PCNSE Exam QuestionsBrowse all questions from this exam
Go to Exam

PCNSE Exam - Question 585

Following a review of firewall logs for traffic generated by malicious activity, how can an administrator confirm that WildFire has identified a virus?

Show Answer
Correct Answer: D

To confirm that WildFire has identified a virus, the administrator should navigate to Monitor > Logs > WildFire Submissions and apply the filter 'subtype eq wildfire-virus'. This ensures that the logs being reviewed are specifically for threats identified by the WildFire service, which uses the subtype 'wildfire-virus' to differentiate from regular anti-virus signatures identified by the 'virus' subtype.

Discussion

3 comments
Sign in to comment
poiuytrOption: C
Apr 3, 2024

"wildfire-virus is a subtype used for wildfire signatures delivered using wildfire signature database, to differentiate from regular anti-virus signatures. In short, AV signatures are identified using subtype virus. Wildfire signatures are identified using subtype wildfire-virus."

jaypogi16Option: C
Apr 3, 2024

https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/monitoring/use-syslog-for-monitoring/syslog-field-descriptions/threat-log-fields

nebulanerdOption: C
Jun 23, 2024

wildfire-virus is a subtype used for wildfire signatures delivered using wildfire signature database, to differentiate from regular anti-virus signatures. In short, AV signatures are identified using subtype virus. Wildfire signatures are identified using subtype wildfire-virus.