ExamTopics Logo
Mail Us[email protected]
Menu
Palo-Alto-Networks Discussions
exam questions

Exam PCNSE All Questions

View all questions & answers for the PCNSE exam
Go to Exam

Exam PCNSE topic 1 question 377 discussion

Actual exam question from Palo Alto Networks's PCNSE
Question #: 377
Topic #: 1
[All PCNSE Questions]

While investigating a SYN flood attack, the firewall administrator discovers that legitimate traffic is also being dropped by the DoS profile.
If the DoS profile action is set to Random Early Drop, what should the administrator do to limit the drop to only the attacking sessions?

  • A. Enable resources protection under the DoS Protection profile.
  • B. Change the SYN flood action from Random Early Drop to SYN cookies.
  • C. Increase the activate rate for the SYN flood protection.
  • D. Change the DoS Protection profile type from aggregate to classified.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by nose999 at Sept. 8, 2022, 11:14 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
nose999
Highly Voted 2 years, 7 months ago
Selected Answer: B
https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/zone-protection-and-dos-protection/dos-protection-against-flooding-of-new-sessions/configure-dos-protection-against-flooding-of-new-sessions
upvoted 7 times
...
Bau24
Most Recent 8 months, 2 weeks ago
Selected Answer: B
Answer is B
upvoted 1 times
...
0d2fdfa
10 months, 2 weeks ago
Selected Answer: B
https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/zone-protection-and-dos-protection/dos-protection-against-flooding-of-new-sessions/configure-dos-protection-against-flooding-of-new-sessions
upvoted 1 times
...
Marshpillowz
1 year, 2 months ago
Selected Answer: B
B is correct
upvoted 1 times
...
JRKhan
1 year, 2 months ago
Selected Answer: B
SYN cookie is the recommended method because of its advantages of not dropping legitimate traffic, even though maintenance of half-open TCP connections for the TCP servers requires more data plane CPU and memory resources. Do not enable SYN cookies if your data plane CPU is nearing maximum use.
upvoted 1 times
...
dorf05
1 year, 4 months ago
Selected Answer: B
https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/zone-protection-and-dos-protection/dos-protection-against-flooding-of-new-sessions/configure-dos-protection-against-flooding-of-new-sessions#:~:text=SYN%20Cookies%E2%80%94Rather,affects%20bad%20traffic.
upvoted 2 times
...
certprep2021
2 years ago
Selected Answer: B
"The SYN Cookies action requires more firewall resources than Random Early Drop; it’s more discerning because it affects bad traffic." https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/zone-protection-and-dos-protection/dos-protection-against-flooding-of-new-sessions/configure-dos-protection-against-flooding-of-new-sessions
upvoted 2 times
...
aatechler
2 years, 3 months ago
Selected Answer: B
◦ Random Early Drop—Drop packets randomly when connections per second reach the Activate Rate threshold. ◦ SYN cookies—Use SYN cookies to generate acknowledgments so that it is not necessary to drop connections during a SYN flood attack.
upvoted 4 times
...
TAKUM1y
2 years, 5 months ago
Selected Answer: B
https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/zone-protection-and-dos-protection/zone-defense/zone-protection-profiles/flood-protection
upvoted 2 times
...
happyism
2 years, 5 months ago
SYN Flood Protection is the only type for which you set the drop Action. Start by setting the Action to SYN Cookies. SYN Cookies treats legitimate traffic fairly and only drops traffic that fails the SYN handshake, while using Random Early Drop drops traffic randomly, so RED may affect legitimate traffic. https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/zone-protection-and-dos-protection/zone-defense/zone-protection-profiles/flood-protection
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago