Given the following snippet of a WildFire submission log, did the end-user get access to the requested information and why or why not?
Given the following snippet of a WildFire submission log, did the end-user get access to the requested information and why or why not?
In the provided WildFire submission log, the action column indicates whether the firewall allowed or blocked the request. Since the action is set to 'allow' for the WildFire entries, this means the end-user received access to the requested information. The verdict of 'malicious' does not override the specified action in this context.
Going to go with B https://live.paloaltonetworks.com/t5/general-topics/wildfire-submission-entries-with-severity-high-showing-action/td-p/143516
B is the answer
Answer is B. "The Action column indicates whether the firewall allowed or blocked the sample." https://docs.paloaltonetworks.com/advanced-wildfire/administration/monitor-wildfire-activity/view-wildfire-logs-and-analysis-reports#idc0fcf921-6745-4e38-8599-f8d9b5f88c58
The above link clears any doubt with the action "allow".
Answer is B. With the Wildfire subscription you can have Inline Machine Learning for further analysis of the threat samples and the time for getting a verdict of the sample is within the same day but between 10 t 15 min. With no license, you can still get the verdict but within 24 hrs. However, the verdict of Wildfire is independent of the action of the security rule. if it is set to alert or allow, it will allow the traffic even if the verdict is malicious due that is not instant process ( which means in real -time the traffic won't get block ) now , this is a nasty question due that the columns has file and wildfire , for the wildfire rows , we have allow as an action and " allow" doesn't log any of the traffic but alert yes. I'll stick with B
Answer is B. The submission logs include details about a given sample, including the following information: 1) The Verdict column indicates whether the sample is benign, malicious, phishing, or grayware. 2) The Action column indicates whether the firewall allowed or blocked the sample. 3) The Severity column indicates how much of a threat a sample poses to an organization using the following values: critical, high, medium, low, and informational. The values for the severity levels are determined by a combination of verdict and action values. For example, High is a result of a malicious sample with the action set to allow.
On the exam July 2023
The answer is B. Look at kewokil120's link.
I presume it is C. because the verdict is still malicious. WildFire Submission [Logs] verdict is "malicious" and traffic is "allowed", while configured action is "blocked" See TAKUM1y link.
I presume it is C. because the verdict is still malicious. WildFire Submission [Logs] verdict is "malicious" and traffic is "allowed", while configured action is "blocked" See TAKUM1y link.
you can allow it yet its malicious, so B is correct, once you allow something everything else doesnt matter
Also going with B , below link somewhat explains it https://live.paloaltonetworks.com/t5/threat-vulnerability-discussions/wildfire-not-blocking-file-with-malicious-verdict/td-p/203905
Tricky. I think it's B because it's about the WildFire Submissions log. There is no column for "Type" file.
The answer is B
B) The Verdict column indicates whether the sample is benign, malicious, phishing, or grayware. The Action column indicates whether the firewall allowed or blocked the sample.
B is the answer
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000008UshCAE&lang=en_US%E2%80%A9
B : https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000008UshCAE&lang=en_US%E2%80%A9