Which type of attack involves sending data packets disguised as queries to a remote server, which then sends the data back to the attacker?
Correct Answer: B
Explanation:
DNS tunneling is an attack technique where data packets are disguised as DNS queries and sent to a remote server. That server, often under the attacker's control, responds with additional data or instructions, effectively creating a covert command-and-control (C2) channel over DNS.
Question 2
An administrator finds multiple gambling websites in the network traffic log. What can be created to dynamically block these websites?
Correct Answer: A
Explanation:
URL categories classify websites based on content type or risk, enabling dynamic policy enforcement such as blocking or allowing access. Administrators can create custom URL categories to group sites like gambling domains and apply blocking rules across the firewall infrastructure. Palo Alto Networks firewalls leverage URL categorization combined with threat intelligence to provide granular web filtering, reducing exposure to malicious or unwanted sites. This dynamic grouping approach is more manageable and scalable than creating individual signatures or static lists and allows for automated policy application aligned with organizational compliance requirements.
Question 3
Which two workflows are improved by integrating SIEMs with other security solutions? (Choose two.)
Correct Answer: B, D
Explanation:
Log normalization – SIEMs standardize log formats from various sources, making it easier to analyze and correlate security events. Incident response – Integration enables faster detection, investigation, and automated or guided response to security incidents by using correlated data from multiple tools. Hardware procurement and security team training are not directly influenced by SIEM integration.
Demo Practice Mode
You are viewing only the questions marked as Demo.