Examice

Exam PCNSE All QuestionsBrowse all questions from this exam

Question 95

A client has a sensitive application server in their data center and is particularly concerned about resource exhaustion because of distributed denial-of-service attacks.

How can the Palo Alto Networks NGFW be configured to specifically protect this server against resource exhaustion originating from multiple IP addresses (DDoS attack)?

Define a custom App-ID to ensure that only legitimate application traffic reaches the server.

Add a Vulnerability Protection Profile to block the attack.

Add QoS Profiles to throttle incoming requests.

Add a DoS Protection Profile with defined session count.

Correct Answer: D

To protect a sensitive application server against resource exhaustion originating from multiple IP addresses (DDoS attack), the Palo Alto Networks NGFW can be configured with a DoS Protection Profile with a defined session count. This profile allows the firewall to identify and limit the number of sessions from individual IP addresses, effectively preventing the server from being overwhelmed by malicious traffic. This approach directly addresses the concern of distributed denial-of-service attacks by controlling resource usage at the network level.

Discussion

zhawk7661Option: D

ANSWER: D

TAKUM1yOption: D

https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/zone-protection-and-dos-protection/zone-defense/dos-protection-profiles-and-policy-rules/dos-protection-profiles#ida42d52fa-3366-4695-bb4a-d39ebf3b6a5f

UFanatOption: D

DoS protection profile should be used

FS68Option: D

D is correct

tech_catarina_mall

Updated link: https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/zone-protection-and-dos-protection/zone-defense/dos-protection-profiles-and-policy-rules/dos-protection-profiles.html

MarshpillowzOption: D

Correct answer is D