Review the screenshot below. Based on the information it contains, which protocol decoder will detect a machine-learning match, create a Threat log entry, and permit the traffic?
I think D
The question asks which protocol permits the traffic after detecting a machine-learning match.
Looking at the WildFire Inline ML Action column, only http2 has the action allow.
Other protocols (e.g., ftp, smb, imap) have either reset-both or alert, which would either block or just log the traffic.
Why not HTTP? Not too sure how IMAP can be used for machine learning.
Action Alert: generates an alert for each application traffic flow. The alert is saved in the threat log.
B is the correct answer.
According to the screenshot, only imap, pop3 and smtp have a default (alert) action, which generates an alert for each application traffic flow. The alert is saved in the threat log.
https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/policy/security-profiles
upvoted 3 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
fb48
Highly Voted 12 months agomirko1976
Most Recent 2 weeks, 1 day agoZeruz
6 months, 3 weeks agomodems
7 months, 2 weeks agoMarkGrootaarts
10 months agoDlaEdu_Ex
11 months, 3 weeks ago