View all questions & answers for the Palo Alto Next-Generation Firewall Engineer Exam Materials exam


Question 66 Discussion

What are two valid zone types that can be selected from the zone configuration menu, per Palo Alto Networks best practices? (Choose two answers)

  • A. Layer 3
  • B. Layer 2
  • C. Management
  • D. DMZ
Correct Answer: A,B

Brave-Dump Clients Votes

AB 100%

Comments



Ayesha 2026-01-24 19:23:42

Selected Answers: A, B


When configuring a Security Zone (Network > Zones), you must select a "Type" from a dropdown menu. This type determines which interfaces can be assigned to that zone. The valid types correspond directly to the interface deployment modes:

Layer 3: Used for routed interfaces (with IP addresses).

Layer 2: Used for switched interfaces (VLANs).

Virtual Wire: Used for transparent "bump-in-the-wire" deployments.

Tap: Used for passive monitoring (IDS mode).

Tunnel: Used for VPNs and GlobalProtect.