PNSCE - Firewall 10.0 WildFire Versus Malware
Exam 100% Verified New
Which four Palo Alto Networks firewalls support the decryption broker feature? (Choose
four.) - ANSWER - PA-3200
- PA-5200
- PA-7000
- VM-Series
How many WildFire appliances maximum can be grouped in to a WildFire appliance
cluster? - ANSWER 20
Which three types of objects are sent to WildFire for analysis? (Choose three.) -
ANSWER -Email Attachments
-URL links in email
-Files crossing the firewall
What are two advantages of assigning a Decryption Profile to a Decryption policy no
decrypt rule? (Choose two.) - ANSWER - Expired certificate checking
- Untrusted certificate checking
Which two types of traffic does the firewall proxy? (Choose two.) - ANSWER - SSH
- SSL Outbound
SSL Inbound Inspection requires the firewall to be setup with which two of the following
components? (Choose two.) - ANSWER - Server's Private Key
- Server's Digital Certificate
,In which type of firewall feature you will create a forward trust and forward un-trust
certificates? - ANSWER SSL Forward Proxy Decryption
Which two protocol can be setup in a Certificate profile to check certificate is still Valid?
(Choose two.) - ANSWER - CRL
- OSP
Certificate Revocation List (CRL) -The CRL itself is a list of the serial numbers of revoked
certificates. This list is obtained by the client by downloading it from a CA.
Online Certificate Status Protocol (OCSP) - OCSP is a protocol for checking the
revocation of a single certificate interactively by using an online service called an OCSP
responder.
Which two conditions must be satisfied before the firewall can utilize a Security Profile
to inspect network traffic for malicious activity? (Choose two.) - ANSWER - Traffic must
be decrypted(cleartext)
- Traffic must match a security policy rule
WildFire analysis is used to update which three Palo Alto Networks information
sources? (Select three.) - ANSWER - Malicious Domains
- Malicious IP Addresses
- PAN-DB Categories
Which two statements are true regarding how the firewall uses its master key? (Select
two.) - ANSWER - Used to encrypt private keys
- Used to encrypt local firewall account passwords
WildFire Global Threat Intelligence Cloud - ANSWER Wildfire global threat intelligence
cloud - Palo Alto Networks firewalls across the world forward the unknown files and
URL links present in emails to WildFire Global threat intelligence cloud, or to one of
three regional clouds in Europe, Japan and Singapore for analysis.
, Each of the WildFire Clouds perform their analysis and provide malware signature and
verdicts separately.
WildFire signatures and verdicts are then shared globally, enabling all WildFire users
around the world to make use of malware coverage regardless of where in the world the
malware was initially detected.
Wildfire Verdict - ANSWER WildFire is a cloud-based virtual sandbox that is used to
analyze unknown files and URL links found in emails. The analysis takes place for:
Android
Linux
macOS
Windows XP
Windows 7
Windows 10
After processing is complete, files and links are classified as: benign
grayware
malware
phishing
If malware or a phishing URL is detected, WildFire generates a new antivirus signature
or adds the URL to the PAN-DB Phishing URL category and within minutes pushes those
changes to download by firewalls worldwide.
Wildfire file submission rule: ANSWER If the file has been sent to WildFire, then the
previous verdict is used by the firewall.
If the file has not been forwarded to WildFire, the firewall checks whether the size of the
file is smaller than the maximum firewall-to-WildFire transfer size set on the firewall.
If the size of the file is bigger than the maximum allowed size, then the firewall will allow
the delivery of the file and does not forward the file to WildFire.
If the file size is less than the configured maximum, the file is forwarded to WildFire for
analysis.
Exam 100% Verified New
Which four Palo Alto Networks firewalls support the decryption broker feature? (Choose
four.) - ANSWER - PA-3200
- PA-5200
- PA-7000
- VM-Series
How many WildFire appliances maximum can be grouped in to a WildFire appliance
cluster? - ANSWER 20
Which three types of objects are sent to WildFire for analysis? (Choose three.) -
ANSWER -Email Attachments
-URL links in email
-Files crossing the firewall
What are two advantages of assigning a Decryption Profile to a Decryption policy no
decrypt rule? (Choose two.) - ANSWER - Expired certificate checking
- Untrusted certificate checking
Which two types of traffic does the firewall proxy? (Choose two.) - ANSWER - SSH
- SSL Outbound
SSL Inbound Inspection requires the firewall to be setup with which two of the following
components? (Choose two.) - ANSWER - Server's Private Key
- Server's Digital Certificate
,In which type of firewall feature you will create a forward trust and forward un-trust
certificates? - ANSWER SSL Forward Proxy Decryption
Which two protocol can be setup in a Certificate profile to check certificate is still Valid?
(Choose two.) - ANSWER - CRL
- OSP
Certificate Revocation List (CRL) -The CRL itself is a list of the serial numbers of revoked
certificates. This list is obtained by the client by downloading it from a CA.
Online Certificate Status Protocol (OCSP) - OCSP is a protocol for checking the
revocation of a single certificate interactively by using an online service called an OCSP
responder.
Which two conditions must be satisfied before the firewall can utilize a Security Profile
to inspect network traffic for malicious activity? (Choose two.) - ANSWER - Traffic must
be decrypted(cleartext)
- Traffic must match a security policy rule
WildFire analysis is used to update which three Palo Alto Networks information
sources? (Select three.) - ANSWER - Malicious Domains
- Malicious IP Addresses
- PAN-DB Categories
Which two statements are true regarding how the firewall uses its master key? (Select
two.) - ANSWER - Used to encrypt private keys
- Used to encrypt local firewall account passwords
WildFire Global Threat Intelligence Cloud - ANSWER Wildfire global threat intelligence
cloud - Palo Alto Networks firewalls across the world forward the unknown files and
URL links present in emails to WildFire Global threat intelligence cloud, or to one of
three regional clouds in Europe, Japan and Singapore for analysis.
, Each of the WildFire Clouds perform their analysis and provide malware signature and
verdicts separately.
WildFire signatures and verdicts are then shared globally, enabling all WildFire users
around the world to make use of malware coverage regardless of where in the world the
malware was initially detected.
Wildfire Verdict - ANSWER WildFire is a cloud-based virtual sandbox that is used to
analyze unknown files and URL links found in emails. The analysis takes place for:
Android
Linux
macOS
Windows XP
Windows 7
Windows 10
After processing is complete, files and links are classified as: benign
grayware
malware
phishing
If malware or a phishing URL is detected, WildFire generates a new antivirus signature
or adds the URL to the PAN-DB Phishing URL category and within minutes pushes those
changes to download by firewalls worldwide.
Wildfire file submission rule: ANSWER If the file has been sent to WildFire, then the
previous verdict is used by the firewall.
If the file has not been forwarded to WildFire, the firewall checks whether the size of the
file is smaller than the maximum firewall-to-WildFire transfer size set on the firewall.
If the size of the file is bigger than the maximum allowed size, then the firewall will allow
the delivery of the file and does not forward the file to WildFire.
If the file size is less than the configured maximum, the file is forwarded to WildFire for
analysis.
