Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 616

What is considered the best practice with regards to zone protection?

Answer options

• A. Use separate log-forwarding profiles to forward DoS and zone threshold event logs separately from other threat logs
• B. Review DoS threat activity (ACC > Block Activity) and look for patterns of abuse
• C. Set the Alarm Rate threshold for event-log messages to high severity or critical severity
• D. If the levels of zone and DoS protection consume too many firewall resources, disable zone protection

Correct answer: A

Explanation

The correct answer, A, highlights the importance of keeping DoS and zone threshold event logs distinct for better management and analysis. Options B and C are useful but do not align with best practices for segmentation and forwarding of logs. Option D suggests disabling protection, which contradicts the purpose of maintaining robust security measures.