Exam PCNSE topic 1 question 288 discussion

Answer is B ================================== The Decryption Broker feature supports two types of security chain networks: Layer 3 security chains and Transparent Bridge security chains. You can configure the firewall to direct traffic through the security chain either unidirectionally or bidirectionally1. **When it comes to bi-directional traffic flow, the Layer 3 security chain is the one you’re looking for. Let me provide more details about how it works: The firewall uses the Primary Interface dedicated to decryption forwarding to forward both inbound and outbound sessions to the first security chain device. The last security chain device forwards both inbound and outbound sessions back to the firewall2.

Answers are B, C. The bidirectional flow option is available for both security chain types. Your network topology determines whether to use unidirectional or bidirectional flows. The performance is approximately the same using either method.

nasty question. both B and C are valid

Other than B, looks like that C is correct as well based on following: "Set the Flow Direction for decrypted traffic the firewall forwards: Unidirectional or Bidirectional." https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/decryption/decryption-broker/decryption-broker-configure-with-transparent-bridge

B !! : https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/decryption/decryption-broker/security-chain-layer-3-guidelines

B and C are correct here as stated above. Also Decryption broker is now called Network packet broker https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-new-features/networking-features/network-packet-broker

Layer 3 and Transparent Bridge support Bidirectional