PCNSA Exam Dumps - Palo Alto Networks Certified Network Security Administrator (PAN-OS 10.0)

References:

Explanation/Reference:

DNS Security subscription enables users to access real-time protections using advanced predictive analytics. When techniques such as DGA/DNS tunneling detection and machine learning are used, threats hidden within DNS traffic can be proactively identified and shared through an infinitely scalable cloud service. Because the DNS signatures and protections are stored in a cloud-based architecture, you can access the full database of ever-expanding signatures that have been generated using a multitude of data sources. This list of signatures allows you to defend against an array of threats using DNS in real-time against newly generated malicious domains. To combat future threats, updates to the analysis, detection, and prevention capabilities of the DNS Security service will be available through content releases. To access the DNS Security service, you must have a Threat Prevention license and DNS Security license.

Domain Credential detection is the User Credential Detection method that checks for the submission of a valid corporate username and the associated password within a URL Filtering Security profile. This method requires the Windows User-ID agent and the User-ID credential service to be installed on a read-only domain controller (RODC). The firewall can then detect passwords submitted to web pages and compare them with the domain credentials stored on the RODC. If the firewall detects a match, it can block the request, alert the user, or generate a log entry1. References: Configure Credential Detection with the Windows User-ID Agent, Set Up Credential Phishing Prevention, Certifications - Palo Alto Networks, Palo Alto Networks Certified Network Security Administrator (PAN-OS 10.0) or [Palo Alto Networks Certified Network Security Administrator (PAN-OS 10.0)].