Palo Alto Networks NGFW Engineer — Question 73
A network engineer observes a pattern of anomalous traffic hitting an external-facing zone, including a high volume of TCP packets that are not part of a new session handshake (non-SYN), and a large number of ICMP fragments. The engineer decides to apply a Zone Protection profile to mitigate these potential threats.
Which protection type within the profile must be configured?
Answer options
- A. Protocol Protection
- B. Flood Protection
- C. Reconnaissance Protection
- D. Packet-Based Attack Protection
Correct answer: D
Explanation
The correct answer is D, Packet-Based Attack Protection, as it specifically addresses issues related to abnormal packet behavior, which is evident in the observed traffic patterns. The other options, while relevant in other contexts, do not directly mitigate the specific threats indicated by the high volume of non-SYN TCP packets and ICMP fragments.