exam questions

Exam PCNSE All Questions

View all questions & answers for the PCNSE exam

Exam PCNSE topic 1 question 618 discussion

Actual exam question from Palo Alto Networks's PCNSE
Question #: 618
Topic #: 1
[All PCNSE Questions]

A security team has enabled eal-time WildFire signature lookup on all its firewalls. Which additional action will further reduce the likelihood of newly discovered malware being allowed through the firewalls?

  • A. Enable the "Hold Mode" option in Objects > Security Profiles > Antivirus
  • B. Increase the frequency of the applications and threats dynamic updates
  • C. Increase the frequency of the antivirus dynamic updates
  • D. Enable the "Report Grayware Files" option in Device > Setup > WildFire
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
PaloGod
5 days, 14 hours ago
Selected Answer: A
While increasing the frequency of antivirus dynamic updates ensures that the firewall has the latest malware signatures, it’s still a reactive approach. Antivirus updates only address known threats that have already been analyzed and added to the signature database. Even with frequent updates, there’s always a time gap between the discovery of new malware and its inclusion in the database, leaving the network vulnerable to zero-day threats. Enabling Hold Mode goes a step further by providing proactive protection. It delays file delivery until WildFire has completed its real-time analysis, ensuring that even newly discovered malware is blocked before it can pass through. This makes Hold Mode far more effective at addressing unknown or rapidly spreading threats than simply relying on frequent antivirus updates. In short, while antivirus updates are important for overall protection, they don’t offer the same level of real-time defense against new threats that Hold Mode and WildFire provide.
upvoted 1 times
...
omgt2k2
2 months, 3 weeks ago
Selected Answer: A
a
upvoted 1 times
...
xinu72
3 months, 2 weeks ago
Selected Answer: A
A- this can be configured with real-time wildfire https://docs.paloaltonetworks.com/advanced-wildfire/administration/configure-advanced-wildfire-analysis/enable-hold-mode-for-real-time-signature-lookup
upvoted 2 times
...
apiloran
3 months, 4 weeks ago
Selected Answer: A
You can configure the NGFW to hold the transfer of a sample while the real-time signature cloud performs a signature lookup. When the lookup is completed, the file is released to the requesting client (or blocked), based on your organization's security policy for specific WildFire verdicts, preventing the initial transfer of known malware. You can configure hold mode on a per antivirus profile basis and apply a global setting for the signature lookup timeout and the associated action.
upvoted 3 times
...
Style07
4 months ago
Selected Answer: B
the question refers to malware in general, not Wildfire configuration
upvoted 1 times
...
Moadil_001
4 months, 1 week ago
Selected Answer: C
Increasing the frequency of antivirus dynamic updates ensures that the firewall's antivirus signatures and malware definitions are regularly updated. This helps in identifying and blocking newly discovered malware more effectively, as the firewall will have the latest signatures to detect and prevent new threats. B. Increase the frequency of the applications and threats dynamic updates: While this helps keep the firewall up-to-date with application and threat information, the specific focus here is on antivirus updates to tackle malware threats.
upvoted 3 times
MalonJay
2 weeks, 5 days ago
The question says 'newly discovered malware' so C is the right answer.
upvoted 1 times
...
...
redgi0
4 months, 2 weeks ago
Selected Answer: D
I haven't been able to find any "hold mode" and since they say in the title "real time" wildfire, for me there is no need to increase the frequency of anything. and last but not least, report grayware files" does add an enhancement in visibility logs so for me it's D
upvoted 1 times
DatITGuyTho1337
3 months, 1 week ago
It's in the Device > Setup > Content ID > Real Time Signature Lookup section. It can also be configured as stated in option A but the global setting above is the correct way to finalise such a change. That said, I still think the answer is "A", wildfire is needed to discover malware. Signatures in dynamic updates that are downloaded are from PAN after newly discovered malware are classified and fed to the PAN network from wildfire submissions on a global basis.
upvoted 3 times
redgi0
1 month, 2 weeks ago
correct. thanks. the firewall I've used was in version 10, and the option hold mode wasn't there. now with version 11 I see it in Device > Setup > Content ID > Real Time Signature Lookup section.
upvoted 1 times
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago