Palo Alto Networks System Engineer – Cortex — Question 7

Which statement applies to the malware protection flow in Cortex XDR Prevent?

Answer options

• A. Local static analysis happens before a WildFire verdict check.
• B. In the final step, the block list is verified.
• C. A trusted signed file is exempt from local static analysis.
• D. Hash comparisons come after local static analysis.

Correct answer: A

Explanation

Option A is correct because local static analysis is indeed conducted before checking the WildFire verdict, ensuring that potential threats are evaluated early in the process. Option B is incorrect as the block list verification does not occur last in the flow. Option C is wrong since even trusted signed files can be analyzed for potential malware. Option D is false because hash comparisons are done before local static analysis.