Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Palo Alto Networks Exam PCSFE Topic 7 Question 27 Discussion

Actual exam question for Palo Alto Networks's PCSFE exam
Question #: 27
Topic #: 7
[All PCSFE Questions]

Why are VM-Series firewalls and hardware firewalls that are external to the Kubernetes cluster problematic for protecting containerized workloads?

Show Suggested Answer Hide Answer
Suggested Answer: A

VM-Series firewalls and hardware firewalls that are external to the Kubernetes cluster are problematic for protecting containerized workloads because they are located outside the cluster and have no visibility into application-level cluster traffic. Kubernetes is a platform that provides orchestration, automation, and management of containerized applications. Kubernetes cluster traffic consists of traffic between containers within a pod, across pods, or across namespaces. VM-Series firewalls and hardware firewalls that are external to the Kubernetes cluster cannot inspect or control this traffic, as they only see the encapsulated or aggregated traffic at the network layer. This creates blind spots and security gaps for containerized workloads. VM-Series firewalls and hardware firewalls that are external to the Kubernetes cluster are not problematic for protecting containerized workloads because they do not scale independently of the Kubernetes cluster, are managed by another entity when located inside the cluster, or function differently based on whether they are located inside or outside of the cluster, as those are not valid reasons or scenarios for firewall deployment in a Kubernetes environment. Reference:Palo Alto Networks Certified Software Firewall Engineer (PCSFE), [CN-Series Concepts], [VM-Series on Kubernetes]


by Maryln at Aug 23, 2024, 06:28 PM

Limited Time Offer

25%

Off

Get Premium PCSFE Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Tori
8 months ago
D) They function differently based on whether they are located inside or outside of the cluster.
upvoted 0 times
...
Dorothy
8 months ago
C) They are managed by another entity when located inside the cluster.
upvoted 0 times
...
William
8 months ago
B) They do not scale independently of the Kubernetes cluster.
upvoted 0 times
...
Latricia
9 months ago
Ha! Trying to secure containers with external firewalls is like trying to catch a cloud with a net. Option A is the only sensible choice.
upvoted 0 times
Franchesca
7 months ago
Tasia: It's like trying to catch a cloud with a net!
upvoted 0 times
...
Tasia
7 months ago
That's right, they have no visibility into the application-level traffic.
upvoted 0 times
...
Brittni
8 months ago
I agree, external firewalls can't see inside the cluster.
upvoted 0 times
...
...
Lashawn
9 months ago
A) They are located outside the cluster and have no visibility into application-level cluster traffic.
upvoted 0 times
...
Pamela
9 months ago
D is also an interesting choice. The location of the firewall can definitely impact its functionality. But I think A is the most relevant answer here.
upvoted 0 times
...
Julene
9 months ago
I agree with Carman. These external firewalls are blind to the internal cluster traffic, rendering them useless for securing containers. Option A is the way to go.
upvoted 0 times
Pauline
8 months ago
Definitely, it's important to have security measures that can monitor cluster traffic.
upvoted 0 times
...
Georgeanna
8 months ago
So, option A is the best choice for protecting containerized workloads.
upvoted 0 times
...
Louvenia
8 months ago
That's right, they have no visibility into application-level traffic.
upvoted 0 times
...
Mozell
8 months ago
I agree, external firewalls can't see inside the cluster.
upvoted 0 times
...
Erasmo
9 months ago
Yes, they are blind to the internal traffic, which is a big problem.
upvoted 0 times
...
Alana
9 months ago
I agree, external firewalls can't see inside the cluster.
upvoted 0 times
...
...
Carman
9 months ago
Option A is the correct answer. VM-Series firewalls and hardware firewalls outside the cluster can't see the traffic within the cluster, making them ineffective for protecting containerized workloads.
upvoted 0 times
Sheron
8 months ago
B) They do not scale independently of the Kubernetes cluster.
upvoted 0 times
...
Nieves
8 months ago
A) They are located outside the cluster and have no visibility into application-level cluster traffic.
upvoted 0 times
...
...

Save Cancel