Basic Concept: Virtual systems can be assigned resource quotas so one tenant or VSYS cannot consume the entire firewall capacity. Session limits are a core resource control.
Why B is Correct: A sessions limit is correct because it directly caps state-table consumption for a VSYS and prevents one virtual system from exhausting shared firewall resources.
Why A is Wrong: CPU mentions a VSYS, zone, or routing concept, but it does not satisfy the specific external-zone, visibility, or resource-control requirement for this virtual system design.
Why C is Wrong: Memory mentions a VSYS, zone, or routing concept, but it does not satisfy the specific external-zone, visibility, or resource-control requirement for this virtual system design.
Why D is Wrong: Security profile limit mentions a VSYS, zone, or routing concept, but it does not satisfy the specific external-zone, visibility, or resource-control requirement for this virtual system design.
Submit