Palo Alto Networks Exam PSE-Endpoint Topic 2 Question 69 Discussion

Actual exam question for Palo Alto Networks's PSE-Endpoint exam

Question #: 69
Topic #: 2

[All PSE-Endpoint Questions]

A customer plans to test the malware prevention capabilities of Traps. It has defined this policy.

* Local analysis is enabled

* Quarantining of malicious files is enabled

* Files are to be uploaded to WildFire

No executables have been whitelisted or blacklisted in the ESM Console Hash Control screen.

Malware sample A has a verdict of Malicious in the WildFire service. Malware sample B is unknown to WildFire.

Which behavior will result?

AWildFire will block sample A as known malware; sample B will be blocked as an unknown binary while the file is analyzed by WildFire for a final verdict.

BHash Control already knows sample A locally in the endpoint cache and will block it. Sample B will not be blocked by WildFire, but will be blocked by the local analysis engine.

CWildFire will block sample A as known malware, and sample B will compromise the endpoint because it is new and ESM Server has not obtained the required signatures.

DWildFire will block sample A as known malware; sample B will not be blocked by WildFire, but will be evaluated by the local analysis engine and will or will not be blocked, based on its verdict, until WildFire analysis determines the final verdict.

Show Suggested Answer

Suggested Answer: B

by Ilona at Jul 13, 2024, 09:45 AM

Limited Time Offer

25%

Off

Get Premium PSE-Endpoint Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Gary

3 hours ago

Haha, I bet the guy who wrote option C is the same one who thought it was a good idea to let the unknown sample through. What a rookie mistake!

upvoted 0 times

...

29 days ago

I think the answer is A.

upvoted 0 times

...