Palo Alto Networks Certified Detection and Remediation Analyst (PCDRA) — Question 66

Under which conditions is Local Analysis evoked to evaluate a file before the file is allowed to run?

Answer options

• A. The endpoint is disconnected or the verdict from WildFire is of a type malware.
• B. The endpoint is disconnected or the verdict from WildFire is of a type unknown.
• C. The endpoint is disconnected or the verdict from WildFire is of a type grayware.
• D. The endpoint is disconnected or the verdict from WildFire is of a type benign.

Correct answer: B

Explanation

The correct answer is B because Local Analysis is triggered when the endpoint is not connected and the file's status is unknown, indicating it needs further evaluation before execution. The other options specify verdicts of malware, grayware, or benign, which do not require further analysis since they have clear classifications.