PCNSE Question #767: Real Exam Question with Answer & Explanation

Question

Why are external zones required to be configured on a Palo Alto Networks NGFW in an environment with multiple virtual systems?

Options

• ATo allow traffic between zones in different virtual systems while the traffic is leaving the appliance
• BExternal zones are required because the same external zone can be used on different virtual
• CTo allow traffic between zones in different virtual systems without the traffic leaving the appliance
• DMultiple external zones are required in each virtual system to allow the communications between

Explanation

External zones are required in a multi-virtual system environment to enable internal traffic flow between different virtual systems within the same firewall appliance.

Common mistakes.

• A. The primary purpose of external zones is to facilitate internal routing between VSYSs; while traffic might eventually leave the appliance, the 'while the traffic is leaving the appliance' clause misrepresents their core function for inter-VSYS communication.
• B. Although external zones can represent shared networks, their requirement is driven by the need to enable communication between separate virtual systems, not merely their reusability across VSYSs.
• D. Only a single external zone is typically required per virtual system to act as a gateway for inter-VSYS routing, not multiple external zones within each virtual system.

Concept tested. External zones in multi-VSYS environments

Reference. https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/virtual-systems/configure-inter-vsys-routing/configure-external-zones-for-inter-vsys-routing.html

No community discussion yet for this question.