Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 565

A firewall administrator notices that many Host Sweep scan attacks are being allowed through the firewall sourced from the outside zone.
What should the firewall administrator do to mitigate this type of attack?

Answer options

• A. Create a Zone Protection profile, enable reconnaissance protection, set action to Block, and apply it to the outside zone.
• B. Create a DOS Protection profile with SYN Flood protection enabled and apply it to all rules allowing traffic from the outside zone.
• C. Enable packet buffer protection in the outside zone.
• D. Create a Security rule to deny all ICMP traffic from the outside zone.

Correct answer: A

Explanation

The correct answer is A, as creating a Zone Protection profile with reconnaissance protection is specifically designed to detect and block Host Sweep scans. Options B and C are not tailored to address scan attacks directly, while option D would block ICMP traffic but may not effectively mitigate other types of scanning methods.