A customer sees unusually high DNS traffic to an unfamiliar IP address.

Paloalto Networks PSE-Strata-Pro-24 Full Course Access

Paloalto Networks PSE-Strata-Pro-24 View All Questions

Paloalto Networks PSE-Strata-Pro-24 Question Answer

A customer sees unusually high DNS traffic to an unfamiliar IP address. Which Palo Alto Networks Cloud-Delivered Security Services (CDSS) subscription should be enabled to further inspect this traffic?

Advanced Threat Prevention

Advanced WildFire

Advanced URL Filtering

Advanced DNS Security

Explanation:

The appropriate CDSS subscription to inspect and mitigate suspicious DNS traffic isAdvanced DNS Security. Here’s why:

Advanced DNS Securityprotects against DNS-based threats, including domain generation algorithms (DGA), DNS tunneling (often used for data exfiltration), and malicious domains used in attacks. It leverages machine learning to detect and block DNS traffic associated with command-and-control servers or other malicious activities. In this case, unusually high DNS traffic to an unfamiliar IP address is likely indicative of a DNS-based attack or malware activity, making this the most suitable service.

Option A:Advanced Threat Prevention (ATP) focuses on identifying and blocking sophisticated threats in network traffic, such as exploits and evasive malware. While it complements DNS Security, it does not specialize in analyzing DNS-specific traffic patterns.

Option B:Advanced WildFire focuses on detecting and preventing file-based threats, such as malware delivered via email attachments or web downloads. It does not provide specific protection for DNS-related anomalies.

Option C:Advanced URL Filtering is designed to prevent access to malicious or inappropriate websites based on their URLs. While DNS may be indirectly involved in resolving malicious websites, this service does not directly inspect DNS traffic patterns for threats.

Option D (Correct):Advanced DNS Security specifically addresses DNS-based threats. By enabling this service, the customer can detect and block DNS queries to malicious domains and investigate anomalous DNS behavior like the high traffic observed in this scenario.

How to Enable Advanced DNS Security:

Ensure the firewall has a valid Advanced DNS Security license.

Navigate toObjects > Security Profiles > Anti-Spyware.

Enable DNS Security under the "DNS Signatures" section.

Apply the Anti-Spyware profile to the relevant Security Policy to enforce DNS Security.

References:

Palo Alto Networks Advanced DNS Security Overview: https://www.paloaltonetworks.com/dns-security

Best Practices for DNS Security Configuration.

PSE-Strata-Pro-24 PDF/Engine