Palo Alto Networks System Engineer – Cortex — Question 68

Which statement applies to the malware protection flow of the endpoint agent in Cortex XSIAM?

Answer options

• A. A file from an allowed signer is exempt from local analysis.
• B. Local analysis always happens before a WildFire verdict check.
• C. Hash comparisons come after local static analysis.
• D. The block list is verified in the final step.

Correct answer: C

Explanation

The correct answer is C, as hash comparisons are indeed conducted after the local static analysis has taken place. Option A is incorrect because files from allowed signers may still undergo local analysis. Option B is wrong since the WildFire verdict check can occur before local analysis in certain situations, and option D is not accurate because the block list verification is part of the earlier steps in the process.