Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 612

A network administrator notices there is a false-positive situation after enabling Security profiles. When the administrator checks the threat prevention logs, the related signature displays: threat type: spyware category: dns-c2 threat ID: 1000011111
Which set of steps should the administrator take to configure an exception for this signature?

Answer options

• A. Navigate to Objects > Security Profiles > Anti-Spyware Select related profile Select the signature exceptions tab and then click show all signatures Search related threat ID and click enable Change the default action Commit
• B. Navigate to Objects > Security Profiles > Anti-Spyware Select related profile Select the Exceptions tab and then click show all signatures Search related threat ID and click enable Commit
• C. Navigate to Objects > Security Profiles > Vulnerability Protection Select related profile Select the Exceptions tab and then click show all signatures Search related threat ID and click enable Commit
• D. Navigate to Objects > Security Profiles > Anti-Spyware Select related profile Select DNS exceptions tabs Search related threat ID and click enable Commit

Correct answer: D

Explanation

The correct answer is D because it specifically addresses configuring an exception for a DNS-related spyware signature in the Anti-Spyware profile. Options A and B do not refer to DNS exceptions, which are necessary for this particular threat type, while option C pertains to Vulnerability Protection, which is not relevant to the spyware category in question.