Palo Alto Networks Network Security Generalist — Question 17

A firewall administrator wants to segment the network traffic and prevent noncritical assets from being able to access critical assets on the network.
Which action should the administrator take to ensure the critical assets are in a separate zone from the noncritical assets?

Answer options

• A. Create a deny Security policy with "any" set for both the source and destination zones.
• B. Create an allow Security policy with "any" set for both the source and destination zones.
• C. Logically separate physical and virtual interfaces to control the traffic that passes across the interface.
• D. Assign a single interface to multiple security zones.

Correct answer: C

Explanation

The correct answer is C because logically separating physical and virtual interfaces allows for better traffic control between different asset types. Option A would block all traffic, which is not the intended goal, while B would allow all traffic, failing to provide the necessary segmentation. Option D does not effectively isolate critical assets as it merges multiple zones into one interface.