exam questions

Exam PCNSE All Questions

View all questions & answers for the PCNSE exam

Exam PCNSE topic 1 question 559 discussion

Actual exam question from Palo Alto Networks's PCNSE
Question #: 559
Topic #: 1
[All PCNSE Questions]

Given the following snippet of a WildFire submission log, did the end user successfully download a file?

  • A. Yes, because the final action is set to "allow."
  • B. No, because the action for the wildfire-virus is "reset-both."
  • C. No, because the URL generated an alert.
  • D. Yes, because both the web-browsing application and the flash file have the "alert" action.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
SRowe
Highly Voted 1 year, 4 months ago
Selected Answer: B
Answer is B. WildFire Virus is a sub-type of the AV signatures. Data Filtering allowed the flash file but it was blocked by the AV signatures as a known WildFire Virus.
upvoted 10 times
...
hcir
Highly Voted 1 year, 2 months ago
it is B. Type Wildfire tells what is the cached verdict (malicious in this case with an action of block). Type wildfire-virus tells what actually the antivirus engine did to the traffic
upvoted 5 times
...
JackyCCK
Most Recent 4 months, 3 weeks ago
Selected Answer: B
virus not wildfire gives its verdict
upvoted 1 times
...
kewokil120
6 months, 3 weeks ago
Selected Answer: D
first user got the file. 5-10 mins later WF said it was virus. Users after the 5-10minutes will be blocked.
upvoted 1 times
...
juankparra90
9 months, 2 weeks ago
URL profile action alert. File Profile action alert. AV and Wildfire action Reset-both Policy Action Allow. Content Inspection overrides the policy action meaning the answer is B.
upvoted 2 times
...
Moadil_001
10 months ago
Selected Answer: B
Based on the WildFire submission log provided, let's break down the sequence: TYPE: end - The action is allow. TYPE: wildfire - The action is block with a verdict: malicious. TYPE: wildfire-virus - The action is reset-both. TYPE: virus - The action is reset-both. TYPE: file - The action is alert. TYPE: url - The action is alert. Key points: The log shows multiple actions taken on the file. The wildfire-virus entry has the action reset-both, which means the connection was reset, preventing the download from completing. Although the initial end type has an action of allow, subsequent security measures like the reset-both action for the wildfire-virus and virus types indicate that the download was interrupted. Given this, the correct answer is: B. No, because the action for the wildfire-virus is "reset-both."
upvoted 1 times
...
thelittleyellowbirdie
10 months, 3 weeks ago
this question was in my exam 09/08/2024
upvoted 3 times
...
betko
1 year ago
This question was on exam in June 24.
upvoted 2 times
...
Thunnu
1 year, 4 months ago
What's the correct answer?
upvoted 2 times
...
jayessarre
1 year, 5 months ago
(A) maybe but I could be wrong. "did the end user successfully downloaded file?" - technically YES. "It takes about 10 to 15 minutes to download the signature by WF dynamic update, no signature, no blocking" - per screenshot, primarily action is set to "allow". If no other means was used for mitigating this, then yes, the file was downloaded then probably mitigated later after WF sends its update
upvoted 2 times
...
Marshpillowz
1 year, 5 months ago
Selected Answer: D
I think D
upvoted 1 times
...
Merlin0o
1 year, 5 months ago
Selected Answer: D
I Think the below Article could be of help: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000008UshCAE&lang=en_US%E2%80%A9
upvoted 1 times
Merlin0o
1 year, 5 months ago
Also see: https://www.youtube.com/watch?v=xK8cRFCVlrQ&list=PLD6FJ8WNiIqUnbuVfcoa2fXh_rcIgcIwX&index=3
upvoted 1 times
...
...
franko_72
1 year, 6 months ago
Have to be D surely? I cannot seem to find a definitive answer on Palo Alto!
upvoted 1 times
...
omgt2k2
1 year, 6 months ago
Selected Answer: A
i had this one in December 2023. i think it is A but i am not shure and whould like to know.
upvoted 1 times
...
franko_72
1 year, 6 months ago
This was on the exam September 2023, I would suggest knowing this one.
upvoted 2 times
...
joquin0020
1 year, 7 months ago
Selected Answer: D
OPtion D, The first file was downloaded, the wildfire verdict came later to block it, later.
upvoted 1 times
...
skullomania
1 year, 7 months ago
Selected Answer: B
Answer is B. Wildfire-virus is a subtype used for wildfire signatures delivered using wildfire signature database, to differentiate from regular anti-virus signatures. In short, AV signatures are identified using subtype virus. Wildfire signatures are identified using subtype wildfire-virus. Source: https://live.paloaltonetworks.com/t5/general-topics/question-about-threat-logs-type-wildfire-virus/td-p/63337
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...