Exam PCNSE topic 1 question 557 discussion

A, B and C

A, B, C

The best practice Anti-Spyware profile retains the default Action to reset the connection when the firewall detects a medium, high, or critical severity threat, and enables single packet capture (PCAP) for those threats. https://docs.paloaltonetworks.com/best-practices/9-1/data-center-best-practices/data-center-best-practice-security-policy/how-to-create-data-center-best-practice-security-profiles/create-the-data-center-best-practice-anti-spyware-profile

ABC How is everyone all over the place. The question is talking about Anti-Spyware not vulnerability. Answer is ABC https://docs.paloaltonetworks.com/best-practices/10-2/data-center-best-practices/data-center-best-practice-security-policy/how-to-create-data-center-best-practice-security-profiles/create-the-data-center-best-practice-anti-spyware-profile

ABC https://docs.paloaltonetworks.com/best-practices/9-1/data-center-best-practices/data-center-best-practice-security-policy/how-to-create-data-center-best-practice-security-profiles/create-the-data-center-best-practice-anti-spyware-profile

The best practice Anti-Spyware profile retains the default Action to reset the connection when the firewall detects a medium, high, or critical severity threat, and enables single packet capture (PCAP) for those threats.

BCE as per the https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-web-interface-help/objects/objects-security-profiles-vulnerability-protectionEnable extended-capture for critical, high, and medium severity events and single-packet capture for low severity events. Use the default extended-capture value of 5 packets, which provides enough information to analyze the threat in most cases. (Too much packet capture traffic may result in dropping packet captures.) Don’t enable packet capture for informational events because it’s not very useful compared to capturing information about higher severity events and creates a relatively high volume of low-value traffic.

BCE as per the https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-web-interface-help/objects/objects-security-profiles-vulnerability-protectionEnable extended-capture for critical, high, and medium severity events and single-packet capture for low severity events. Use the default extended-capture value of 5 packets, which provides enough information to analyze the threat in most cases. (Too much packet capture traffic may result in dropping packet captures.) Don’t enable packet capture for informational events because it’s not very useful compared to capturing information about higher severity events and creates a relatively high volume of low-value traffic.

I´ll go with B, C, D --> https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-web-interface-help/objects/objects-security-profiles-vulnerability-protection Enable extended-capture for critical, high, and medium severity events and single-packet capture for low severity events. Use the default extended-capture value of 5 packets, which provides enough information to analyze the threat in most cases. (Too much packet capture traffic may result in dropping packet captures.) Don’t enable packet capture for informational events because it’s not very useful compared to capturing information about higher severity events and creates a relatively high volume of low-value traffic.