Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 106

A firewall administrator has been asked to configure a Palo Alto Networks NGFW to prevent against compromised hosts trying to phone-home or beacon out to external command-and-control (C2) servers.
Which Security Profile type will prevent these behaviors?

Answer options

Correct answer: A

Explanation

The correct answer is A, Anti-Spyware, as it specifically targets and prevents spyware and similar threats from establishing connections with C2 servers. Options B (WildFire) focuses on advanced malware analysis, C (Vulnerability Protection) addresses system vulnerabilities, and D (Antivirus) is designed to detect and block viruses, but none of these options are specifically aimed at blocking C2 communications like Anti-Spyware does.