A company wants to install a NGFW firewall between two core switches on a VLAN trunk link. They need to assign each VLAN to its own zone and to assign untagged (native) traffic to its own zone. Which option differentiates multiple VLANs into separate zones?

QuestionsCategory: PCNSEA company wants to install a NGFW firewall between two core switches on a VLAN trunk link. They need to assign each VLAN to its own zone and to assign untagged (native) traffic to its own zone. Which option differentiates multiple VLANs into separate zones?
Admin Staff asked 3 months ago
A company wants to install a NGFW firewall between two core switches on a VLAN trunk link. They need to assign each VLAN to its own zone and to assign untagged (native) traffic to its own zone.
Which option differentiates multiple VLANs into separate zones?

A. Create V-Wire objects with two V-Wire interfaces and define a range of ג€0-4096ג€ in the ג€Tag Allowedג€ field of the V-Wire object.

B. Create V-Wire objects with two V-Wire subinterfaces and assign only a single VLAN ID to the ג€Tag Allowedג€ field of the V-Wire object. Repeat for every additional VLAN and use a VLAN ID of 0 for untagged traffic. Assign each interface/subinterface to a unique zone.

C. Create Layer 3 subinterfaces that are each assigned to a single VLAN ID and a common virtual router. The physical Layer 3 interface would handle untagged traffic. Assign each interface/subinterface to a unique zone. Do not assign any interface an IP address.

D. Create VLAN objects for each VLAN and assign VLAN interfaces matching each VLAN ID. Repeat for every additional VLAN and use a VLAN ID of 0 for untagged traffic. Assign each interface/subinterface to a unique zone.








 

Suggested Answer: B



This question is in PCNSE Palo Alto Networks Certified Network Security Engineer Exam
For getting Palo Alto Networks Certified Network Security Engineer (PCNSE) Certificate



Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by Palo Alto Networks.
Trademarks, certification & product names are used for reference only and belong to Palo Alto Networks.
The website does not contain actual questions and answers from Palo Alto Networks's Certification Exams.

Recommended

Welcome Back!

Login to your account below

Create New Account!

Fill the forms below to register

Retrieve your password

Please enter your username or email address to reset your password.