c
https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/zone-protection-and-dos-protection/zone-defense/dos-protection-profiles-and-policy-rules/dos-protection-profiles.html
In addition to setting IP flood thresholds, you can also use DoS Protection profiles to detect and prevent session exhaustion attacks in which a large number of hosts (bots) establish as many sessions as possible to consume a target’s resources. On the profile’s Resources Protection tab, you can set the maximum number of concurrent sessions that the device(s) defined in the DoS Protection policy rule to which you apply the profile can receive. When the number of concurrent sessions reaches its maximum limit, new sessions are dropped.
Just wonder why the answer is not "B". I see the question is prevent "attack". So if Resources Protection, it will limit the concurrent connections including legitate traffic.
If the question is without the word "attack", then I will choose C.
C. In addition to setting IP flood thresholds, you can also use DoS Protection profiles to detect and prevent session exhaustion attacks in which a large number of hosts (bots) establish as many sessions as possible to consume a target’s resources. On the profile’s Resources Protection tab, you can set the maximum number of concurrent sessions that the device(s) defined in the DoS Protection policy rule to which you apply the profile can receive. When the number of concurrent sessions reaches its maximum limit, new sessions are dropped.
https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/zone-protection-and-dos-protection/zone-defense/dos-protection-profiles-and-policy-rules/dos-protection-profiles.html
CORRECTION:
In addition to setting IP flood thresholds, you can also use DoS Protection profiles to detect and prevent session exhaustion attacks
Answer is C
It is C not B.
In addition to setting IP flood thresholds, you can also use DoS Protection profiles to detect and prevent session exhaustion attacks in which a large number of hosts (bots) establish as many sessions as possible to consume a target’s resources. On the profile’s Resources Protection tab, you can set the maximum number of concurrent sessions that the device(s) defined in the DoS Protection policy rule to which you apply the profile can receive. When the number of concurrent sessions reaches its maximum limit, new sessions are dropped.
https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/zone-protection-and-dos-protection/zone-defense/dos-protection-profiles-and-policy-rules/dos-protection-profiles.html
In the DoS protection profile, Flood Protection is separate from Resource Protection. Resource Protection allows you to specify the max number of concurrent sessions.
upvoted 1 times
...
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
rammsdoct
Highly Voted 4Â years agolol1000
Highly Voted 3Â years, 7Â months agoMarshpillowz
Most Recent 5Â months agoNTGuru
5Â months, 4Â weeks agogc999
7Â months, 4Â weeks agoTAKUM1y
1Â year, 9Â months agoeyelasers1
2Â years, 4Â months agoevdw
3Â years, 1Â month agoachille5
3Â years, 3Â months agoSB13
3Â years, 5Â months agoSB13
3Â years, 5Â months agoGivemeMoney
2Â years, 5Â months agomyname_1
1Â year, 6Â months ago