Which DoS protection mechanism detects and prevents session exhaustion attacks?
Which DoS protection mechanism detects and prevents session exhaustion attacks?
Session exhaustion attacks aim to consume a target’s resources by establishing as many sessions as possible. Resource Protection is the mechanism designed to limit the maximum number of concurrent sessions. By setting these limits, the system can effectively detect and prevent session exhaustion attacks by dropping new session attempts once the limit is reached, thereby preserving system resources for legitimate traffic.
c https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/zone-protection-and-dos-protection/zone-defense/dos-protection-profiles-and-policy-rules/dos-protection-profiles.html
Just to clarify, C: correct https://docs.paloaltonetworks.com/pan-os/7-1/pan-os-admin/policy/security-profiles/dos-protection-profiles
CORRECTION: In addition to setting IP flood thresholds, you can also use DoS Protection profiles to detect and prevent session exhaustion attacks Answer is C
C. In addition to setting IP flood thresholds, you can also use DoS Protection profiles to detect and prevent session exhaustion attacks in which a large number of hosts (bots) establish as many sessions as possible to consume a target’s resources. On the profile’s Resources Protection tab, you can set the maximum number of concurrent sessions that the device(s) defined in the DoS Protection policy rule to which you apply the profile can receive. When the number of concurrent sessions reaches its maximum limit, new sessions are dropped. https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/zone-protection-and-dos-protection/zone-defense/dos-protection-profiles-and-policy-rules/dos-protection-profiles.html
It is asking for which "mechanism" . Is the answer not B?
It is C not B. In addition to setting IP flood thresholds, you can also use DoS Protection profiles to detect and prevent session exhaustion attacks in which a large number of hosts (bots) establish as many sessions as possible to consume a target’s resources. On the profile’s Resources Protection tab, you can set the maximum number of concurrent sessions that the device(s) defined in the DoS Protection policy rule to which you apply the profile can receive. When the number of concurrent sessions reaches its maximum limit, new sessions are dropped. https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/zone-protection-and-dos-protection/zone-defense/dos-protection-profiles-and-policy-rules/dos-protection-profiles.html
In the DoS protection profile, Flood Protection is separate from Resource Protection. Resource Protection allows you to specify the max number of concurrent sessions.
C is correct
In addition to setting IP flood thresholds, you can also use DoS Protection profiles to detect and prevent session exhaustion attacks in which a large number of hosts (bots) establish as many sessions as possible to consume a target’s resources. On the profile’s Resources Protection tab, you can set the maximum number of concurrent sessions that the device(s) defined in the DoS Protection policy rule to which you apply the profile can receive. When the number of concurrent sessions reaches its maximum limit, new sessions are dropped.
Just wonder why the answer is not "B". I see the question is prevent "attack". So if Resources Protection, it will limit the concurrent connections including legitate traffic. If the question is without the word "attack", then I will choose C.
https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/zone-protection-and-dos-protection/zone-defense/dos-protection-profiles-and-policy-rules/dos-protection-profiles#ida42d52fa-3366-4695-bb4a-d39ebf3b6a5f
Correct Answer: C
Correct answer is C