A system administrator runs a port scan using the company tool as part of vulnerability check. The administrator finds that the scan is identified as a threat and is dropped by the firewall. After further investigating the logs the administrator finds that the scan is dropped in the Threat Logs.
What should the administrator do to allow the tool to scan through the firewall?
To allow the vulnerability scanning tool to operate through the firewall without being identified as a threat, the correct action is to add the tool's IP address to the reconnaissance protection source address exclusion in the Zone Protection profile. This configuration specifically allows trusted IP addresses to bypass the protections designed to prevent reconnaissance activities while maintaining the overall security posture of the network. This selective exclusion enables the tool to perform its function without compromising the overall security settings in place.
https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/zone-protection-and-dos-protection/configure-zone-protection-to-increase-network-security/configure-reconnaissance-protection
To further clarify it is B: There is no such section in DoS Protection Profiles The other options can open the gates to non-approved reconnaissance.
Answer is B
Updated link- https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/zone-protection-and-dos-protection/configure-zone-protection-to-increase-network-security/configure-reconnaissance-protection