U.S. Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Palo Alto Networks PSE-Platform Exam - Topic 1 Question 59 Discussion

Which profile or policy should be applied to protect against port scans from the internet?
C) Interface management profile on the zone of the ingress interface and D) Zone protection profile on the zone of the ingress interface
A) An App-ID security policy rule to block traffic sourcing from the untrust zone
B) Security profiles to security policy rules for traffic sourcing from the untrust zone

Palo Alto Networks PSE-Platform Exam - Topic 1 Question 59 Discussion

Actual exam question for Palo Alto Networks's PSE-Platform exam
Question #: 59
Topic #: 1
[All PSE-Platform Questions]

Which profile or policy should be applied to protect against port scans from the internet?

Show Suggested Answer Hide Answer
Suggested Answer: C, D

Contribute your Thoughts:

0/2000 characters
Deangelo
7 months ago
C is more about management, not really for blocking scans.
upvoted 0 times
...
Lonna
7 months ago
Wait, can a zone protection profile really handle all port scans?
upvoted 0 times
...
Yolande
7 months ago
A seems too broad, not specific enough for port scans.
upvoted 0 times
...
Georgiann
8 months ago
I think B could work too, but not as effective as D.
upvoted 0 times
...
Vallie
8 months ago
Definitely D, zone protection is key for that!
upvoted 0 times
...
Carole
8 months ago
I’m a bit confused. Could it be the interface management profile? I remember it being mentioned, but I’m not sure how it relates to port scans.
upvoted 0 times
...
Samuel
8 months ago
I feel like we practiced a question similar to this, and the zone protection profile was the answer. It makes sense for port scans.
upvoted 0 times
...
Nina
8 months ago
I'm not entirely sure, but I remember something about App-ID policies being more about application traffic rather than just blocking scans.
upvoted 0 times
...
Alishia
8 months ago
I think we talked about using a zone protection profile for ingress interfaces in class. That seems relevant here.
upvoted 0 times
...
Bernardine
8 months ago
This is a good one. I'd say the best approach is to use an App-ID security policy rule to specifically block traffic from the untrust zone. That way you can target the port scan activity directly.
upvoted 0 times
...
Lai
9 months ago
I'm a bit confused by the options here. Is an App-ID policy the same as a security policy rule? And what's the difference between a security profile and a zone protection profile?
upvoted 0 times
...
Glennis
9 months ago
Okay, I think I've got this. The key is to look at the traffic source and destination zones. A zone protection profile on the untrust zone should do the trick.
upvoted 0 times
...
Aja
9 months ago
Hmm, I'm not too familiar with the Palo Alto security profiles and policies. I'll have to review my notes on that.
upvoted 0 times
...
Peggy
9 months ago
This looks like a tricky security question. I'll need to think through the different options carefully.
upvoted 0 times
...
Raina
9 months ago
This looks like a pretty straightforward question. I'll carefully read through the options and think about which one is the exception.
upvoted 0 times
...
Odette
9 months ago
Okay, let me visualize the network topology and the LSP paths. I think I know the answer, but I want to double-check my understanding.
upvoted 0 times
...
Gerald
1 year ago
D) Zone protection profile? Is that like a superhero cape for my firewall? Because if it is, I want one with glitter and unicorns.
upvoted 0 times
...
Keva
1 year ago
Wait, we're supposed to protect against port scans? I thought we were supposed to run as many port scans as possible to get a high score. Guess I've been doing this all wrong.
upvoted 0 times
Krissy
12 months ago
D) Zone protection profile on the zone of the ingress interface
upvoted 0 times
...
Horace
1 year ago
C) Interface management profile on the zone of the ingress interface
upvoted 0 times
...
Denny
1 year ago
B) Security profiles to security policy rules for traffic sourcing from the untrust zone
upvoted 0 times
...
Aja
1 year ago
A) An App-ID security policy rule to block traffic sourcing from the untrust zone
upvoted 0 times
...
...
Magdalene
1 year ago
B) Security profiles to security policy rules? Now we're talking! I bet the person who wrote this question spends their weekends coding up complex firewall policies for fun.
upvoted 0 times
Gerald
1 year ago
D) Zone protection profile on the zone of the ingress interface
upvoted 0 times
...
Elfrieda
1 year ago
B) Security profiles to security policy rules for traffic sourcing from the untrust zone
upvoted 0 times
...
Victor
1 year ago
C) Interface management profile on the zone of the ingress interface
upvoted 0 times
...
Blair
1 year ago
A) An App-ID security policy rule to block traffic sourcing from the untrust zone
upvoted 0 times
...
Olive
1 year ago
B) Security profiles to security policy rules for traffic sourcing from the untrust zone
upvoted 0 times
...
Helga
1 year ago
A) An App-ID security policy rule to block traffic sourcing from the untrust zone
upvoted 0 times
...
...
Suzi
1 year ago
C) Interface management profile? Really? That's like trying to catch a speeding bullet with a butterfly net. Not the most effective solution, if you ask me.
upvoted 0 times
...
Vallie
1 year ago
A) An App-ID security policy rule? Nah, that's way too complicated. I just want something that's going to block those scans without making me think too hard.
upvoted 0 times
...
Apolonia
1 year ago
D) Zone protection profile on the zone of the ingress interface seems like the obvious choice here. I mean, who doesn't love a good zone profile to protect against those pesky port scans?
upvoted 0 times
Gary
1 year ago
D) Zone protection profile on the zone of the ingress interface
upvoted 0 times
...
Idella
1 year ago
C) Interface management profile on the zone of the ingress interface
upvoted 0 times
...
Glenn
1 year ago
B) Security profiles to security policy rules for traffic sourcing from the untrust zone
upvoted 0 times
...
Chu
1 year ago
A) An App-ID security policy rule to block traffic sourcing from the untrust zone
upvoted 0 times
...
...
Latricia
1 year ago
I'm not sure, but I think A) An App-ID security policy rule could also work to block the traffic.
upvoted 0 times
...
Cary
1 year ago
I agree with Janine, using a Zone protection profile makes sense to protect against port scans.
upvoted 0 times
...
Janine
1 year ago
I think the answer is D) Zone protection profile on the zone of the ingress interface.
upvoted 0 times
...
Gaynell
1 year ago
I'm not sure, but I think option B) Security profiles to security policy rules for traffic sourcing from the untrust zone could also work.
upvoted 0 times
...
Becky
1 year ago
I agree with Izetta, using a Zone protection profile can help protect against port scans from the internet.
upvoted 0 times
...
Izetta
1 year ago
I think option D) Zone protection profile on the zone of the ingress interface would be the best choice.
upvoted 0 times
...

Save Cancel