Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 578

A firewall administrator is investigating high packet buffer utilization in the company firewall. After looking at the threat logs and seeing many flood attacks coming from a single source that are dropped by the firewall, the administrator decides to enable packet buffer protection to protect against similar attacks.
The administrator enables packet buffer protection globally in the firewall but still sees a high packet buffer utilization rate.
What else should the administrator do to stop packet buffers from being overflowed?

Answer options

• A. Apply DOS profile to security rules allow traffic from outside.
• B. Enable packet buffer protection for the affected zones.
• C. Add the default Vulnerability Protection profile to all security rules that allow traffic from outside.
• D. Add a Zone Protection profile to the affected zones

Correct answer: B

Explanation

The correct answer is B because enabling packet buffer protection specifically for the affected zones will provide targeted defense against overflow in those areas. Options A and C do not address the packet buffer issue directly, while D, although helpful, may not be as effective as enabling packet buffer protection tailored to the specific zones experiencing high utilization.