Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 494

A network security engineer needs to ensure that virtual systems can communicate with one another within a Palo Alto Networks firewall. Separate virtual routers (VRs) are created for each virtual system.

In addition to confirming security policies, which three configuration details should the engineer focus on to ensure communication between virtual systems? (Choose three.)

Answer options

• A. Add a route with next hop next-vr by using the VR configured in the virtual system.
• B. Layer 3 zones for the virtual systems that need to communicate.
• C. Add a route with next hop set to none, and use the interface of the virtual systems that need to communicate.
• D. Ensure the virtual systems are visible to one another.
• E. External zones with the virtual systems added.

Correct answer: A, D, E

Explanation

The correct answers are A, D, and E because adding a route with next hop next-vr (A) allows for proper routing between the VRs, ensuring visibility (D) is crucial for communication, and including external zones (E) allows for extended connectivity. Options B and C are not sufficient on their own to facilitate communication between virtual systems in this context.