Examice

Exam PCNSE All QuestionsBrowse all questions from this exam

Question 585

Following a review of firewall logs for traffic generated by malicious activity, how can an administrator confirm that WildFire has identified a virus?

By navigating to Monitor > Logs > Traffic, applying filter “(subtype eq virus)”

By navigating to Monitor > Logs > Threat, applying filter “(subtype eq virus)”

By navigating to Monitor > Logs > Threat, applying filter “(subtype eq wildfire-virus)”

By navigating to Monitor > Logs > WildFire Submissions, applying filter “(subtype eq wildfire-virus)”

Correct Answer: D

To confirm that WildFire has identified a virus, the administrator should navigate to Monitor > Logs > WildFire Submissions and apply the filter 'subtype eq wildfire-virus'. This ensures that the logs being reviewed are specifically for threats identified by the WildFire service, which uses the subtype 'wildfire-virus' to differentiate from regular anti-virus signatures identified by the 'virus' subtype.

Discussion

jaypogi16Option: C

https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/monitoring/use-syslog-for-monitoring/syslog-field-descriptions/threat-log-fields

poiuytrOption: C

"wildfire-virus is a subtype used for wildfire signatures delivered using wildfire signature database, to differentiate from regular anti-virus signatures. In short, AV signatures are identified using subtype virus. Wildfire signatures are identified using subtype wildfire-virus."

nebulanerdOption: C

wildfire-virus is a subtype used for wildfire signatures delivered using wildfire signature database, to differentiate from regular anti-virus signatures. In short, AV signatures are identified using subtype virus. Wildfire signatures are identified using subtype wildfire-virus.