Palo Alto Networks Certified Network Security Administrator (PCNSA) — Question 19

The CFO found a malware infected USB drive in the parking lot, which when inserted infected their corporate laptop. The malware contacted a known command- and-control server, which caused the infected laptop to begin exfiltrating corporate data.
Which security profile feature could have been used to prevent the communication with the command-and-control server?

Answer options

• A. Create an anti-spyware profile and enable DNS Sinkhole feature.
• B. Create an antivirus profile and enable its DNS Sinkhole feature.
• C. Create a URL filtering profile and block the DNS Sinkhole URL category
• D. Create a Data Filtering Profiles and enable its DNS Sinkhole feature.

Correct answer: A

Explanation

The correct answer is A because creating an anti-spyware profile with the DNS Sinkhole feature helps intercept and prevent communication with malicious servers. Options B and D focus on antivirus and data filtering, which do not specifically target command-and-control traffic. Option C, while involving URL filtering, does not directly utilize the DNS Sinkhole feature, making it less effective for this situation.