PCCSE · Question #17
The Unusual protocol activity (Internal) network anomaly is generating too many alerts. An administrator has been asked to tune it to the option that will generate the least number of events without d
The correct answer is C. Set the Alert Disposition to Conservative. Prisma Cloud's network anomaly policies have an Alert Disposition setting with three options: Aggressive, Moderate, and Conservative. Setting the Alert Disposition to Conservative raises the threshold for what is considered anomalous, meaning only the most statistically significa
Question
The Unusual protocol activity (Internal) network anomaly is generating too many alerts. An administrator has been asked to tune it to the option that will generate the least number of events without disabling it entirely. Which strategy should the administrator use to achieve this goal?
Options
- AChange the Training Threshold to Low
- BDisable the policy
- CSet the Alert Disposition to Conservative
- DSet Alert Disposition to Aggressive
How the community answered
(49 responses)- A12% (6)
- B4% (2)
- C80% (39)
- D4% (2)
Explanation
Prisma Cloud's network anomaly policies have an Alert Disposition setting with three options: Aggressive, Moderate, and Conservative. Setting the Alert Disposition to Conservative raises the threshold for what is considered anomalous, meaning only the most statistically significant deviations trigger alerts. This produces the fewest alerts of any active setting. Aggressive produces the most alerts (lowest threshold), and Moderate is in between. Changing the Training Threshold to Low (A) affects the learning period sensitivity but does not reduce ongoing alert volume as effectively. Disabling the policy (B) is explicitly excluded by the requirement.
Topics
Community Discussion
No community discussion yet for this question.