Which administrator receives a global notification for a new malware that infects hosts. The infection will result in the infected host attempting to contact and command-and-control (C2) server. Which security profile components will detect and prevent this threat after the firewall`s signature database has been updated?
A. antivirus profile applied to outbound security policies
B. data filtering profile applied to inbound security policies
C. data filtering profile applied to outbound security policies
D. vulnerability profile applied to inbound security policies
|
Download Printable PDF. VALID exam to help you PASS. |
 |
Vulnerability Protection profiles stop attempts to exploit system flaws or gain unauthorized access to systems. While Anti-Spyware profiles help identify infected hosts as traffic leaves the network, Vulnerability Protection profiles protect against threats entering the network. For example, Vulnerability Protection profiles help protect against buffer overflows, illegal code execution, and other attempts to exploit system vulnerabilities. The default Vulnerability Protection profile protects clients and servers from all known critical, high, and medium-severity threats. You can also create exceptions, which allow you to change the response to a specific signature.
An administrator receives a global notification for a new malware that infects hosts. The infection will result in the infected host attempting to contact a command-and-control (C2) server. Which two security profile components will detect and prevent this threat after the firewall’s signature database has been updated? (Choose two.)
A. vulnerability protection profile applied to outbound security policies
B. anti-spyware profile applied to outbound security policies
C. antivirus profile applied to outbound security policies
D. URL filtering profile applied to outbound security policies
Answer: BD
https://docs.paloaltonetworks.com/pan-os/7-1/pan-os-admin/policy/create-best-practice-security-profiles
sit the exam today at 1030…. ill go with URL filtering…..
What did you answer and how was your exam?
I’m taking my exam today @1515
have a question… if you are notified about the malware phoning home, wouldnt you want to block the url?
Data filtering -Identifies and blocks transfer of specific data patterns found in network traffic.
File and data filtering
File and data filtering takes advantage of in-depth application inspection and enables enforcement of policies that reduce the risk of unauthorized information transfer or malware propagation. File and data filtering capabilities in Content-ID include:
File blocking by type: Control the flow of a wide range of file types by looking deep within the payload to identify the file type (as opposed to looking only at the file extension)
Data filtering: Control the transfer of sensitive data patterns such as credit card numbers and Social Security numbers in application content or attachments
File transfer function control: Control the file transfer functionality within an individual application, which allows application use while preventing undesired inbound or outbound file transfer
Antivirus: Includes new and updated antivirus signatures, including WildFire signatures and automatically-generated command-and-control (C2) signatures. WildFire signatures detect malware seen first by firewalls from around the world.
out of the possible answers wouldnt “A” be the best answer?
ATTENTION!!!
The PCNSA exam questions on this site are not the NEWEST!!!
A lot of new questions are NOT available.
I just found some new PCNSA exam questions updated recently from Google Drive:
https://drive.google.com/open?id=16DQh9LWdplYlLH7eFazdnYukCBNu351Y
Just FYI.
If you have some helpful PCNSA study materials, please kindly sharing.
Let’s help each other, thanks in advance!!!
They are just the same questions
Antivirus: Includes new and updated antivirus signatures, including WildFire signatures and automatically-generated command-and-control (C2) signatures. WildFire signatures detect malware seen first by firewalls from around the world.
After Reading this link it look like the correct answers should be:
AntiSpyware and or URL Filtering they both block traffic for Command and Control Server(C2)
https://docs.paloaltonetworks.com/pan-os/7-1/pan-os-admin/policy/best-practice-internet-gateway-security-policy/create-best-practice-security-profiles
After Reading this link it look like the correct answers should be:
AntiSpyware and or URL Filtering they both block traffic for Command and Control Server(C2)
https://docs.paloaltonetworks.com/pan-os/7-1/pan-os-admin/policy/best-practice-internet-gateway-security-policy/create-best-practice-security-profiles
Anti-Spyware profiles blocks spyware on compromised hosts from trying to phone-home or beacon out to external command-and-control (C2) servers.
This question has several perspectives, but which most fits the context is Antivirus, because Antivirus profiles protect against viruses, worms, and trojans as well as spyware downloads, using a stream-based malware prevention engine.
this question is repeated with 2 different option. so it should be C as the other 2 options were not true for the other questions.
The correct answer is A because “after the firewall`s signature database has been updated”
I think Vulnerability Protection
At should be anti-spyware and URL filering profiles for OUTBOUND