ExamTopics Logo
Mail Us[email protected]
Menu
Palo-Alto-Networks Discussions
exam questions

Exam PCNSE All Questions

View all questions & answers for the PCNSE exam
Go to Exam

Exam PCNSE topic 1 question 63 discussion

Actual exam question from Palo Alto Networks's PCNSE
Question #: 63
Topic #: 1
[All PCNSE Questions]

Which three options are supported in HA Lite? (Choose three.)

  • A. Virtual link
  • B. Active/passive deployment
  • C. Synchronization of IPsec security associations
  • D. Configuration synchronization
  • E. Session synchronization
Show Suggested Answer Hide Answer
Suggested Answer: BCD 🗳️
Reference:
https://www.paloaltonetworks.com/documentation/80/pan-os/web-interface-help/device/device-high-availability/ha-lite
by Silent_Sanctuary at May 26, 2020, 5:48 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Silent_Sanctuary
Highly Voted 4 years, 7 months ago
Correct Answer B C & D HA Lite is an active/passive deployment that provides configuration synchronization and some run-time data synchronization such as IPsec security associations. It does not support session synchronization (HA2), and therefore does not offer stateful failover.
upvoted 21 times
eyelasers1
2 years, 10 months ago
Note that HA Lite is not present in PAN 10: Compare 8.1 and 10 docs here: https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/high-availability/ha-concepts/ha-modes.html
upvoted 2 times
duckduckgooo
1 year, 10 months ago
New link https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClUzCAK
upvoted 1 times
...
...
...
kewokil120
Most Recent 3 weeks, 6 days ago
Selected Answer: BCD
Correct Answer B C & D HA Lite is an active/passive deployment that provides configuration synchronization and some run-time data synchronization such as IPsec security associations. It does not support session synchronization (HA2), and therefore does not offer stateful failover.
upvoted 1 times
...
Emanc21
2 months, 2 weeks ago
Selected Answer: ABD
IPSec SAs and IKE SAs (both phase 1 and phase 2) are not synchronized between HA peers. This is because IPSec Security Associations are dynamically established and include unique session keys and parameters negotiated during the IKE handshake.
upvoted 1 times
...
Marshpillowz
11 months, 4 weeks ago
Selected Answer: BCD
B, C and D correct
upvoted 1 times
...
Sarbi
2 years ago
ACD is 100 % correct answer
upvoted 1 times
DenskyDen
2 years ago
No its BCD. https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClUzCAK
upvoted 1 times
...
...
secdaddy
2 years, 3 months ago
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClUzCAK
upvoted 1 times
...
shinichi_88
2 years, 11 months ago
b c d correct
upvoted 1 times
...
aadach
3 years, 9 months ago
once again: AP AA, config and session sync I've just checked it
upvoted 1 times
...
aadach
3 years, 9 months ago
See that v10 PANOS gives: A/P, Enable Config Sync, Enable Session Synchronization
upvoted 1 times
...
mmed
3 years, 10 months ago
BCD HA-Lite offers the following capabilities: A/P High Availability without session sync Failover of IPSec Tunnels (sessions must be re-established) DHCP Lease information PPPoE lease information Configuration sync Layer 3 forwarding tables
upvoted 4 times
...
lol1000
4 years, 2 months ago
b, c, d https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClUzCAK
upvoted 2 times
...
cybermate
4 years, 7 months ago
BCD are the correct answers The PA-200 (a discontinued model) firewall supports HA Lite only. HA Lite is an active/passive deployment that provides configuration synchronization and some run-time data synchronization such as IPsec security associations. It does not support session synchronization (HA2), and therefore does not offer stateful failover.
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago