Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Palo Alto Networks Exam PCNSC Topic 5 Question 66 Discussion

Actual exam question for Palo Alto Networks's Palo Alto Networks Certified Network Security Consultant exam
Question #: 66
Topic #: 5
[All Palo Alto Networks Certified Network Security Consultant Questions]

When a malware-infected host attempts to resolve a known command-and-control server, the traffic matches a security policy with DNS sinhole enabled, generating a traffic log.

What will be the destination IP Address in that log entry?

Show Suggested Answer Hide Answer
Suggested Answer: C

https://live.paloaltonetworks.com/t5/Management-Articles/How-to-Verify-DNS-Sinkhole-Function-is-Working/ta-p/65864


by Deandrea at Dec 08, 2023, 10:57 PM

Limited Time Offer

25%

Off

Get Premium PCNSC Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Clemencia
24 days ago
Hmm, that's a good point. I didn't consider that possibility. But wouldn't that mean the traffic would still be routed to an external server, rather than being completely sinkholed? I'm leaning more towards C, just to be safe.
upvoted 0 times
...
Raylene
25 days ago
I'm not so sure about that. What if the sinkhole is configured to use the IP address of one of the external DNS servers identified in the anti-spyware database? Wouldn't that be D then?
upvoted 0 times
Lawrence
6 days ago
Good point. In that case, it would be C.
upvoted 0 times
...
Cammy
7 days ago
But what if the sinkhole is specifically configured to use its own IP address?
upvoted 0 times
...
Luis
8 days ago
I think it would be D then.
upvoted 0 times
...
Nilsa
9 days ago
D) The IP Address of one of the external DNS servers identified in the anti-spyware database
upvoted 0 times
...
Lon
10 days ago
C) The IP Address specified in the sinkhole configuration
upvoted 0 times
...
Jean
11 days ago
B) The IP Address of the command-and-control server
upvoted 0 times
...
Catherin
12 days ago
A) The IP Address of sinkhole.paloaltonetworks.com
upvoted 0 times
...
...
Avery
26 days ago
Yeah, I agree with you. The sinkhole is designed to redirect the malware-infected host's traffic to a specific IP address, so C seems like the logical choice here. It's a pretty straightforward question, but I'm sure the exam will have some trickier ones too.
upvoted 0 times
...
Tamar
27 days ago
Hmm, this question seems to be testing our understanding of how DNS sinkholing works. I'm pretty sure the answer is C, the IP address specified in the sinkhole configuration. That's where the traffic would get redirected to, right?
upvoted 0 times
...

Save Cancel