Free Preparation Discussions
MENU
Palo Alto Networks Exam NetSec-Generalist Topic 6 Question 12 Discussion
Topic #: 6
Which Cloud-Delivered Security Services (CDSS) solution is required to configure and enable Advanced DNS Security?
Advanced DNS Security is a Cloud-Delivered Security Services (CDSS) solution that protects against DNS-based threats such as command-and-control (C2) communications, domain generation algorithms (DGAs), and DNS tunneling.
To enable Advanced DNS Security, the Advanced Threat Prevention (ATP) license is required, as it includes:
Real-time threat analysis of DNS queries
Protection against newly registered and malicious domains
Detection and blocking of DNS-based attacks
Why Advanced Threat Prevention is the Correct Answer?
ATP extends beyond traditional DNS filtering by using machine learning to analyze DNS traffic dynamically.
Blocks DNS requests to malicious domains in real-time.
Works in combination with WildFire and Threat Intelligence Cloud to provide up-to-date protection.
Other Answer Choices Analysis
(A) Advanced WildFire -- Provides sandboxing for malware detection, not DNS security.
(B) Enterprise SaaS Security -- Focuses on SaaS application security, not DNS-based threats.
(D) Advanced URL Filtering -- Controls web access, but does not analyze DNS traffic.
Reference and Justification:
Threat Prevention & WildFire -- Advanced Threat Prevention includes DNS Security as a key feature.
Zero Trust Architectures -- Ensures DNS requests are not blindly trusted but verified against threat intelligence.
Thus, Advanced Threat Prevention (C) is the correct answer, as it is required to enable Advanced DNS Security.
Micheline
7 days agoLouvenia
9 days ago