Why would this message appear as an audit?

An administrator sees that a runtime audit has been generated for a Container. The audit message is “DNS resolution of suspicious name wikipedia.com. type A”.

Why would this message appear as an audit?
A . The DNS was not learned as part of the Container model or added to the DNS allow list.
B . This is a DNS known to be a source of malware.
C . The process calling out to this domain was not part of the Container model.
D . The Layer7 firewall detected this as anomalous behavior.

Answer: A

Explanation:

The runtime audit message indicating "DNS resolution of suspicious name wikipedia.com. type A" would appear as an audit because the DNS was not learned as part of the Container model or added to the DNS allow list (option A). In cloud security platforms like Prisma Cloud, runtime protection policies monitor the behavior of running containers and compare it against a learned model of expected behavior. If a container attempts to resolve a DNS name that was not observed during the learning phase or specifically allowed, it triggers an audit event to alert security teams of potentially malicious activity.

Latest PCCSE Dumps Valid Version with 85 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments