Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 529

The manager of the network security team has asked you to help configure the company's Security Profiles according to Palo Alto Networks best practice. As part of that effort, the manager has assigned you the Vulnerability Protection profile for the Internet gateway firewall. Which action and packet-capture setting for items of high severity and critical severity best matches Palo Alto Networks best practice?

Answer options

• A. action 'reset-server' and packet capture 'disable'
• B. action 'default' and packet capture 'single-packet'
• C. action 'reset-both' and packet capture 'extended-capture'
• D. action 'reset-both' and packet capture 'single-packet'

Correct answer: D

Explanation

The correct answer is D because Palo Alto Networks recommends using 'reset-both' to mitigate threats effectively and 'single-packet' for packet capture to collect essential data without overwhelming the system. Option A is incorrect as 'reset-server' does not provide adequate protection, while option B does not align with best practices for severity handling. Option C suggests a more extensive capture than necessary, which is not recommended for high severity items.