BlackFriday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Palo Alto Networks Exam PCNSC Topic 5 Question 66 Discussion

Actual exam question for Palo Alto Networks's PCNSC exam
Question #: 66
Topic #: 5
[All PCNSC Questions]

When a malware-infected host attempts to resolve a known command-and-control server, the traffic matches a security policy with DNS sinhole enabled, generating a traffic log.

What will be the destination IP Address in that log entry?

Show Suggested Answer Hide Answer
Suggested Answer: C

https://live.paloaltonetworks.com/t5/Management-Articles/How-to-Verify-DNS-Sinkhole-Function-is-Working/ta-p/65864


by Deandrea at Dec 08, 2023, 10:57 PM

Limited Time Offer

25%

Off

Get Premium PCNSC Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Clemencia
7 months ago
Hmm, that's a good point. I didn't consider that possibility. But wouldn't that mean the traffic would still be routed to an external server, rather than being completely sinkholed? I'm leaning more towards C, just to be safe.
upvoted 0 times
...
Raylene
7 months ago
I'm not so sure about that. What if the sinkhole is configured to use the IP address of one of the external DNS servers identified in the anti-spyware database? Wouldn't that be D then?
upvoted 0 times
Lawrence
6 months ago
Good point. In that case, it would be C.
upvoted 0 times
...
Cammy
6 months ago
But what if the sinkhole is specifically configured to use its own IP address?
upvoted 0 times
...
Luis
6 months ago
I think it would be D then.
upvoted 0 times
...
Nilsa
6 months ago
D) The IP Address of one of the external DNS servers identified in the anti-spyware database
upvoted 0 times
...
Lon
6 months ago
C) The IP Address specified in the sinkhole configuration
upvoted 0 times
...
Jean
6 months ago
B) The IP Address of the command-and-control server
upvoted 0 times
...
Catherin
6 months ago
A) The IP Address of sinkhole.paloaltonetworks.com
upvoted 0 times
...
...
Avery
7 months ago
Yeah, I agree with you. The sinkhole is designed to redirect the malware-infected host's traffic to a specific IP address, so C seems like the logical choice here. It's a pretty straightforward question, but I'm sure the exam will have some trickier ones too.
upvoted 0 times
...
Tamar
7 months ago
Hmm, this question seems to be testing our understanding of how DNS sinkholing works. I'm pretty sure the answer is C, the IP address specified in the sinkhole configuration. That's where the traffic would get redirected to, right?
upvoted 0 times
...

Save Cancel