PCNSA Question #338: Real Exam Question with Answer & Explanation

The correct answer is C: Vulnerability Protection profile on allowed traffic. Vulnerability Protection profiles inspect traffic for known exploit techniques, including illegal code execution attempts such as buffer overflows and shellcode injection. It must be applied to allowed traffic because denied traffic is already blocked by the Security policy - the

Submitted by andres_qro· Apr 18, 2026Securing Traffic

Question

To protect against illegal code execution, which Security profile should be applied?

Options

AAntivirus profile on allowed traffic
BAntivirus profile on denied traffic
CVulnerability Protection profile on allowed traffic
DVulnerability Protection profile on denied traffic

Explanation

Vulnerability Protection profiles inspect traffic for known exploit techniques, including illegal code execution attempts such as buffer overflows and shellcode injection. It must be applied to allowed traffic because denied traffic is already blocked by the Security policy - there is nothing left to inspect on denied sessions. Antivirus profiles scan file transfers for known malware signatures but do not block exploit code execution attempts. Applying any profile to denied traffic is pointless since those sessions never establish.

Topics

#Vulnerability Protection#Security Profiles#Exploit prevention#Illegal code execution

Community Discussion

No community discussion yet for this question.

Full PCNSA Practice Browse All PCNSA Questions