Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 301

A system administrator runs a port scan using the company tool as part of vulnerability check. The administrator finds that the scan is identified as a threat and is dropped by the firewall. After further investigating the logs the administrator finds that the scan is dropped in the Threat Logs.

What should the administrator do to allow the tool to scan through the firewall?

Answer options

• A. Add the tool IP address to the reconnaissance protection source address exclusion in the DoS Protection profile.
• B. Add the tool IP address to the reconnaissance protection source address exclusion in the Zone Protection profile.
• C. Remove the Zone Protection profile from the zone setting.
• D. Change the TCP port scan action from Block to Alert in the Zone Protection profile.

Correct answer: B

Explanation

The correct action is to add the tool's IP address to the reconnaissance protection source address exclusion in the Zone Protection profile, which specifically addresses the scanning threats. Option A addresses a different profile (DoS Protection), while option C removes the protective measure entirely, and option D only changes the response to scans without allowing them through.