PCNSA Question #344: Real Exam Question with Answer & Explanation

The correct answer is D: Random Early Drop. In PAN-OS DoS Protection profiles, the default action for SYN Flood protection is Random Early Drop (RED). RED probabilistically drops new SYN packets once traffic exceeds the configured activate-rate threshold, degrading the flood gracefully rather than hard-blocking all new con

Submitted by minji_kr· Apr 18, 2026Configure

Question

What is the default action for the SYN Flood option within the DoS Protection profile?

Options

AReset-client
BAlert
CSinkhole
DRandom Early Drop

Explanation

In PAN-OS DoS Protection profiles, the default action for SYN Flood protection is Random Early Drop (RED). RED probabilistically drops new SYN packets once traffic exceeds the configured activate-rate threshold, degrading the flood gracefully rather than hard-blocking all new connections. This approach preserves some legitimate connectivity during a flood. SYN cookies (not listed) is the other available action. Alert only generates a log entry without dropping traffic. Reset-client is a Security policy action, not a DoS flood mitigation action. Sinkhole is used in DNS Anti-Spyware, not DoS protection.

Topics

#DoS Protection#SYN Flood#Security Profiles#Default Configuration

Community Discussion

No community discussion yet for this question.

Full PCNSA Practice Browse All PCNSA Questions