PCNSE Question #422: Real Exam Question with Answer & Explanation

The correct answer is B: DoS Protection profile. To mitigate packet floods targeting servers, a DoS Protection profile should be applied to the security policy, as it is specifically designed to identify and prevent various types of Denial of Service attacks.

Submitted by lars.no· Apr 18, 2026Deploy and Configure

Question

A security engineer needs to mitigate packet floods that occur on a set of servers behind the internet facing interface of the firewall. Which Security Profile should be applied to a policy to prevent these packet floods?

Options

AVulnerability Protection profile
BDoS Protection profile
CData Filtering profile
DURL Filtering profile

Explanation

To mitigate packet floods targeting servers, a DoS Protection profile should be applied to the security policy, as it is specifically designed to identify and prevent various types of Denial of Service attacks.

Common mistakes.

A. A Vulnerability Protection profile focuses on preventing exploitation of known software vulnerabilities and is not designed for mitigating high-volume packet floods.
C. A Data Filtering profile is used for preventing sensitive data exfiltration and has no functionality for protecting against packet floods.
D. A URL Filtering profile controls access to web resources based on categories or custom lists and is unrelated to mitigating packet floods.

Concept tested. Security Profiles for DoS/DDoS protection

Reference. https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/dos-and-ddos-protection/configure-dos-protection-policies

Topics

#DoS Protection#Packet Floods#Security Profiles#Threat Prevention

Community Discussion

No community discussion yet for this question.

Full PCNSE Practice Browse All PCNSE Questions