Exam PCNSE topic 1 question 318 discussion

https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/networking/configure-interfaces/virtual-wire-interfaces

The virtual wire supports blocking or allowing traffic based on virtual LAN (VLAN) tags, in addition to supporting security policy rules, App-ID, Content-ID, User-ID, decryption, LLDP, active/passive and active/active HA, QoS, zone protection (with some exceptions), non-IP protocol protection, DoS protection, packet buffer protection, tunnel content inspection, and NAT. https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-networking-admin/configure-interfaces/virtual-wire-interfaces

The virtual wire supports the blocking or allowing of traffic based on the virtual LAN (VLAN) tags. The virtual wire also supports Security policy rules, App-ID, Content-ID, User-ID, decryption, LLDP, active/passive and active/active high availability (HA), QoS, zone protection (with some exceptions), non-IP protocol protection, denial of service (DoS) protection, packet buffer protection, tunnel content inspection,and NAT.

CDE A is incorrect because: You wouldn’t use a virtual wire deployment for interfaces that need to support switching, VPN tunnels, or routing because they require a Layer 2 or Layer 3 address.

CDE is correct. Vwire interfaces cannot be used as IPsec termination points.

CDE are the correcto options

https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/networking/configure-interfaces/virtual-wire-interfaces

no switching or routing for Vwire

CDE are correct

I guess easiest approach for this is discard anything that needs an IP (or MAC) as Vwire interfaces do not support IP or MAC

It is CDE.

CDE. The virtual wire supports blocking or allowing traffic based on virtual LAN (VLAN) tags, in addition to supporting security policy rules, App-ID, Content-ID, User-ID, "DECRYPTION", LLDP, active/passive and active/active HA, "QOS", zone protection (with some exceptions), non-IP protocol protection, DoS protection, packet buffer protection, tunnel content inspection, and "NAT".

You wouldn’t use a virtual wire deployment for interfaces that need to support switching, VPN tunnels, or routing because they require a Layer 2 or Layer 3 address. https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-networking-admin/configure-interfaces/virtual-wire-interfaces

Options: B/D/E - The virtual wire allows the firewall to maintain a transparent presence acting as a pass-through link, while still providing security, NAT, and QoS services. - In order for routing (Layer 3) control packets to pass through a virtual wire, you must apply a security policy rule that allows the traffic to pass through. For example, apply a security policy rule that allows an application such as BGP or OSPF. https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/networking/configure-interfaces/virtual-wire-interfaces/layer-2-and-layer-3-packets-over-a-virtual-wire#id176TE0F0UDU_id176TE000DXC

CDE links from nose999, TAKUM1y and al12345 point that clearly

https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-networking-admin/configure-interfaces/virtual-wire-interfaces "The virtual wire supports blocking or allowing traffic based on virtual LAN (VLAN) tags, in addition to supporting security policy rules, App-ID, Content-ID, User-ID, decryption, LLDP, active/passive and active/active HA, QoS, zone protection (with some exceptions), non-IP protocol protection, DoS protection, packet buffer protection, tunnel content inspection, and NAT."