Palo Alto Networks Certified Network Security Administrator (PCNSA) — Question 150
An administrator wants to prevent hacking attacks through DNS queries to malicious domains.
Which two DNS policy actions can the administrator choose in the Anti-Spyware Security Profile? (Choose two.)
Answer options
- A. deny
- B. block
- C. sinkhole
- D. override
Correct answer: B, C
Explanation
The correct answers are 'block' and 'sinkhole' because these actions effectively prevent access to malicious domains. 'Block' stops the DNS queries from resolving, while 'sinkhole' redirects the queries to a safe location. The options 'deny' and 'override' do not specifically address the prevention of malicious domain access in the same manner.