PCNSE · Question #140
PCNSE Question #140: Real Exam Question with Answer & Explanation
The correct answer is C: They mitigate against attacks by providing resource protection by limiting the number of sessions. DoS Protection Profiles and Policies mitigate attacks in two primary ways: (C) Resource protection by limiting the number of concurrent sessions-both aggregate and per-source/destination session limits are enforced to prevent a single source or flood from exhausting firewall sess
Question
Which two statements accurately describe how DoS Protection Profiles and Policies mitigate attacks? (Choose two.)
Options
- AThey mitigate against volumetric attacks by leveraging known vulnerabilities, brute force methods,
- BThey mitigate against attacks on a zone basis by providing reconnaissance protection against
- CThey mitigate against attacks by providing resource protection by limiting the number of sessions
- DThey mitigate against attacks by utilizing "random early drop".
Explanation
DoS Protection Profiles and Policies mitigate attacks in two primary ways: (C) Resource protection by limiting the number of concurrent sessions-both aggregate and per-source/destination session limits are enforced to prevent a single source or flood from exhausting firewall session table resources; and (D) Random Early Drop (RED)-when session rates approach configured thresholds, the firewall begins randomly dropping new connection attempts to throttle attack traffic before resources are fully exhausted. Option A is incorrect because 'leveraging known vulnerabilities' describes attacker techniques, not mitigation. Option B better describes Zone Protection Profiles, which handle reconnaissance and flood protection at the zone level rather than per-policy DoS protection.
Topics
Community Discussion
No community discussion yet for this question.