Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 477

A firewall engineer is managing a Palo Alto Networks NGFW which is not in line of any DHCP traffic.

Which interface mode can the engineer use to generate Enhanced Application logs (EALs) for classifying IoT devices while receiving broadcast DHCP traffic?

Answer options

• A. Virtual wire
• B. Layer 3
• C. Layer 2
• D. Tap

Correct answer: D

Explanation

The correct answer is D, Tap, because it allows the firewall to monitor traffic without participating in the data flow, enabling it to capture broadcast DHCP traffic for log generation. Options A (Virtual wire), B (Layer 3), and C (Layer 2) involve modes that do not allow for the necessary inspection of broadcast traffic while remaining out of the DHCP traffic path.