Palo Alto Networks Exam PCNSC Topic 1 Question 77 Discussion

Actual exam question for Palo Alto Networks's PCNSC exam

Question #: 77
Topic #: 1

When a malware-infected host attempts to resolve a known command-and-control server, the traffic matches a security policy with DNS sinhole enabled, generating a traffic log.

What will be the destination IP Address in that log entry?

AThe IP Address of sinkhole.paloaltonetworks.com

BThe IP Address of the command-and-control server

CThe IP Address specified in the sinkhole configuration

DThe IP Address of one of the external DNS servers identified in the anti-spyware database

Show Suggested Answer

Suggested Answer: C

https://live.paloaltonetworks.com/t5/Management-Articles/How-to-Verify-DNS-Sinkhole-Function-is-Working/ta-p/65864

by Rebbecca at Jun 02, 2024, 12:52 AM

Limited Time Offer

25%

Off

Get Premium PCNSC Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Bettina

7 months ago

If the sinkhole is enabled, the destination IP should be the one specified in the configuration. So, C is the answer. Although, I'd love to know who came up with the term 'sinkhole' - must have been a security professional with a twisted sense of humor.

upvoted 0 times

...

Lawanda

8 months ago

I agree with Veronika. The traffic matches a security policy with DNS sinkhole enabled, so it makes sense that the destination IP Address would be the sinkhole IP Address.

upvoted 0 times

...

Merlyn

8 months ago

I'm feeling adventurous, so I'm going to go with D. It's the wildcard answer, but hey, maybe the security team is feeling extra sneaky today!

upvoted 0 times

...

Jeanice

8 months ago

Hmm, I'm torn between A and C. But I'll go with C since it seems like the most logical choice. Although, with security, you never know what kind of crazy stuff they might pull...

upvoted 0 times

...