Exam PCNSE topic 1 question 322 discussion

I think that it is A,B,E because configuration is fully sinchronized in a A/P too.

There's a lot left there to unpack with D. It is A, B and E

It is not a good practice to handle peaks using both firewall capacities. This defeats the purpose of Full redundancy, so B can't be right.

the other explanations are good.

Hello, if you look at the palo reference for HA Sync, you see that more things can be synced with A/P (i.e FIB,MFIB, ARP Table, MAC Table) so it is clear in Active/Active deployment full sync is beside the point.... https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/high-availability/reference-ha-synchronization Here the question does not refer to firewall doing the load balancing, but the environment requires load balancing to allow the customer to send traffic through both firewalls.

Im guessing ADE, and not choosing B as Palo Alto explicitly dissuades configuring the firewalls to handle more traffic than one firewall is capable of handling. This would defeat the entire purpose of HA in the event of a failover, as the failover would result in network performance degradation from the newly created bottleneck.

Bros the A/A does not balance the traffic, you need an external load balancer to do so. So B cannot be an option. ADC sounds accurate.

Answer B is definetly wrong! The Palo Alto Firewall are not able to load balance traffic.

ABE, C is only possible on Active/Passive, and D is incorrect since the config is sync on Active/Passive too.

configuration is Synced in A/P too, answer is A B E.

https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/high-availability/ha-concepts/arp-load-sharing Firewall support ARP load sharing but not the load balancing.

ADE is correct

ABE. "Active/active mode has faster failover and can handle peak traffic flows better than active/passive mode because both firewalls are actively processing traffic." Source:https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/high-availability/ha-concepts/ha-modes

Correct answer is ABE C makes no sense D can also be done with Active-Passive HA A is a little ambiguous since A/A HA doesn't guarantee that both fw will always be working, it just says that if one fails the other is still working, but A/P just guarantees that at least one will always be working so only A/A can achieve what A) describes B. Is the textbook definition of why Active/active HA can be useful E. Is one of the reasons why A/A HA can be faster.

A,B,E are the correct options

worth noting that A/A does not load balance traffic... it can load-share "An active/active configuration does not load-balance traffic. Although you can load-share by sending traffic to the peer, no load balancing occurs. Ways to load share sessions to both firewalls include using ECMP, multiple ISPs, and load balancers."

Voted ABE (D is applicable for both a/a and a/p)