U.S. Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Palo Alto Networks PSE-Endpoint Exam - Topic 2 Question 69 Discussion

A customer plans to test the malware prevention capabilities of Traps. It has defined this policy.* Local analysis is enabled* Quarantining of malicious files is enabled* Files are to be uploaded to WildFireNo executables have been whitelisted or blacklisted in the ESM Console Hash Control screen.Malware sample A has a verdict of Malicious in the WildFire service. Malware sample B is unknown to WildFire.Which behavior will result?
B) Hash Control already knows sample A locally in the endpoint cache and will block it. Sample B will not be blocked by WildFire, but will be blocked by the local analysis engine.
A) WildFire will block sample A as known malware; sample B will be blocked as an unknown binary while the file is analyzed by WildFire for a final verdict.
C) WildFire will block sample A as known malware, and sample B will compromise the endpoint because it is new and ESM Server has not obtained the required signatures.
D) WildFire will block sample A as known malware; sample B will not be blocked by WildFire, but will be evaluated by the local analysis engine and will or will not be blocked, based on its verdict, until WildFire analysis determines the final verdict.

Palo Alto Networks PSE-Endpoint Exam - Topic 2 Question 69 Discussion

Actual exam question for Palo Alto Networks's PSE-Endpoint exam
Question #: 69
Topic #: 2
[All PSE-Endpoint Questions]

A customer plans to test the malware prevention capabilities of Traps. It has defined this policy.

* Local analysis is enabled

* Quarantining of malicious files is enabled

* Files are to be uploaded to WildFire

No executables have been whitelisted or blacklisted in the ESM Console Hash Control screen.

Malware sample A has a verdict of Malicious in the WildFire service. Malware sample B is unknown to WildFire.

Which behavior will result?

Show Suggested Answer Hide Answer
Suggested Answer: B

Contribute your Thoughts:

0/2000 characters
Shaunna
7 months ago
Hash Control won't know sample A if it's not whitelisted.
upvoted 0 times
...
Renato
7 months ago
Wait, how can WildFire not block sample B? That sounds risky!
upvoted 0 times
...
Minna
7 months ago
D seems right, local analysis will handle sample B.
upvoted 0 times
...
Tamesha
8 months ago
I think sample B will be blocked too, right?
upvoted 0 times
...
Nell
8 months ago
WildFire blocks known malware like sample A for sure.
upvoted 0 times
...
Golda
8 months ago
I lean towards option D because it mentions both WildFire blocking sample A and local analysis for sample B. That seems to cover all bases.
upvoted 0 times
...
Ceola
8 months ago
I feel like option C is tempting, but I don't think sample B would compromise the endpoint right away. It should be evaluated first, right?
upvoted 0 times
...
Kiera
8 months ago
I think I practiced a similar question where the local analysis engine played a role. If WildFire is still analyzing sample B, it might get blocked by local analysis first.
upvoted 0 times
...
Lucy
8 months ago
I remember that WildFire blocks known malware, so sample A should definitely be blocked. But I'm not sure about sample B since it's unknown.
upvoted 0 times
...
Keneth
8 months ago
This question is testing our understanding of how Traps and WildFire work together. I feel confident I can select the right answer if I carefully analyze each option.
upvoted 0 times
...
Francesco
8 months ago
Based on the information provided, I think option D is the correct answer. WildFire will block the known malware A, while sample B will be evaluated by the local analysis engine until WildFire provides a final verdict.
upvoted 0 times
...
Dawne
9 months ago
Okay, let me think this through step-by-step. We have two malware samples, A and B, and the policy is set to upload files to WildFire. I'll need to consider how WildFire and the local analysis engine will handle each sample.
upvoted 0 times
...
Freeman
9 months ago
This question seems straightforward, but I want to make sure I understand the details correctly before answering.
upvoted 0 times
...
Nida
9 months ago
I'm a bit confused about the role of the ESM Console Hash Control screen. Does that come into play here, or is it just mentioned for context?
upvoted 0 times
...
Louvenia
9 months ago
Okay, let's see. I think the key here is to ensure the data is properly configured and connected in the system. I'll need to double-check the Contact Key and Subscriber Key relationship.
upvoted 0 times
...
Kaycee
9 months ago
Post Office Recurring Deposit at 1 year with interest seems the most logical choice to me.
upvoted 0 times
...
Gary
1 year ago
Haha, I bet the guy who wrote option C is the same one who thought it was a good idea to let the unknown sample through. What a rookie mistake!
upvoted 0 times
Viki
1 year ago
Yeah, option C is a bit of a gamble. It's better to play it safe when it comes to malware prevention.
upvoted 0 times
...
Gaynell
1 year ago
I agree, option C seems like a dangerous choice. It's important to have proper security measures in place.
upvoted 0 times
...
Rasheeda
1 year ago
Option C is definitely a risky move. Letting unknown samples through is a big no-no.
upvoted 0 times
...
...
Colette
1 year ago
Woah, C is definitely wrong. There's no way the unknown sample B would compromise the endpoint if ESM hasn't got the signatures yet. That's just crazy talk!
upvoted 0 times
Galen
1 year ago
B) Hash Control already knows sample A locally in the endpoint cache and will block it. Sample B will not be blocked by WildFire, but will be blocked by the local analysis engine.
upvoted 0 times
...
Peggy
1 year ago
A) WildFire will block sample A as known malware; sample B will be blocked as an unknown binary while the file is analyzed by WildFire for a final verdict.
upvoted 0 times
...
...
Pura
1 year ago
Hmm, I'm not sure about this one. I think B might be the right answer, since the endpoint cache should already know about sample A.
upvoted 0 times
...
Bettina
1 year ago
But if WildFire already knows sample A as malicious, it should block it immediately, right?
upvoted 0 times
...
Broderick
1 year ago
I think the correct answer is D. WildFire will block the known malware, while the unknown sample will be evaluated by the local analysis engine until WildFire provides a final verdict.
upvoted 0 times
Terrilyn
1 year ago
Definitely, having multiple layers of protection is key in malware prevention.
upvoted 0 times
...
Leota
1 year ago
That makes sense. It's important to rely on both WildFire and local analysis.
upvoted 0 times
...
Dick
1 year ago
Yes, I agree. WildFire will block the known malware and evaluate the unknown sample.
upvoted 0 times
...
Tijuana
1 year ago
I think the correct answer is D.
upvoted 0 times
...
...
Lynette
1 year ago
I disagree, I believe the correct answer is D.
upvoted 0 times
...
Bettina
1 year ago
I think the answer is A.
upvoted 0 times
...

Save Cancel