ExamTopics Logo
Mail Us[email protected]
Menu
Palo-Alto-Networks Discussions
exam questions

Exam PCNSE All Questions

View all questions & answers for the PCNSE exam
Go to Exam

Exam PCNSE topic 1 question 120 discussion

Actual exam question from Palo Alto Networks's PCNSE
Question #: 120
Topic #: 1
[All PCNSE Questions]

Which two settings can be configured only locally on the firewall and not pushed from a Panorama template or template stack? (Choose two.)

  • A. HA1 IP Address
  • B. Master Key
  • C. Zone Protection Profile
  • D. Network Interface Type
Show Suggested Answer Hide Answer
Suggested Answer: AB 🗳️
by ChiaPet75 at June 12, 2020, 11:38 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
ChiaPet75
Highly Voted 4 years, 4 months ago
Correct: A,B You can use Templates and Template Stacks to define a wide array of settings but you can perform the following tasks only locally on each managed firewall: Configure a device block list. Clear logs. Enable operational modes such as normal mode, multi-vsys mode, or FIPS-CC mode. Configure the IP addresses of firewalls in an HA pair. Configure a master key and diagnostics. Compare configuration files (Config Audit). Renaming a vsys on a multi-vsys firewall.
upvoted 17 times
Frightened_Acrobat
1 year, 8 months ago
'Allow Forwarding of Decrypted Content' under Device->Setup->Content-ID->Content-ID Settings also cannot be configured on a Panorama Template. Has to be configured locally on the firewall.
upvoted 1 times
...
secdaddy
2 years ago
reference URL https://docs.paloaltonetworks.com/panorama/10-2/panorama-admin/manage-firewalls/manage-templates-and-template-stacks/template-capabilities-and-exceptions
upvoted 1 times
...
Raikin
3 years, 6 months ago
It is possible to set up in Panorama, also for a secondary box via variables, but for some reason firewalls just don't take those values. Have PAN TAC case opened for it for 4 months already, PA engineering is working on it as of 04/2021. just fyi
upvoted 1 times
...
...
eeez27
Highly Voted 2 years, 2 months ago
I am pretty sure the HA IP address can be pushed from HA variables settings.
upvoted 6 times
Gngogh
2 years ago
i have configured a pair of PA where all HA conf is pushed from Pano
upvoted 5 times
...
...
Marshpillowz
Most Recent 9 months ago
Selected Answer: AB
Correct answer is A and B
upvoted 1 times
...
TAKUM1y
2 years ago
Selected Answer: AB
https://docs.paloaltonetworks.com/panorama/10-2/panorama-admin/manage-firewalls/manage-templates-and-template-stacks/template-capabilities-and-exceptions
upvoted 3 times
...
dcamps
3 years, 4 months ago
https://docs.paloaltonetworks.com/panorama/9-0/panorama-admin/manage-firewalls/manage-templates-and-template-stacks/template-capabilities-and-exceptions.html#idf414a976-3abc-42c3-a21e-63bc5b94c638
upvoted 2 times
...
yogininangpal
3 years, 5 months ago
Badly worded question as you can push master key from Panorama to firewalls but not via template or Template stack it is via PanoramaManaged DevicesSummary select the firewall and pick Deploy Master Key from task bar at the bottom, so technically the answer AB is correct as you cannot push Master Key via Template or Template stack. You cannot create HA IP and push from Panorama.
upvoted 2 times
lildevil
2 years ago
I don't see how you can't push HA1 IP's I have a template stack that has a template called active that does just this, and a second template stack called passive that does the same thing (all my HA1's are 192.168.1.1/30 and 192.168.1.2/30 respectively for active and passive)
upvoted 2 times
Gngogh
2 years ago
you can also use the same template stack on both firewalls and change HA IPs with variables
upvoted 2 times
...
...
...
yogininangpal
3 years, 5 months ago
Badly worded question as you can push master key from Panorama to firewalls but not via template or Template stack it is via PanoramaManaged DevicesSummary select the firewall and pick Deploy Master Key from task bar at the bottom, however you are not pushing this change via Template or Template stack so technically the answer is AB
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago