A security administrator is hardening the ingress zone of an NGFW. The goal is to prevent attacks that rely on malformed IP address packets with incorrect header lengths or invalid TCP packets that have both the SYN and FIN flags set. Within which section of a Zone Protection profile should these protections be configured? (Choose one answer)

A. Protocol Protection
B. Packet-Based Attack Protection
C. Reconnaissance Protection
D. Flood Protection

Correct Answer: B

Brave-Dump Clients Votes

B 100%

Comments

Anonymous User 2026-01-10 00:34:43

Selected Answers: B

Packet-Based Attack Protection is exactly where PAN-OS handles malformed packets and invalid protocol combinations.

This section protects against:

Invalid IP headers (incorrect header lengths)

Illegal TCP flag combinations (like SYN + FIN, which should never occur in a normal TCP handshake)