Palo Alto Networks (PANW) Certified Network Security Administrator (PCNSA) Practice Exam

When a security policy rule is set to block high-severity threats, which profile must be applied to detect malware?

• A. Antivirus Profiles
• B. Application Control Profiles
• C. URL Filtering Profiles
• D. Threat Prevention Profiles

The correct answer is: Antivirus Profiles

When a security policy rule is configured to block high-severity threats, it is essential to apply the appropriate profile that enables the detection of malware. The correct choice is to use Antivirus Profiles. Antivirus profiles are specifically designed to detect, block, and mitigate malware threats that could compromise the integrity of the network or endpoints. They utilize various detection techniques, such as signature-based detection and heuristics, to identify malicious files in real-time as they traverse the network. When the security policy is set to block high-severity threats, having the antivirus profile in place ensures that any detected malware can be effectively blocked before it impacts the system. In contrast, other profiles such as Application Control, URL Filtering, and Threat Prevention profiles have different focuses. Application Control Profiles mainly regulate which applications can be accessed, focusing on application-layer traffic. URL Filtering Profiles deal with controlling access to websites based on their content or reputation, and while they contribute to overall security, they do not specialize in malware detection. Threat Prevention Profiles enable a combination of security measures but are broader in scope and not solely focused on malware. Therefore, applying an Antivirus Profile is critical for accurately detecting and blocking malware threats in this context.