Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 372

A network security administrator wants to enable Packet-Based Attack Protection in a Zone Protection profile.

What are two valid ways to enable Packet-Based Attack Protection? (Choose two.)

Answer options

• A. TCP Drop
• B. ICMP Drop
• C. SYN Random Early Drop
• D. TCP Port Scan Block

Correct answer: A, B

Explanation

The correct answers, A and B, represent methods to drop specific types of packets, which is essential for enabling Packet-Based Attack Protection. Options C and D are not valid for this purpose as they focus on different attack mitigation strategies rather than directly enabling packet-based protections.