Examice

Exam PCNSE All QuestionsBrowse all questions from this exam

Go to Exam

Question 559

Given the following snippet of a WildFire submission log, did the end user successfully download a file?

Yes, because the final action is set to "allow."

No, because the action for the wildfire-virus is "reset-both."

No, because the URL generated an alert.

Yes, because both the web-browsing application and the flash file have the "alert" action.

Correct Answer: B

The final action taken in the WildFire submission log is a reset-both action for the wildfire-virus type, indicating that the traffic for this file was reset. Additionally, the wildfire type shows that the file was deemed malicious. These reset actions typically mean that the connection was terminated to prevent the file from being successfully downloaded by the end user. Therefore, the end user did not successfully download the file.

Discussion

SRoweOption: B

Answer is B. WildFire Virus is a sub-type of the AV signatures. Data Filtering allowed the flash file but it was blocked by the AV signatures as a known WildFire Virus.

hcirOption: B

it is B. Type Wildfire tells what is the cached verdict (malicious in this case with an action of block). Type wildfire-virus tells what actually the antivirus engine did to the traffic

regnojispiOption: D

I think D because WildFire does not stop the file from being downloaded

betko

This question was on exam in June 24.

franko_72

This was on the exam September 2023, I would suggest knowing this one.

skullomaniaOption: B

Answer is B. Wildfire-virus is a subtype used for wildfire signatures delivered using wildfire signature database, to differentiate from regular anti-virus signatures. In short, AV signatures are identified using subtype virus. Wildfire signatures are identified using subtype wildfire-virus. Source: https://live.paloaltonetworks.com/t5/general-topics/question-about-threat-logs-type-wildfire-virus/td-p/63337

Merlin0oOption: D

I have guessed D

8f3e6caOption: D

The initial entry is UL set to allow and then file, also set to allow. It wasn't ID'd as a virus until after the file was downloaded

Thunnu

What's the correct answer?

jayessarreOption: A

(A) maybe but I could be wrong. "did the end user successfully downloaded file?" - technically YES. "It takes about 10 to 15 minutes to download the signature by WF dynamic update, no signature, no blocking" - per screenshot, primarily action is set to "allow". If no other means was used for mitigating this, then yes, the file was downloaded then probably mitigated later after WF sends its update

MarshpillowzOption: D

I think D

Merlin0oOption: D

I Think the below Article could be of help: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000008UshCAE&lang=en_US%E2%80%A9

Merlin0o

Also see: https://www.youtube.com/watch?v=xK8cRFCVlrQ&list=PLD6FJ8WNiIqUnbuVfcoa2fXh_rcIgcIwX&index=3

franko_72Option: D

Have to be D surely? I cannot seem to find a definitive answer on Palo Alto!

omgt2k2Option: A

i had this one in December 2023. i think it is A but i am not shure and whould like to know.

joquin0020Option: D

OPtion D, The first file was downloaded, the wildfire verdict came later to block it, later.

dgonzOption: B

i think it was not allowed