Palo Alto Networks Certified Strata Field Engineer (PCSFE) — Question 70

Why are VM-Series firewalls and hardware firewalls that are external to the Kubernetes cluster problematic for protecting containerized workloads?

Answer options

• A. They are located outside the cluster and have no visibility into application-level cluster traffic.
• B. They do not scale independently of the Kubernetes cluster.
• C. They are managed by another entity when located inside the cluster.
• D. They function differently based on whether they are located inside or outside of the cluster.

Correct answer: A

Explanation

The correct answer is A because firewalls outside the Kubernetes cluster cannot monitor the traffic within the cluster, limiting their effectiveness in protecting containerized applications. Options B and C are incorrect as they do not capture the primary visibility issue, and D is misleading since the core problem is the lack of visibility, not operational differences based on location.