ExamGecko
Question list
Search
Search

Related questions











Question 253 - PCNSE discussion

Report
Export

Which log type will help the engineer verify whether packet buffer protection was activated?

A.
Data Filtering
Answers
A.
Data Filtering
B.
Configuration
Answers
B.
Configuration
C.
Threat
Answers
C.
Threat
D.
Traffic
Answers
D.
Traffic
Suggested answer: C

Explanation:

The log type that will help the engineer verify whether packet buffer protection was activated is Threat Logs. Threat Logs are logs generated by the Palo Alto Networks firewall when it detects a malicious activity on the network. These logs contain information about the source, destination, and type of threat detected. They also contain information about the packet buffer protection that was activated in response to the detected threat. This information can help the engineer verify that packet buffer protection was activated and determine which actions were taken in response to the detected threat. Packet buffer protection is a feature that prevents packet buffer exhaustion by dropping packets, discarding sessions, or blocking source IP addresses when the packet buffer utilization exceeds a certain threshold. The firewall records these events in the threat log with different threat IDs andnames1. The system log also records an alert event when the packet buffer congestion reaches thealert threshold2. The other types of logs do not show packet buffer protection events. Reference: 1:https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/zone-protection-and-dos-protection/zone-defense/packet-buffer-protection 2: https://docs.paloaltonetworks.com/pan-os/10- 2/pan-os-admin/monitoring/use-syslog-for-monitoring/syslog-field-descriptions/system-log-fields

asked 23/09/2024
Franjo Tomurad
27 questions
User
Your answer:
0 comments
Sorted by

Leave a comment first