U.S. Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Palo Alto Networks PSE-Platform Exam - Topic 3 Question 80 Discussion

DNS sinkholing helps identify infected hosts on the protected network using DNS traffic in situations where the firewall cannot see the infected client's DNS query (that is, the firewall cannot see the originator of DNS query)Which of the following Statements is true?
A) DNS Sinkholing requires the Vulnerability Protection Profile be enabled.
B) Sinkholing malware DNS queries solves this visibilty problem by forging responses to the client host queries directed at fake domains created in a controlled 'Fake Internet' called Zanadu which designed for testing and honeypots.
C) Infected hosts can then be easily identified in the traffic logs because any host that attempts to connect the sinkhole IP address are most likely infected with malware.
D) DNS Sinkholing requires a license SinkHole license in order to activate.

Palo Alto Networks PSE-Platform Exam - Topic 3 Question 80 Discussion

Actual exam question for Palo Alto Networks's PSE-Platform exam
Question #: 80
Topic #: 3
[All PSE-Platform Questions]

DNS sinkholing helps identify infected hosts on the protected network using DNS traffic in situations where the firewall cannot see the infected client's DNS query (that is, the firewall cannot see the originator of DNS query)

Which of the following Statements is true?

Show Suggested Answer Hide Answer
Suggested Answer: A

Contribute your Thoughts:

0/2000 characters
Juan
7 months ago
Wait, does sinkholing really need a special license? Sounds sketchy.
upvoted 0 times
...
Marg
7 months ago
Totally agree with C, that's how we catch the bad guys!
upvoted 0 times
...
Graciela
7 months ago
A is not necessary for sinkholing, just need the right setup.
upvoted 0 times
...
Mila
8 months ago
I think B is a bit off, never heard of a 'Fake Internet' called Zanadu.
upvoted 0 times
...
Lanie
8 months ago
C is definitely true, it's a solid way to spot infected hosts.
upvoted 0 times
...
Jeanice
8 months ago
I vaguely remember something about needing a license for sinkholing, but I can't recall if it was a SinkHole license or something else entirely.
upvoted 0 times
...
Micah
8 months ago
I practiced a similar question about DNS sinkholing, and I feel like the idea of a 'Fake Internet' was mentioned, but I'm not confident about the specifics of Zanadu.
upvoted 0 times
...
King
8 months ago
I think option C sounds familiar because it aligns with how we identify infected hosts in practice questions, but I can't recall the exact details.
upvoted 0 times
...
France
8 months ago
I remember reading that sinkholing helps with visibility issues, but I'm not sure if it specifically requires the Vulnerability Protection Profile to be enabled.
upvoted 0 times
...
Catalina
8 months ago
Ah, I see. DNS sinkholing creates a fake 'Zanadu' internet to redirect and monitor malware traffic. Option B describes that process, so I think that's the right answer.
upvoted 0 times
...
Aimee
8 months ago
The key here is that DNS sinkholing is used to identify infected hosts when the firewall can't see the originating DNS queries. Option C seems to capture that idea well, so I'll go with that.
upvoted 0 times
...
Daniela
8 months ago
Hmm, I'm a bit confused by the details here. I'll need to carefully read through each option and think through the key concepts to make sure I understand before selecting an answer.
upvoted 0 times
...
Dewitt
9 months ago
This question seems straightforward. I'm pretty confident I can identify the correct statement about how DNS sinkholing works.
upvoted 0 times
...
Rosenda
1 year ago
A is definitely wrong - the Vulnerability Protection Profile has nothing to do with DNS sinkholing. Sounds like someone just threw that in there to confuse us.
upvoted 0 times
...
Tyisha
1 year ago
D can't be right, why would you need a special license just to set up a sinkhole? That's overkill.
upvoted 0 times
Holley
1 year ago
C) Infected hosts can then be easily identified in the traffic logs because any host that attempts to connect the sinkhole IP address are most likely infected with malware.
upvoted 0 times
...
Ricki
1 year ago
B) Sinkholing malware DNS queries solves this visibilty problem by forging responses to the client host queries directed at fake domains created in a controlled 'Fake Internet' called Zanadu which designed for testing and honeypots.
upvoted 0 times
...
Ruth
1 year ago
A) DNS Sinkholing requires the Vulnerability Protection Profile be enabled.
upvoted 0 times
...
...
Tonette
1 year ago
B seems like the most comprehensive explanation of how DNS sinkholing works to identify infected hosts. I like the mention of the 'Fake Internet' - sounds like a fun place to explore!
upvoted 0 times
Rolande
1 year ago
User 3: Definitely, it's a clever way to identify infected hosts through DNS traffic.
upvoted 0 times
...
Gearldine
1 year ago
User 2: Yeah, I agree. It's interesting how they use a 'Fake Internet' for testing and honeypots.
upvoted 0 times
...
Cletus
1 year ago
User 1: I think B is the correct answer. It explains how sinkholing works by creating fake domains in a controlled environment.
upvoted 0 times
...
...
Domitila
1 year ago
Option C sounds like the correct answer. Tracing infected hosts through their attempts to connect to the sinkhole IP makes a lot of sense.
upvoted 0 times
Glennis
1 year ago
I agree. It's an effective method to detect malware activity on the network.
upvoted 0 times
...
Charlesetta
1 year ago
Yes, that's right. It's a clever way to identify infected hosts without directly seeing the DNS query originator.
upvoted 0 times
...
Sharmaine
1 year ago
Option C sounds like the correct answer. Tracing infected hosts through their attempts to connect to the sinkhole IP makes a lot of sense.
upvoted 0 times
...
...
Ryan
1 year ago
I'm not sure, but I think the answer might be D.
upvoted 0 times
...
Detra
1 year ago
I disagree, I believe the answer is B.
upvoted 0 times
...
Broderick
1 year ago
I think the answer is C.
upvoted 0 times
...

Save Cancel