83%(6)5 out of 6 people found this document helpful
This preview shows page 56 - 59 out of 113 pages.
Which configuration change can resolve this issue? A. Disable ALG within the security policy that permits SIP traffic B. Create an application override policy to assign all traffic to and from SIP phones to the sip application C. Create a security policy that allows any traffic to and from SIP phones. D. Disable ALG within the SIP application Answer: D Explanation:
Get Latest & Actual PCNSE Exam's Question and Answers from Passleader. 56QUESTION 140 Which two statements accurately describe how DoS Protection Profiles and Policies mitigate attacks? (Choose two.) A. They mitigate against volumetric attacks by leveraging known vulnerabilities, brute force methods, amplification, spoofing, and other vulnerabilities. B. They mitigate against attacks on a zone basis by providing reconnaissance protection against TCP/ UDP port scans and host sweeps. C. They mitigate against attacks by providing resource protection by limiting the number of sessions that can be used. D. They mitigate against attacks by utilizing "random early drop". Answer: CD Explanation: DOS In addition to flood protection, we also offer resources protection. This type of protection enforces a quota for your hosts. It restricts the maximum number of sessions allowed for a particular source IP address, destination IP address or IP source-destination pair. ZONE PROTECTION Zone protection policies allow the use of flood protection and have the ability to protect against port scanning\sweeps and packet based attacks. A few examples are IP spoofing, fragments, overlapping segments, reject tcp-non-syn. QUESTION 141 Given these tables: SVR1 is a webserver hosted in the DMZ zone. The FQDN of is registered to an external DNS provider and resolves to 188.8.131.52 in the Untrust-L3 zone. Users in the Trust-L3 zone use the external FQDN to access SVR1. Which NAT rule will process traffic sourced from the Trust-L3 zone destined for SVR1? A. NAT2 B. NAT4 C. NAT1 D. NAT3
Get Latest & Actual PCNSE Exam's Question and Answers from Passleader. 57Answer: C Explanation: NAT 2 doesn’t make sense if the users on the trust zone are using the external fqdn to reach the SRV1 that means they are going out to internet and they must hit the untrust interface on the fw, if this is destination nat, the correct answer must be NAT1. QUESTION 142 What are the three Security Policy Rule Type classifications supported in PAN-OS 7.0? (Choose three.) A. Default B. Global C. Interzone D. Intrazone E. Universal F. ExternalZone Answer: CDE Explanation: -Interzone-Rules/ta-p/57491 QUESTION 143 What is the default behavior when a Certificate Profile is configured to use both CRL and OCSP?