Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Palo Alto Networks Exam PCNSC Topic 1 Question 77 Discussion

Actual exam question for Palo Alto Networks's PCNSC exam
Question #: 77
Topic #: 1
[All PCNSC Questions]

When a malware-infected host attempts to resolve a known command-and-control server, the traffic matches a security policy with DNS sinhole enabled, generating a traffic log.

What will be the destination IP Address in that log entry?

Show Suggested Answer Hide Answer

Contribute your Thoughts:

Bettina
6 months ago
If the sinkhole is enabled, the destination IP should be the one specified in the configuration. So, C is the answer. Although, I'd love to know who came up with the term 'sinkhole' - must have been a security professional with a twisted sense of humor.
upvoted 0 times
...
Lawanda
6 months ago
I agree with Veronika. The traffic matches a security policy with DNS sinkhole enabled, so it makes sense that the destination IP Address would be the sinkhole IP Address.
upvoted 0 times
...
Merlyn
6 months ago
I'm feeling adventurous, so I'm going to go with D. It's the wildcard answer, but hey, maybe the security team is feeling extra sneaky today!
upvoted 0 times
...
Jeanice
6 months ago
Hmm, I'm torn between A and C. But I'll go with C since it seems like the most logical choice. Although, with security, you never know what kind of crazy stuff they might pull...
upvoted 0 times
...
Kaitlyn
6 months ago
I'm going with B. The log would show the IP Address of the original command-and-control server, not some sinkhole trickery.
upvoted 0 times
Dana
6 months ago
I'm going with B. The log would show the IP Address of the original command-and-control server, not some sinkhole trickery.
upvoted 0 times
...
Shelba
6 months ago
B) The IP Address of the command-and-control server
upvoted 0 times
...
Ashlyn
6 months ago
A) The IP Address of sinkhole.paloaltonetworks.com
upvoted 0 times
...
...
Veronika
6 months ago
I think the destination IP Address will be the IP Address of sinkhole.paloaltonetworks.com.
upvoted 0 times
...
Genevive
6 months ago
The answer is clearly C. The IP Address specified in the sinkhole configuration is the one that would be logged. Duh!
upvoted 0 times
Latia
5 months ago
C) The IP Address specified in the sinkhole configuration
upvoted 0 times
...
Rickie
5 months ago
A) The IP Address of sinkhole.paloaltonetworks.com
upvoted 0 times
...
Hortencia
5 months ago
C) The IP Address specified in the sinkhole configuration
upvoted 0 times
...
Long
5 months ago
A) The IP Address of sinkhole.paloaltonetworks.com
upvoted 0 times
...
Lashanda
6 months ago
C) The IP Address specified in the sinkhole configuration
upvoted 0 times
...
Noelia
6 months ago
A) The IP Address of sinkhole.paloaltonetworks.com
upvoted 0 times
...
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77