Palo Alto Networks Certified Network Security Consultant (PCNSC) — Question 19

An administrator needs to create a new Antivirus Profile to address a virus that is spreading internally over SMB.
To create a secure posture, the administrator should choose which set of actions for the SMB decoder in an Antivirus Profile?

Answer options

• A. Action – Allow; Wildfire Action - Allow
• B. Action – Reset-Both; Wildfire Action – Reset-Both
• C. Action – Drop; Wildfire Action – Reset-Both
• D. Action – Reset-Both; Wildfire Action - Alert

Correct answer: B

Explanation

The correct answer, B, involves using 'Reset-Both' for both the SMB decoder and Wildfire Action, which effectively terminates the connection and prevents further spread of the virus. Options A and C do not provide sufficient security measures, as allowing traffic or simply dropping it may not completely mitigate the threat. Option D, while it resets the SMB connection, does not take action against Wildfire, leaving potential vulnerabilities.