Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 486

Following a review of firewall logs for traffic generated by malicious activity, how can an administrator confirm that WildFire has identified a virus?

Answer options

• A. By navigating to Monitor > Logs > Traffic, applying filter “(subtype eq virus)”
• B. By navigating to Monitor > Logs > Threat, applying filter “(subtype eq virus)”
• C. By navigating to Monitor > Logs > Threat, applying filter “(subtype eq wildfire-virus)”
• D. By navigating to Monitor > Logs > WildFire Submissions, applying filter “(subtype eq wildfire-virus)”

Correct answer: C

Explanation

The correct answer is C, as navigating to Monitor > Logs > Threat with the filter for ‘wildfire-virus’ specifically targets the viruses identified by WildFire. Options A and B do not focus on WildFire's specific virus subtype, while option D pertains to WildFire submissions rather than confirmed detections of viruses.