I think that it is A,B,E because configuration is fully sinchronized in a A/P too.

Active/Active— Both firewalls in the pair are active and processing traffic and work synchronously to handle session setup and session ownership. Both firewalls individually maintain session tables and routing tables and synchronize to each other. ctive/active mode is recommended if each firewall needs its own routing instances and you require full, real-time redundancy out of both firewalls all the time. Active/active mode has faster failover and can handle peak traffic flows better than active/passive mode because both firewalls are actively processing traffic. https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/high-availability/ha-concepts/ha-modes

Correct answer is ABE C makes no sense D can also be done with Active-Passive HA A is a little ambiguous since A/A HA doesn't guarantee that both fw will always be working, it just says that if one fails the other is still working, but A/P just guarantees that at least one will always be working so only A/A can achieve what A) describes B. Is the textbook definition of why Active/active HA can be useful E. Is one of the reasons why A/A HA can be faster.

worth noting that A/A does not load balance traffic... it can load-share "An active/active configuration does not load-balance traffic. Although you can load-share by sending traffic to the peer, no load balancing occurs. Ways to load share sessions to both firewalls include using ECMP, multiple ISPs, and load balancers."

full synchronization is also available in active /passive

configuration is Synced in A/P too, answer is A B E.

Voted ABE (D is applicable for both a/a and a/p)

ABE, C is only possible on Active/Passive, and D is incorrect since the config is sync on Active/Passive too.

https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/high-availability/ha-concepts/arp-load-sharing Firewall support ARP load sharing but not the load balancing.

ADE is correct

ABE. "Active/active mode has faster failover and can handle peak traffic flows better than active/passive mode because both firewalls are actively processing traffic." Source:https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/high-availability/ha-concepts/ha-modes

A,B,E are the correct options

A,D,E Yes A:Active/active mode is recommended ..if you require full, real-time redundancy out of both firewalls all the time. Not B:An active/active configuration does not load-balance traffic. Although you can load-share by sending traffic to the peer, no load balancing occurs. Not C: active/active mode does support Layer 2 deployment, Only L3 and Vwire Yes E:Active/Active firewalls individually maintain session tables and routing tables and synchronize to each other. Leaves D, left as 3rd answer

1. configuration is fully synchronised in a A/P too. 2. C doesn't make any sense at all.

I vote ABE.

b is for active/active

https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/high-availability/ha-concepts/ha-modes A. Yes. "you require full, real-time redundancy out of both firewalls all the time." B. Yes. "you can load-share by sending traffic to the peer" and "the HA pair can be used to temporarily process more traffic than what one firewall can normally handle." C. No. "Active/active HA is supported in virtual wire and Layer 3 deployments." D. No. "Active/Passive— share the same configuration settings" This is not unique to active/active. E. Yes. "Both firewalls individually maintain session tables and routing tables" Though I don't like that B contradics "no load balancing occurs," it's still the only viable third answer here.