Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Palo Alto Networks Exam PSE-Endpoint Topic 2 Question 69 Discussion

Actual exam question for Palo Alto Networks's PSE-Endpoint exam
Question #: 69
Topic #: 2
[All PSE-Endpoint Questions]

A customer plans to test the malware prevention capabilities of Traps. It has defined this policy.

* Local analysis is enabled

* Quarantining of malicious files is enabled

* Files are to be uploaded to WildFire

No executables have been whitelisted or blacklisted in the ESM Console Hash Control screen.

Malware sample A has a verdict of Malicious in the WildFire service. Malware sample B is unknown to WildFire.

Which behavior will result?

Show Suggested Answer Hide Answer
Suggested Answer: B

by Ilona at Jul 13, 2024, 09:45 AM

Limited Time Offer

25%

Off

Get Premium PSE-Endpoint Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Gary
3 months ago
Haha, I bet the guy who wrote option C is the same one who thought it was a good idea to let the unknown sample through. What a rookie mistake!
upvoted 0 times
Viki
2 months ago
Yeah, option C is a bit of a gamble. It's better to play it safe when it comes to malware prevention.
upvoted 0 times
...
Gaynell
2 months ago
I agree, option C seems like a dangerous choice. It's important to have proper security measures in place.
upvoted 0 times
...
Rasheeda
2 months ago
Option C is definitely a risky move. Letting unknown samples through is a big no-no.
upvoted 0 times
...
...
Colette
3 months ago
Woah, C is definitely wrong. There's no way the unknown sample B would compromise the endpoint if ESM hasn't got the signatures yet. That's just crazy talk!
upvoted 0 times
Galen
2 months ago
B) Hash Control already knows sample A locally in the endpoint cache and will block it. Sample B will not be blocked by WildFire, but will be blocked by the local analysis engine.
upvoted 0 times
...
Peggy
3 months ago
A) WildFire will block sample A as known malware; sample B will be blocked as an unknown binary while the file is analyzed by WildFire for a final verdict.
upvoted 0 times
...
...
Pura
3 months ago
Hmm, I'm not sure about this one. I think B might be the right answer, since the endpoint cache should already know about sample A.
upvoted 0 times
...
Bettina
3 months ago
But if WildFire already knows sample A as malicious, it should block it immediately, right?
upvoted 0 times
...
Broderick
3 months ago
I think the correct answer is D. WildFire will block the known malware, while the unknown sample will be evaluated by the local analysis engine until WildFire provides a final verdict.
upvoted 0 times
Terrilyn
2 months ago
Definitely, having multiple layers of protection is key in malware prevention.
upvoted 0 times
...
Leota
2 months ago
That makes sense. It's important to rely on both WildFire and local analysis.
upvoted 0 times
...
Dick
3 months ago
Yes, I agree. WildFire will block the known malware and evaluate the unknown sample.
upvoted 0 times
...
Tijuana
3 months ago
I think the correct answer is D.
upvoted 0 times
...
...
Lynette
4 months ago
I disagree, I believe the correct answer is D.
upvoted 0 times
...
Bettina
4 months ago
I think the answer is A.
upvoted 0 times
...

Save Cancel