None of them directly protects FW (they both indirectly protecting FW session limit). Zone Protection profile works for entire Ingress Zone (ultimately for destination devices) and DoS Protection profile for Src/Dest Zone, Src/Dest IP, User etc mentioned in DoS Policy rule . Whatever extra protection Zone protection profile is having that as well is for destination Devices.
Packet Buffer Protection could have been a good option but its not given. I feel question is not properly formed. For sake of answering here I will go with 'Dos Protection Profile' as its having 'Resource Protection' option.
DoS does not protect the firewall itself, but specific servers (it can be a group of servers (aggregate) o a specific critical server (classified). You enable Zone Protection to protect the ingress zone where it's enabled and as a result, the firewall resources.
C
DoS Protection handles most attacks that target individual servers and Zone Protection broadly protects the entire zone if DoS Protection isn't enough
Its "C"
Resource protection settings are generally related to protecting the firewall itself from being overwhelmed by excessive or malicious traffic, which is why they are configured within a Zone Protection Profile. This profile ensures that the firewall's resources are not exhausted by attacks at the network level.
A DoS Protection Profile, on the other hand, is more targeted and is used to protect specific internal resources from being overwhelmed by traffic directed at them.
Answer should be C
As taken from p48m1 "
Zone Protection Profile protects the firewall's resources.
DoS Protection Profile protects the client/server's resources."
Answer is A. You specify a DoS protection profile in a DoS protection policy rule, where you specify the criteria for packets to match the rule, and the policy rule determines the devices to which the profile applies. Resource Protection Profile limits the maximum number of concurrent sessions.
DoS Protection profiles set thresholds that protect against new session IP flood attacks and provide resource protection (maximum concurrent session limits for specified endpoints and resources).
https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/zone-protection-and-dos-protection/zone-defense/dos-protection-profiles-and-policy-rules/dos-protection-profiles
Resource protection is part of "DoS Protection Profile" the correct awser is A - https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/zone-protection-and-dos-protection/zone-defense/dos-protection-profiles-and-policy-rules/dos-protection-profiles#ida42d52fa-3366-4695-bb4a-d39ebf3b6a5f:~:text=aggregate%20profiles%2C%20the-,Resources%20Protection,-threshold%20applies%20to
This section is not available anymore. Please use the main Exam Page.PCNSE Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Sarbi
Highly Voted 2 years, 4 months agoRandomguy2021
3 months, 3 weeks agomelsg
Most Recent 4 months, 3 weeks agoYohinar
5 months, 1 week agoCarlosDV06
5 months, 3 weeks agoalexia_net
7 months, 2 weeks agoMoadil_001
7 months, 3 weeks agoMoadil_001
7 months, 3 weeks agoali_sh85
9 months, 2 weeks agojeremykebir
9 months, 2 weeks agoSkyderAmzLee
9 months, 3 weeks agoVenomX51
1 year ago[Removed]
1 year, 2 months agoMerlin0o
1 year, 2 months agoWhizdhum
1 year, 4 months agodxtide
1 year, 4 months agodxtide
1 year, 4 months agoSammy3637
1 year, 4 months agoMetgatz
1 year, 4 months ago