Palo Alto Networks Exam NetSec-Pro Topic 2 Question 9 Discussion

Actual exam question for Palo Alto Networks's NetSec-Pro exam

Question #: 9
Topic #: 2

A network security engineer needs to implement segmentation but is under strict compliance requirements to place security enforcement as close as possible to the private applications hosted in Azure. Which deployment style is valid and meets the requirements in this scenario?

AOn a VM-Series NGFW, configure several Layer 2 zones with Layer 2 interfaces assigned to logically segment the network.

BOn a PA-Series NGFW, configure several Layer 2 zones with Layer 2 interfaces assigned to logically segment the network.

COn a VM-Series NGFW, configure several Layer 3 zones with Layer 3 interfaces assigned to logically segment the network.

DOn a PA-Series NGFW, configure several Layer 3 zones with Layer 3 interfaces assigned to logically segment the network.

Show Suggested Answer

Suggested Answer: C

In cloud environments like Azure, the VM-Series NGFW is deployed to create Layer 3 segmentation zones closest to the application workloads.

''In Azure, deploy VM-Series firewalls in Layer 3 mode to enforce security policies closest to private applications, meeting strict compliance and segmentation requirements.''

(Source: VM-Series in Public Clouds)

Layer 3 segmentation ensures security policies are enforced at the right boundary to isolate traffic within Azure's virtual networks.

by Vallie at Aug 02, 2025, 08:21 PM

Limited Time Offer

25%

Off

Get Premium NetSec-Pro Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Erick

3 days ago

I think the answer is A.

upvoted 0 times

...