ExamTopics Logo
Mail Us[email protected]
Menu
Palo-Alto-Networks Discussions
exam questions

Exam PCNSE All Questions

View all questions & answers for the PCNSE exam
Go to Exam

Exam PCNSE topic 1 question 534 discussion

Actual exam question from Palo Alto Networks's PCNSE
Question #: 534
Topic #: 1
[All PCNSE Questions]

A company has recently migrated their branch office’s PA-220s to a centralized Panorama. This Panorama manages a number of PA-7000 Series and PA-5200 Series devices. All device group and template configuration is managed solely within Panorama.

They notice that commit times have drastically increased for the PA-220s after the migration.

What can they do to reduce commit times?

  • A. Disable “Share Unused Address and Service Objects with Devices” in Panorama Settings.
  • B. Perform a device group push using the “merge with device candidate config” option.
  • C. Update the apps and threat version using device-deployment.
  • D. Use “export or push device config bundle” to ensure that the firewall is integrated with the Panorama config.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by [deleted] at June 10, 2023, 6:58 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Marshpillowz
1 year, 5 months ago
Selected Answer: A
A is correct
upvoted 1 times
...
Andromeda1800
1 year, 7 months ago
Selected Answer: A
A is valid.
upvoted 1 times
...
joquin0020
1 year, 8 months ago
Selected Answer: A
THATS the correct answer for me
upvoted 1 times
...
Betty2022
2 years ago
Selected Answer: A
A: because the question is for the firewall commit response time, not Pano For Panorama Disabling Share Unused Address and Service Objects with Devices might increase the commit time on Panorama because Panorama has to dynamically check whether policy rules reference all the particular objects. For PA-220 On lower-end models, such as the PA-220, consider pushing only the relevant shared objects to the managed firewalls. This is because the number of objects that can be stored on the lower-end models is considerably lower than that of the mid- to high-end models. >https://docs.paloaltonetworks.com/panorama/9-1/panorama-admin/manage-firewalls/manage-device-groups/manage-unused-shared-objects
upvoted 2 times
nebulanerd
1 year, 1 month ago
Perfect! Right on!
upvoted 1 times
...
...
Frightened_Acrobat
2 years ago
Selected Answer: A
I see other's saying it may make the Panorama commit take longer. Remember, on a Commit and Push, the candidate config is being pushed to both the Panorama and the Firewall(s). The question indicates the PA220 commit is taking longer. On the Panorama Administrator's guide, it says the Panorama commit can take longer when clearing "Share Unused Address and Service Objects with Devices." However, right before that it says, "if you have many address and service objects that are unused, clearing Share Unused Address and Service Objects with Devices reduces the commit times significantly on the firewalls because the configuration pushed to each firewall is smaller."
upvoted 2 times
...
mlj23
2 years, 1 month ago
I don't see a correct answer at all. A would be correct if you said to enable that option, so I'm going with this question was input incorrectly.
upvoted 1 times
...
Knowledge33
2 years, 1 month ago
Selected Answer: A
https://docs.paloaltonetworks.com/panorama/9-1/panorama-admin/manage-firewalls/manage-device-groups/manage-unused-shared-objects
upvoted 1 times
...
[Removed]
2 years, 1 month ago
Selected Answer: A
I think A is correct. https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm1CCAS
upvoted 4 times
blahblah1234567890000
2 years, 1 month ago
Your own link says this increases the commit time: Disabling Share Unused Address and Service Objects with Devices might increase the commit time on Panorama because Panorama has to dynamically check whether policy rules reference all the particular objects.
upvoted 1 times
PaloSteve
2 years ago
On lower-end models, such as the PA-220, consider pushing only the relevant shared objects to the managed firewalls. This is because the number of objects that can be stored on the lower-end models is considerably lower than that of the mid- to high-end models. Also, if you have many address and service objects that are unused, clearing Share Unused Address and Service Objects with Devices REDUCES the commit times significantly ON THE FIREWALLS because the configuration pushed to each firewall is smaller. However, disabling this option might INCREASE the commit time ON PANORAMA because Panorama has to dynamically check whether policy rules reference a particular object. Since the question is based around the 220's being too slow, the Answer is A.
upvoted 2 times
...
...
...
[Removed]
2 years, 1 month ago
I think A is correct. https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm1CCAS
upvoted 1 times
blahblah1234567890000
2 years, 1 month ago
Your own link says this increases the commit time: Disabling Share Unused Address and Service Objects with Devices might increase the commit time on Panorama because Panorama has to dynamically check whether policy rules reference all the particular objects.
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel