Palo Alto Networks (PANW) Certified Network Security Administrator (PCNSA) Practice Exam

Which security measure is applied first when a malicious file is detected by the Palo Alto firewall?

• A. The client is advised to delete the file
• B. The firewall logs the threat
• C. The application continues without interruption
• D. The firewall reconfigures network security settings

The correct answer is: The firewall logs the threat

When a malicious file is detected by a Palo Alto firewall, the first security measure applied is to log the threat. This logging action is crucial for several reasons. It ensures that the event is documented for future reference, enabling administrators to review and analyze the threat later. The log contains vital details about the malicious file, including its characteristics and the context of its detection, which assists in understanding the threat landscape and improving future responses. Logging threats is an essential part of maintaining overall network security, as it contributes to incident response efforts, compliance auditing, and continuous security improvements. By documenting the event, the firewall allows security teams to take further actions based on the information gathered, such as conducting forensic analysis or developing strategies to prevent similar occurrences. The other options do not reflect the immediate action taken by the firewall upon the detection of a malicious file. For instance, advising the client to delete the file or reconfiguring network security settings would come later in the incident response process, while continuing application operation without interruption could expose the network to further risks from the detected threat. Thus, logging the event takes precedence as the initial step in handling detected malicious files.