Prisma Certified Cloud Security Engineer (PCCSE) — Question 144

An administrator sees that a runtime audit has been generated for a Container. The audit message is `DNS resolution of suspicious name wikipedia.com. type A`.
Why would this message appear as an audit?

Answer options

• A. The DNS was not learned as part of the Container model or added to the DNS allow list.
• B. This is a DNS known to be a source of malware.
• C. The process calling out to this domain was not part of the Container model.
• D. The Layer7 firewall detected this as anomalous behavior.

Correct answer: A

Explanation

The correct answer is A because the DNS resolution for wikipedia.com was not recognized as a legitimate entry in the Container model, prompting an audit. Option B is incorrect as wikipedia.com is not known for malware. Option C is wrong because it does not address the DNS allow list, and option D is incorrect since this specific behavior is not flagged by the Layer7 firewall.