Palo Alto Networks Exam PSE-DataCenter Topic 1 Question 5 Discussion

Actual exam question for Palo Alto Networks's PSE-DataCenter exam

Question #: 5
Topic #: 1

A client has a sensitive application server in their data center and is particularly concerned about resource exhaustion because of distributed denial-of-service attacks.

How can the Palo Alto Networks NGFW be configured to specifically protect this server against resource exhaustion originating from multiple IP addresses (DDoS attack)?

ADefine a custom App-ID to ensure that only legitimate application traffic reaches the server.

BAdd a Vulnerability Protection Profile to block the attack.

CAdd QoS Profiles to throttle incoming requests.

DAdd a DoS Protection Profile with defined session count.

Show Suggested Answer

Suggested Answer: D

by Christiane at Jan 23, 2025, 10:58 AM

Limited Time Offer

25%

Off

Get Premium PSE-DataCenter Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Precious

15 days ago

Hey, this is a tough one! I'm leaning towards option D, but I wonder if the Palo Alto NGFW can also perform some fancy ninja moves to deflect the DDoS attacks. Like, 'Palo Alto Chop!' or something.

upvoted 0 times

...

Bette

20 days ago

Option C looks interesting, but I'm not sure if QoS Profiles will be enough to handle a full-blown DDoS attack. Better to go with the DoS Protection Profile for a more robust solution.

upvoted 0 times

Dominga

1 days ago

User 2: I agree, QoS Profiles might not be enough to handle a full-blown DDoS attack. Better to go with a more robust solution like the DoS Protection Profile.

upvoted 0 times

...

Kimbery

7 days ago

User 2: Yeah, we should go with the DoS Protection Profile for better protection.

upvoted 0 times

...

Selma

9 days ago

User 1: I agree, QoS Profiles might not be enough for a DDoS attack.

upvoted 0 times

...

Leslie

11 days ago

User 1: I think option D, adding a DoS Protection Profile with defined session count, would be the best choice for protecting against DDoS attacks.

upvoted 0 times

...

Darrin

20 days ago

I'm not sure about option D, I think option A could also be useful in ensuring only legitimate traffic reaches the server.

upvoted 0 times

...

Tegan

25 days ago

I agree with Rima, option D with a defined session count would help prevent DDoS attacks effectively.

upvoted 0 times

...

Rima

27 days ago

I think option D is the best choice because it specifically addresses resource exhaustion from multiple IP addresses.

upvoted 0 times

...

Willard

1 months ago

I think option D is the way to go. The DoS Protection Profile with defined session count sounds like the perfect solution to protect against resource exhaustion from multiple IP addresses.

upvoted 0 times

Jaclyn

8 days ago

Definitely, setting up a DoS Protection Profile will help ensure that the server can handle legitimate traffic while blocking malicious requests.

upvoted 0 times

...

Tamra

16 days ago

It's important to have a defined session count to limit the number of connections to the server and prevent overload.

upvoted 0 times

...

Arletta

22 days ago

I agree, option D seems like the most effective way to prevent resource exhaustion from DDoS attacks.

upvoted 0 times

...