Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 239

An administrator wants to enable zone protection.
Before doing so, what must the administrator consider?

Answer options

• A. Activate a zone protection subscription.
• B. Security policy rules do not prevent lateral movement of traffic between zones.
• C. The zone protection profile will apply to all interfaces within that zone.
• D. To increase bandwidth, no more than one firewall interface should be connected to a zone.

Correct answer: C

Explanation

The correct answer is C because when a zone protection profile is applied, it affects all interfaces in that zone, ensuring comprehensive protection. Option A is incorrect as a subscription is not a prerequisite for enabling zone protection. Option B is misleading since security rules are designed to control traffic flow, and option D is incorrect as multiple interfaces can be connected to a zone for better resource utilization.