For which three severity levels should single-packet captures be enabled to meet the Best Practice standard?

PCNSE V10 0 Comments

You are auditing the work of a co-worker and need to verify that they have matched the Palo Alto Networks Best Practices for Anti-Spyware Profiles.

For which three severity levels should single-packet captures be enabled to meet the Best Practice standard? (Choose three.)
A . Low
B . High
C . Critical
D . Informational
E . Medium

Answer: BCE

Explanation:

https://docs.paloaltonetworks.com/best-practices/10-2/data-center-best-practices/data-center-best-practice-security-policy/how-to-create-data-center-best-practice-security-profiles/create-the-data-center-best-practice-anti-spyware-profile

The Palo Alto Networks Best Practices for Anti-Spyware Profiles recommend enabling single-packet captures (PCAP) for medium, high, and critical severity threats. This allows for capturing the first packet of the malicious traffic for further analysis and investigation. PCAP should not be enabled for low and informational severity threats, as they generate a relatively high volume of traffic and are not particularly useful compared to potential threats2.

Reference: Create the Data Center Best Practice Anti-Spyware Profile, Security Profile: Anti-Spyware, PCNSE Study Guide (page 57)

Latest PCNSE Dumps Valid Version with 280 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download PCNSE PDF    PCNSE Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments