Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 611

A firewall administrator is investigating high packet buffer utilization in the company firewall. After looking at the threat logs and seeing many flood attacks coming from a single source that are dropped by the firewall, the administrator decides to enable packet buffer protection to protect against similar attacks.
The administrator enables packet buffer protection globally in the firewall but still sees a high packet buffer utilization rate.
What else should the administrator do to stop packet buffers from being overflowed?

Answer options

• A. Apply DOS profile to security rules allow traffic from outside.
• B. Enable packet buffer protection for the affected zones.
• C. Add the default Vulnerability Protection profile to all security rules that allow traffic from outside.
• D. Add a Zone Protection profile to the affected zones.

Correct answer: B

Explanation

The correct answer is B because enabling packet buffer protection specifically for the affected zones addresses the issue directly where the flood attacks are occurring. The other options, while they may provide some level of security, do not directly tackle the packet buffer overflow problem in the zones experiencing high utilization.