Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 557

An administrator discovers that a file blocked by the WildFire inline ML feature on the firewall is a false-positive action.
How can the administrator create an exception for this particular file?

Answer options

• A. Add the related Threat ID in the Signature exceptions tab of the Antivirus profile.
• B. Disable the WildFire profile on the related Security policy.
• C. Set the WildFire inline ML action to allow for that protocol on the Antivirus profile.
• D. Add partial hash and filename in the file section of the WildFire inline ML tab of the Antivirus profile.

Correct answer: D

Explanation

The correct answer is D because adding the partial hash and filename in the WildFire inline ML tab allows for specific exceptions to be made for files that are incorrectly flagged. Option A is incorrect because it refers to the Signature exceptions, which do not specifically target the WildFire inline ML feature. Option B incorrectly suggests disabling the entire WildFire profile, which is not a targeted solution. Option C is also wrong as it addresses changing the action for a protocol rather than the specific file.