Provisioning Requirements and Best Practices HA cluster members must be the same firewall model and run the same PAN-OS® version. HA cluster members must share the same zone names in order for sessions to successfully fail over to another cluster member. https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/high-availability/ha-clustering-best-practices-and-provisioning

A&B - It should be noted that option D is not a mandatory requirement; rather, it represents a best practice for devices on platforms that have dedicated HA ports. "When connecting two Palo Alto Networks® firewalls in a high availability (HA) configuration, 'WE RECOMMEND' that you use the dedicated HA ports for HA Links and Backup Links." "For firewalls without dedicated HA interfaces, such as the PA-200 and PA-400 Series, it is required to configure a data port as a HA interface." https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/high-availability/ha-concepts/ha-links-and-backup-links/ha-ports-on-the-pa-7000-series-firewall

https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/high-availability/ha-clustering-best-practices-and-provisioning

hsci is used to sync sessions not actual traffic which is the case for the HA4 interfaces of a cluster. Panorama is recommended to sync the config but not mandatory. So A and B

A and B sure https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/high-availability/ha-clustering-best-practices-and-provisioning

AB is the answer