Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 480

Why are external zones required to be configured on a Palo Alto Networks NGFW in an environment with multiple virtual systems?

Answer options

• A. To allow traffic between zones in different virtual systems while the traffic is leaving the appliance
• B. External zones are required because the same external zone can be used on different virtual systems
• C. To allow traffic between zones in different virtual systems without the traffic leaving the appliance
• D. Multiple external zones are required in each virtual system to allow the communications between virtual systems

Correct answer: C

Explanation

The correct answer is C because external zones allow traffic to flow between different virtual systems without having to route that traffic externally. Option A is incorrect as it suggests traffic leaves the appliance, which contradicts the purpose of external zones. Options B and D misrepresent the functionality of external zones, focusing on their use and necessity across virtual systems rather than their role in internal traffic management.