Examice

Exam PCSFE All QuestionsBrowse all questions from this exam

Question 11

A customer in a VMware ESXi environment wants to add a VM-Series firewall and partition an existing group of virtual machines (VMs) in the same subnet into two groups. One group requires no additional security, but the second group requires substantially more security.

How can this partition be accomplished without editing the IP addresses or the default gateways of any of the guest VMs?

Edit the IP address of all of the affected VMs.

Create a new virtual switch and use the VM-Series firewall to separate virtual switches using virtual wire mode. Then move the guests that require more security into the new virtual switch.

Create a Layer 3 interface in the same subnet as the VMs and then configure proxy Address Resolution Protocol (ARP).

Send the VLAN out of the virtual environment into a hardware Palo Alto Networks firewall in Layer 3 mode. Use the same IP address as the old default gateway, then delete it.

Correct Answer: B

The best way to partition the existing group of virtual machines in the same subnet into two groups, where one requires additional security measures, is to create a new virtual switch and use the VM-Series firewall to separate virtual switches using virtual wire mode. Afterward, you can move the guests that require more security into the new virtual switch. This approach avoids editing the IP addresses or default gateways of the guest VMs while providing the needed security partitioning.

Discussion

djedeenOption: B

It is B

DoobiedooOption: B

B is the best way. This is kind of what virtual switches were actually made for. Same VLAN-IDs but different broadcast domains.