What are two benefits of the sinkhole Internet Protocol (IP) address that DNS Security sends to the client in place of malicious IP addresses? (Choose two.)
A.
The client communicates with it instead of the malicious IP address
B.
It represents the remediation server that the client should visit for patching
C.
It will take over as the new DNS resolver for that client and prevent further DNS requests from occurring in the meantime
D.
In situations where the internal DNS server is between the client and the firewall, it gives the firewall the ability to identify the clients who originated the query to the malicious domain
The sinkhole IP address provided by DNS Security serves two main benefits:
Client Communication (A): When the client communicates with the sinkhole IP address instead of the malicious IP address, it prevents the client from establishing a connection with the malicious server. This helps in protecting the client from potential harm and disrupts the malicious activity.
Client Identification (D): If the internal DNS server is positioned between the client and the firewall, the sinkhole IP address allows the firewall to identify which clients are attempting to access the malicious domain. This information is critical for administrators to take further action, such as cleaning the infected devices and enhancing security policies.
References:
Palo Alto Networks, DNS Security and Sinkhole Configuration documentation.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit