Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 233

VPN traffic intended for an administrator's firewall is being maliciously intercepted and retransmitted by the interceptor.
When creating a VPN tunnel, which protection profile can be enabled to prevent this malicious behavior?

Answer options

• A. Zone Protection
• B. Replay
• C. Web Application
• D. DoS Protection

Correct answer: B

Explanation

The Replay protection profile is specifically designed to prevent the replay of intercepted packets, which directly addresses the scenario of malicious retransmission. The other options, such as Zone Protection, Web Application, and DoS Protection, do not target the issue of replay attacks on VPN traffic.