Free Preparation Discussions
MENU
Palo Alto Networks Exam PSE-SWFW-Pro-24 Topic 3 Question 7 Discussion
Topic #: 3
What can a firewall use to automatically update Security policies with new IP address information for a virtual machine (VM) when it has moved from host-A to host-B because host-A is down or undergoing periodic maintenance?
When a virtual machine moves between hosts and its IP address changes (or if it's assigned a new IP from a pool), traditional static security policies become ineffective. Dynamic Address Groups solve this problem.
A . Dynamic Address Groups: These groups automatically update their membership based on criteria such as tags, VM names, or other dynamic attributes. When a VM moves and its IP address changes, the Dynamic Address Group automatically updates its membership, ensuring that security policies remain effective without manual intervention. This is the correct solution for this scenario.
B . Dynamic User Groups: These groups are based on user identity and are used for user-based policy enforcement, not for tracking IP addresses of VMs.
C . Dynamic Host Groups: This is not a standard Palo Alto Networks term.
D . Dynamic IP Groups: While the concept sounds similar, the official Palo Alto Networks terminology is 'Dynamic Address Groups.' They achieve the functionality described in the question.
Currently there are no comments in this discussion, be the first to comment!