Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
c
https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/zone-protection-and-dos-protection/zone-defense/dos-protection-profiles-and-policy-rules/dos-protection-profiles.html
In addition to setting IP flood thresholds, you can also use DoS Protection profiles to detect and prevent session exhaustion attacks in which a large number of hosts (bots) establish as many sessions as possible to consume a target’s resources. On the profile’s Resources Protection tab, you can set the maximum number of concurrent sessions that the device(s) defined in the DoS Protection policy rule to which you apply the profile can receive. When the number of concurrent sessions reaches its maximum limit, new sessions are dropped.
Just wonder why the answer is not "B". I see the question is prevent "attack". So if Resources Protection, it will limit the concurrent connections including legitate traffic.
If the question is without the word "attack", then I will choose C.
C. In addition to setting IP flood thresholds, you can also use DoS Protection profiles to detect and prevent session exhaustion attacks in which a large number of hosts (bots) establish as many sessions as possible to consume a target’s resources. On the profile’s Resources Protection tab, you can set the maximum number of concurrent sessions that the device(s) defined in the DoS Protection policy rule to which you apply the profile can receive. When the number of concurrent sessions reaches its maximum limit, new sessions are dropped.
https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/zone-protection-and-dos-protection/zone-defense/dos-protection-profiles-and-policy-rules/dos-protection-profiles.html
CORRECTION:
In addition to setting IP flood thresholds, you can also use DoS Protection profiles to detect and prevent session exhaustion attacks
Answer is C
In the DoS protection profile, Flood Protection is separate from Resource Protection. Resource Protection allows you to specify the max number of concurrent sessions.
It is C not B.
In addition to setting IP flood thresholds, you can also use DoS Protection profiles to detect and prevent session exhaustion attacks in which a large number of hosts (bots) establish as many sessions as possible to consume a target’s resources. On the profile’s Resources Protection tab, you can set the maximum number of concurrent sessions that the device(s) defined in the DoS Protection policy rule to which you apply the profile can receive. When the number of concurrent sessions reaches its maximum limit, new sessions are dropped.
https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/zone-protection-and-dos-protection/zone-defense/dos-protection-profiles-and-policy-rules/dos-protection-profiles.html
upvoted 2 times
...
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Want to SAVE BIG on Certification Exam Prep?
lol1000
Highly Voted 3Â years, 8Â months agorammsdoct
Highly Voted 4Â years agoMarshpillowz
Most Recent 5Â months, 2Â weeks agoNTGuru
6Â months, 1Â week agogc999
8Â months, 1Â week agoTAKUM1y
1Â year, 9Â months agoeyelasers1
2Â years, 4Â months agoevdw
3Â years, 2Â months agoachille5
3Â years, 3Â months agoSB13
3Â years, 5Â months agoSB13
3Â years, 5Â months agomyname_1
1Â year, 6Â months agoGivemeMoney
2Â years, 5Â months ago