exam questions

Exam PCNSE All Questions

View all questions & answers for the PCNSE exam

Exam PCNSE topic 1 question 286 discussion

Actual exam question from Palo Alto Networks's PCNSE
Question #: 286
Topic #: 1
[All PCNSE Questions]

What is considered the best practice with regards to zone protection?

  • A. Use separate log-forwarding profiles to forward DoS and zone threshold event logs separately from other threat logs
  • B. Review DoS threat activity (ACC > Block Activity) and look for patterns of abuse
  • C. Set the Alarm Rate threshold for event-log messages to high severity or critical severity
  • D. If the levels of zone and DoS protection consume too many firewall resources, disable zone protection
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
0d2fdfa
1 month, 1 week ago
Selected Answer: A
Correct option is A the question is about best practice. I don't think disabling Zone Protection would be a best practice regardless of circumstances.
upvoted 1 times
...
34f7d3a
6 months, 2 weeks ago
Selected Answer: A
Log Forwarding—For easier management, forward DoS logs separately from other Threat logs directly to administrators via email and to a log server. - https://docs.paloaltonetworks.com/best-practices/dos-and-zone-protection-best-practices/dos-and-zone-protection-best-practices/deploy-dos-and-zone-protection-using-best-practices
upvoted 1 times
...
Sammy3637
6 months, 2 weeks ago
Selected Answer: A
lol the answer is D , that's a big no no it's best practice to use separate log forwarding profiles for DoS and ZPP event logs
upvoted 1 times
...
Metgatz
6 months, 2 weeks ago
Option A - "For easier management, use separate log forwarding profiles to forward DoS and zone threshold event logs separately from other Threat logs." Best Practices: https://docs.paloaltonetworks.com/best-practices/dos-and-zone-protection-best-practices/dos-and-zone-protection-best-practices/follow-post-deployment-dos-and-zone-protection-best-practices
upvoted 1 times
...
electro165
9 months, 4 weeks ago
Selected Answer: B
Reviewing DoS (Denial of Service) threat activity in the Block Activity section of the ACC (Application Command Center) and looking for patterns of abuse is an important step in ensuring effective zone protection. By monitoring and analyzing DoS threat activity, you can identify potential attacks and take appropriate actions to mitigate them.
upvoted 1 times
...
certprep2021
1 year, 3 months ago
Selected Answer: A
https://docs.paloaltonetworks.com/best-practices/dos-and-zone-protection-best-practices/dos-and-zone-protection-best-practices/follow-post-deployment-dos-and-zone-protection-best-practices "For easier management, use separate log forwarding profiles to forward DoS and zone threshold event logs separately from other Threat logs."
upvoted 3 times
...
David010989
1 year, 5 months ago
is D because the kb says Log Forwarding—For easier management, forward DoS logs separately from other Threat logs directly to administrators via email and to a log server. only for easier mgmt but the real thing here are the fw resources
upvoted 1 times
...
lol12
1 year, 6 months ago
Selected Answer: A
A Disabling zone protection because not enough resources is hardly best practices. Best practice would be to size the appliance accordingly in the first place and so make D obsolete. Then A is correct. https://docs.paloaltonetworks.com/best-practices/dos-and-zone-protection-best-practices/dos-and-zone-protection-best-practices/deploy-dos-and-zone-protection-using-best-practices
upvoted 3 times
...
Goharam
1 year, 7 months ago
Look this. "Measure firewall performance to ensure it’s within acceptable norms and so you understand the effect of zone and DoS protection on firewall resources. If the levels of zone and DoS protection (combined with other resource-consuming features such as decryption) consume too many firewall resources, the best practice is to scale up the resources rather than to compromise security." So, the answer is not D. It's A.
upvoted 2 times
...
TAKUM1y
1 year, 8 months ago
Selected Answer: A
https://docs.paloaltonetworks.com/best-practices/10-1/dos-and-zone-protection-best-practices/dos-and-zone-protection-best-practices/follow-post-deployment-dos-and-zone-protection-best-practices
upvoted 1 times
...
TAKUM1y
1 year, 8 months ago
Selected Answer: D
https://docs.paloaltonetworks.com/best-practices/10-1/dos-and-zone-protection-best-practices/dos-and-zone-protection-best-practices/deploy-dos-and-zone-protection-using-best-practices
upvoted 1 times
...
mysteryzjoker
1 year, 8 months ago
annoyingly both A & B are included in the link: https://docs.paloaltonetworks.com/best-practices/9-1/dos-and-zone-protection-best-practices/dos-and-zone-protection-best-practices/follow-post-deployment-dos-and-zone-protection-best-practices
upvoted 1 times
Flipower
1 year, 7 months ago
B is incorrect. The link says (ACC > Threat Activity), NOT (ACC > Block Activity) like stated in B.
upvoted 1 times
...
...
datz
1 year, 8 months ago
Selected Answer: A
A is correct answer. (Log forwarding) Palo will never tell you as Best practice to disable security....
upvoted 1 times
...
al12345
1 year, 9 months ago
Selected Answer: A
https://docs.paloaltonetworks.com/best-practices/10-1/dos-and-zone-protection-best-practices/dos-and-zone-protection-best-practices/deploy-dos-and-zone-protection-using-best-practices Log Forwarding—For easier management, forward DoS logs separately from other Threat logs directly to administrators via email and to a log server.
upvoted 3 times
...
nose999
1 year, 9 months ago
Selected Answer: B
https://docs.paloaltonetworks.com/best-practices/9-1/dos-and-zone-protection-best-practices/dos-and-zone-protection-best-practices/follow-post-deployment-dos-and-zone-protection-best-practices
upvoted 1 times
al12345
1 year, 9 months ago
Review DoS threat activity (ACC - Threat Activity) and look for patterns of abuse. ? correct is A
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago