Examice

Exam PCNSE All QuestionsBrowse all questions from this exam

Question 7

An administrator pushes a new configuration from Panorama to a pair of firewalls that are configured as an active/passive HA pair.

Which NGFW receives the configuration from Panorama?

The passive firewall, which then synchronizes to the active firewall

The active firewall, which then synchronizes to the passive firewall

Both the active and passive firewalls, which then synchronize with each other

Both the active and passive firewalls independently, with no synchronization afterward

Correct Answer: D

When a configuration is pushed from Panorama to a pair of firewalls configured as an active/passive HA (High Availability) pair, both firewalls receive the configuration independently. The process does not involve synchronization between the two firewalls for Panorama-pushed configurations. Synchronization typically applies to local changes made on the firewalls themselves.

Discussion

mohammedOption: D

I thisnk answer is D https://live.paloaltonetworks.com/t5/General-Topics/config-push-from-panorama-to-HA-PA/td-p/236297

oo7Option: D

D https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CleOCAS

MarshpillowzOption: D

D is the correct answer. https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CleOCAS

evdwOption: D

Correct Answer is D Policies and templates from Panorama must be committed to both active and passive HA devices! They are not getting synched!

myname_1Option: D

This has some info for migrating HA into Panorama: https://docs.paloaltonetworks.com/panorama/10-1/panorama-admin/manage-firewalls/transition-a-firewall-to-panorama-management/migrate-a-firewall-ha-pair-to-panorama-management Basically, Panorama configuration is not synced regardless of if the config sync box is checked. Only local configuration will be synchronized if the config sync box is checked.

r0zeOption: D

Answer: D

uNburNedOption: C

Should be C

Breyarg

no its D. although we always set up HA with sync enabled, its not a requirement for HA. so just HA without the "additional and optional" sync, will not sync.

scanossaOption: D

I set up a lab with an HA pair, both devices received the configuration in their respective template stack and then, performed a commit. Because the values are the same, no synchronization is needed.

lol12Option: D

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CleOCAS

ashmeowOption: D

Sync only happens if you commit locally and enable config sync is ticked under the HA section

melek18Option: C

In my opinion C

ThatITOption: C

The Correct answer here is C , both firewalls will receive the configuration and will need to sync what the configuration it is, may be an application , objects ,security policy . On panorama you will also see on the devices it will show they are in-sync or out of sync

king04Option: D

D is correct

theroghertOption: D

only D

SarbiOption: D

Ths answer is D

lol1000Option: D

Answer: D sk suggests that Panorama policy is pushed to both units and no sync is performed per se. This means that any local policy would need to be synced separately https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CleOCAS

guilherme_aOption: D

D is correct