A security team has enabled eal-time WildFire signature lookup on all its firewalls. Which additional action will further reduce the likelihood of newly discovered malware being allowed through the firewalls?
A.
Enable the "Hold Mode" option in Objects > Security Profiles > Antivirus
B.
Increase the frequency of the applications and threats dynamic updates
C.
Increase the frequency of the antivirus dynamic updates
D.
Enable the "Report Grayware Files" option in Device > Setup > WildFire
While increasing the frequency of antivirus dynamic updates ensures that the firewall has the latest malware signatures, it’s still a reactive approach. Antivirus updates only address known threats that have already been analyzed and added to the signature database. Even with frequent updates, there’s always a time gap between the discovery of new malware and its inclusion in the database, leaving the network vulnerable to zero-day threats.
Enabling Hold Mode goes a step further by providing proactive protection. It delays file delivery until WildFire has completed its real-time analysis, ensuring that even newly discovered malware is blocked before it can pass through. This makes Hold Mode far more effective at addressing unknown or rapidly spreading threats than simply relying on frequent antivirus updates.
In short, while antivirus updates are important for overall protection, they don’t offer the same level of real-time defense against new threats that Hold Mode and WildFire provide.
A- this can be configured with real-time wildfire
https://docs.paloaltonetworks.com/advanced-wildfire/administration/configure-advanced-wildfire-analysis/enable-hold-mode-for-real-time-signature-lookup
You can configure the NGFW to hold the transfer of a sample while the real-time signature cloud performs a signature lookup. When the lookup is completed, the file is released to the requesting client (or blocked), based on your organization's security policy for specific WildFire verdicts, preventing the initial transfer of known malware. You can configure hold mode on a per antivirus profile basis and apply a global setting for the signature lookup timeout and the associated action.
Increasing the frequency of antivirus dynamic updates ensures that the firewall's antivirus signatures and malware definitions are regularly updated. This helps in identifying and blocking newly discovered malware more effectively, as the firewall will have the latest signatures to detect and prevent new threats.
B. Increase the frequency of the applications and threats dynamic updates: While this helps keep the firewall up-to-date with application and threat information, the specific focus here is on antivirus updates to tackle malware threats.
I haven't been able to find any "hold mode"
and since they say in the title "real time" wildfire, for me there is no need to increase the frequency of anything.
and last but not least, report grayware files" does add an enhancement in visibility logs
so for me it's D
It's in the Device > Setup > Content ID > Real Time Signature Lookup section. It can also be configured as stated in option A but the global setting above is the correct way to finalise such a change. That said, I still think the answer is "A", wildfire is needed to discover malware. Signatures in dynamic updates that are downloaded are from PAN after newly discovered malware are classified and fed to the PAN network from wildfire submissions on a global basis.
correct. thanks.
the firewall I've used was in version 10, and the option hold mode wasn't there.
now with version 11 I see it in Device > Setup > Content ID > Real Time Signature Lookup section.
upvoted 1 times
...
...
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
PaloGod
5Â days, 14Â hours agoomgt2k2
2Â months, 3Â weeks agoxinu72
3Â months, 2Â weeks agoapiloran
3Â months, 4Â weeks agoStyle07
4Â months agoMoadil_001
4Â months, 1Â week agoMalonJay
2Â weeks, 5Â days agoredgi0
4Â months, 2Â weeks agoDatITGuyTho1337
3Â months, 1Â week agoredgi0
1Â month, 2Â weeks ago