Palo Alto Networks Certified Network Security Administrator (PCNSA) — Question 135

Which DNS Query action is recommended for traffic that is allowed by Security policy and matches Palo Alto Networks Content DNS Signatures?

Answer options

• A. block
• B. sinkhole
• C. allow
• D. alert

Correct answer: B

Explanation

The recommended action is to use 'sinkhole' for DNS queries that match the specified content signatures, as it helps to redirect malicious traffic while still allowing legitimate traffic. Blocking or allowing may not provide the necessary visibility or control, and alerting does not take action on the traffic itself.