Palo Alto Networks Exam PSE-Platform Topic 3 Question 80 Discussion

Actual exam question for Palo Alto Networks's PSE-Platform exam

Question #: 80
Topic #: 3

DNS sinkholing helps identify infected hosts on the protected network using DNS traffic in situations where the firewall cannot see the infected client's DNS query (that is, the firewall cannot see the originator of DNS query)

Which of the following Statements is true?

ADNS Sinkholing requires the Vulnerability Protection Profile be enabled.

BSinkholing malware DNS queries solves this visibilty problem by forging responses to the client host queries directed at fake domains created in a controlled 'Fake Internet' called Zanadu which designed for testing and honeypots.

CInfected hosts can then be easily identified in the traffic logs because any host that attempts to connect the sinkhole IP address are most likely infected with malware.

DDNS Sinkholing requires a license SinkHole license in order to activate.

Show Suggested Answer

Suggested Answer: A

by Jacqueline at Feb 07, 2025, 03:04 PM

Limited Time Offer

25%

Off

Get Premium PSE-Platform Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Rosenda

3 days ago

A is definitely wrong - the Vulnerability Protection Profile has nothing to do with DNS sinkholing. Sounds like someone just threw that in there to confuse us.

upvoted 0 times

...

Tyisha

6 days ago

D can't be right, why would you need a special license just to set up a sinkhole? That's overkill.

upvoted 0 times

...

Tonette

14 days ago

B seems like the most comprehensive explanation of how DNS sinkholing works to identify infected hosts. I like the mention of the 'Fake Internet' - sounds like a fun place to explore!

upvoted 0 times