Palo Alto Networks Exam NetSec-Generalist Topic 3 Question 5 Discussion

Actual exam question for Palo Alto Networks's NetSec-Generalist exam

Question #: 5
Topic #: 3

A firewall administrator wants to segment the network traffic and prevent noncritical assets from being able to access critical assets on the network.

Which action should the administrator take to ensure the critical assets are in a separate zone from the noncritical assets?

ACreate a deny Security policy with 'any' set for both the source and destination zones.

BCreate an allow Security policy with 'any' set for both the source and destination zones.

CLogically separate physical and virtual interfaces to control the traffic that passes across the interface.

DAssign a single interface to multiple security zones.

Show Suggested Answer

Suggested Answer: C

by Joanne at Feb 06, 2025, 03:34 PM

Limited Time Offer

25%

Off

Get Premium NetSec-Generalist Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Danica

1 months ago

Hmm, I'm not sure I'd trust a single interface handling multiple security zones. That sounds like a recipe for disaster. Option C is the way to go, in my opinion.

upvoted 0 times

...

Hortencia

1 months ago

I'm with Leontine on this one. Option C is the clear winner. Gotta keep those critical assets in a separate zone, no exceptions!

upvoted 0 times

...

Charolette

1 months ago

Haha, 'any' for both source and destination zones? That's like letting a bull loose in a china shop! Option C is definitely the best choice here.

upvoted 0 times

Rene

11 days ago

User 2: Definitely, separating the physical and virtual interfaces is the best way to control traffic.

upvoted 0 times

...

Cathrine

23 days ago

User 1: I agree, option C is the way to go.

upvoted 0 times

...

2 months ago

I think the administrator should create a deny Security policy with 'any' set for both the source and destination zones.

upvoted 0 times

...