Exam PCNSE topic 1 question 268 discussion

The question is firewall resource protection not end device resource protection.So I think it is C is correct.

Zone protection protects the firewall and not Dos

I agree with Carlos, DoS protection, protects devices behind the firewall. To protect the firewall itself you should use a Zone Protection Profile

DoS does not protect the firewall itself, but specific servers (it can be a group of servers (aggregate) o a specific critical server (classified). You enable Zone Protection to protect the ingress zone where it's enabled and as a result, the firewall resources.

C DoS Protection handles most attacks that target individual servers and Zone Protection broadly protects the entire zone if DoS Protection isn't enough

Securing the firewall itself is the Zone Protection, but resource protection is done through DoS Profile/Policy

Its "C" Resource protection settings are generally related to protecting the firewall itself from being overwhelmed by excessive or malicious traffic, which is why they are configured within a Zone Protection Profile. This profile ensures that the firewall's resources are not exhausted by attacks at the network level. A DoS Protection Profile, on the other hand, is more targeted and is used to protect specific internal resources from being overwhelmed by traffic directed at them.

Answer is A we can define the Resources Protection under Dos Protection Profile

Guy's 100% it's C It's about firewall ressource protection and not end device. End Device is related to DoS Protection profile

same with VenomX51

As already stated: Zone Protection Profile protects the firewall's resources. DoS Protection Profile protects the client/server's resources.

DoS protection protects individual critical servers/devices, the questions asks for Firewall resources so it should be Zone protection profile.

Answer should be C As taken from p48m1 " Zone Protection Profile protects the firewall's resources. DoS Protection Profile protects the client/server's resources."

Answer is A. You specify a DoS protection profile in a DoS protection policy rule, where you specify the criteria for packets to match the rule, and the policy rule determines the devices to which the profile applies. Resource Protection Profile limits the maximum number of concurrent sessions.

DoS Protection profiles set thresholds that protect against new session IP flood attacks and provide resource protection (maximum concurrent session limits for specified endpoints and resources). https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/zone-protection-and-dos-protection/zone-defense/dos-protection-profiles-and-policy-rules/dos-protection-profiles

C looks correct like other mentioned keyword 'FW Resource protection "

Resource protection is part of "DoS Protection Profile" the correct awser is A - https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/zone-protection-and-dos-protection/zone-defense/dos-protection-profiles-and-policy-rules/dos-protection-profiles#ida42d52fa-3366-4695-bb4a-d39ebf3b6a5f:~:text=aggregate%20profiles%2C%20the-,Resources%20Protection,-threshold%20applies%20to