Palo Alto Networks Certified Network Security Administrator (PCNSA) — Question 9

The CFO found a USB drive in the parking lot and decide to plug it into their corporate laptop. The USB drive had malware on it that loaded onto their computer and then contacted a known command and control (CnC) server, which ordered the infected machine to begin Exfiltrating data from the laptop.
Which security profile feature could have been used to prevent the communication with the CnC server?

Answer options

• A. Create an anti-spyware profile and enable DNS Sinkhole
• B. Create an antivirus profile and enable DNS Sinkhole
• C. Create a URL filtering profile and block the DNS Sinkhole category
• D. Create a security policy and enable DNS Sinkhole

Correct answer: A

Explanation

The correct answer is A because an anti-spyware profile with DNS Sinkhole enabled can help redirect malicious traffic to prevent communication with known CnC servers. The other options either involve antivirus profiles, which are not primarily designed to handle CnC communications, or URL filtering, which would not adequately address the issue at hand.