesus
7 months ago
Hmm, this is an interesting one. I'm not entirely sure, but I think the answer might be C - the IP address specified in the sinkhole configuration. That makes the most sense to me, since the traffic is being redirected to the sinkhole.
upvoted 0 times
...

Save Cancel