PCNSE Exam - Question 559

Answer is B. WildFire Virus is a sub-type of the AV signatures. Data Filtering allowed the flash file but it was blocked by the AV signatures as a known WildFire Virus.

it is B. Type Wildfire tells what is the cached verdict (malicious in this case with an action of block). Type wildfire-virus tells what actually the antivirus engine did to the traffic

I think D because WildFire does not stop the file from being downloaded

I have guessed D

Answer is B. Wildfire-virus is a subtype used for wildfire signatures delivered using wildfire signature database, to differentiate from regular anti-virus signatures. In short, AV signatures are identified using subtype virus. Wildfire signatures are identified using subtype wildfire-virus. Source: https://live.paloaltonetworks.com/t5/general-topics/question-about-threat-logs-type-wildfire-virus/td-p/63337

This was on the exam September 2023, I would suggest knowing this one.

This question was on exam in June 24.

i think it was not allowed

OPtion D, The first file was downloaded, the wildfire verdict came later to block it, later.

i had this one in December 2023. i think it is A but i am not shure and whould like to know.

Have to be D surely? I cannot seem to find a definitive answer on Palo Alto!

I Think the below Article could be of help: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000008UshCAE&lang=en_US%E2%80%A9

I think D

(A) maybe but I could be wrong. "did the end user successfully downloaded file?" - technically YES. "It takes about 10 to 15 minutes to download the signature by WF dynamic update, no signature, no blocking" - per screenshot, primarily action is set to "allow". If no other means was used for mitigating this, then yes, the file was downloaded then probably mitigated later after WF sends its update

What's the correct answer?

The initial entry is UL set to allow and then file, also set to allow. It wasn't ID'd as a virus until after the file was downloaded