Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 199

An organization's administrator has the funds available to purchase more firewalls to increase the organization's security posture.
The partner SE recommends placing the firewalls as close as possible to the resources that they protect.
Is the SE's advice correct, and why or why not?

Answer options

• A. No. Firewalls provide new defense and resilience to prevent attackers at every stage of the cyberattack lifecycle, independent of placement.
• B. Yes. Firewalls are session-based, so they do not scale to millions of CPS.
• C. No. Placing firewalls in front of perimeter DDoS devices provides greater protection for sensitive devices inside the network.
• D. Yes. Zone Protection profiles can be tailored to the resources that they protect via the configuration of specific device types and operating systems.

Correct answer: B

Explanation

The correct answer is B because firewalls operate on a session basis, meaning they have limitations in handling high volumes of connections, which affects their scalability. Options A and C are incorrect as they misinterpret the function and placement of firewalls in relation to security. Option D is also wrong because while Zone Protection profiles can be tailored, it does not address the fundamental issue of session-based limitations on scalability.