nerdexam
ExamsNGFW-ENGINEERQuestions#100
Palo_Alto_NetworksPalo_Alto_Networks

NGFW-ENGINEER · Question #100

NGFW-ENGINEER Question #100: Real Exam Question with Answer & Explanation

The correct answer is A: External. External zones are specifically designed for inter-VSYS communication on the same firewall, acting as logical source and destination zones that represent another VSYS without requiring traffic to leave the device.

Virtual Systems Management

Question

A network security engineer needs to permit traffic between two distinct VSYS that reside on one Palo Alto Networks firewall. This traffic will not egress the firewall to an external device. Which zone type must be configured to act as the logical source and destination for this traffic flow?

Options

  • AExternal
  • BTAP
  • CLayer 3
  • DLayer 2

Explanation

External zones are specifically designed for inter-VSYS communication on the same firewall, acting as logical source and destination zones that represent another VSYS without requiring traffic to leave the device.

Topics

#Virtual Systems (VSYS)#Inter-VSYS Routing#Security Zones#Network Segmentation

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full NGFW-ENGINEER PracticeBrowse All NGFW-ENGINEER Questions