Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Palo Alto Networks Exam PCNSC Topic 1 Question 70 Discussion

Actual exam question for Palo Alto Networks's PCNSC exam
Question #: 70
Topic #: 1
[All PCNSC Questions]

When a malware-infected host attempts to resolve a known command-and-control server, the traffic matches a security policy with DNS sinhole enabled, generating a traffic log.

What will be the destination IP Address in that log entry?

Show Suggested Answer Hide Answer

Contribute your Thoughts:

Peggie
6 months ago
In that case, I believe the destination IP Address in the log entry would be the IP Address specified in the sinkhole configuration.
upvoted 0 times
...
Amber
7 months ago
But what if the IP Address specified in the sinkhole configuration is different?
upvoted 0 times
...
Kati
7 months ago
I agree with you, Corinne. The traffic matches the security policy with DNS sinkhole enabled.
upvoted 0 times
...
Corinne
7 months ago
I think the destination IP Address will be the IP Address of sinkhole.paloaltonetworks.com.
upvoted 0 times
...
Shawana
8 months ago
Haha, you guys are really overthinking this. It's obviously C - the IP address specified in the sinkhole configuration. The sinkhole is where the traffic is being redirected, so that's what's going to be logged.
upvoted 0 times
Rosalia
7 months ago
I see your point. It does make sense that the IP address specified in the sinkhole configuration is what would be logged.
upvoted 0 times
...
Allene
8 months ago
No, it wouldn't be the command-and-control server's IP address. It's definitely the one specified in the sinkhole configuration.
upvoted 0 times
...
Janna
8 months ago
I think it might actually be the IP address of the command-and-control server that is logged.
upvoted 0 times
...
Carey
8 months ago
But the traffic is redirected to the sinkhole, so it makes sense that its IP address will be logged.
upvoted 0 times
...
Charlena
8 months ago
No, it will be the IP address of the sinkhole.paloaltonetworks.com.
upvoted 0 times
...
Selene
8 months ago
The destination IP address in the log entry will be the IP address specified in the sinkhole configuration.
upvoted 0 times
...
...
Carlton
8 months ago
I'm not so sure about that, Sanjuana. If the traffic is being redirected to the sinkhole, then I think the log would show the IP address of the sinkhole, which is C. That's my guess.
upvoted 0 times
...
Sanjuana
8 months ago
I'm leaning towards B - the IP address of the command-and-control server. That's the original destination the malware-infected host was trying to reach, so I think that's what would be logged.
upvoted 0 times
...
Jesus
8 months ago
Hmm, this is an interesting one. I'm not entirely sure, but I think the answer might be C - the IP address specified in the sinkhole configuration. That makes the most sense to me, since the traffic is being redirected to the sinkhole.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77