Exam PCNSE topic 1 question 181 discussion

Panorama will not push anything from Data-Centers group. That rules out C. Panorama will push all objects from "Shared", which rules out A. Note that the target of "Shared Policy 2" is NYC-FW, so this policy won't get pushed to Dallas-FW. This rules out B. Thus, answer is D.

D is correct.

Question askes about Dallas-FW, so every answer with "Shared Policy2" is discarded since it is related to NYC-FW A is discarded because it does not have both address objects D is the correct answer

D is correct

When you push configuration changes Device Groups, by default Panorama pushes all shared objects to firewalls whether or not any shared or device group policy rules reference the objects. However, you can configure Panorama to push only the shared objects that rules reference in the device groups. The Share Unused Address and Service Objects with Devices option enables you to limit the objects that Panorama pushes to the managed firewalls. If "Share Unused Address and Service Objects with Device" is disabled/unchecked, Panorama evaluates unused objects while pushing configuration to the device. However this feature ignores the "target device" in security rules while evaluating unused objects.

When you push configuration changes Device Groups, by default Panorama pushes all shared objects to firewalls whether or not any shared or device group policy rules reference the objects. However, you can configure Panorama to push only the shared objects that rules reference in the device groups. The Share Unused Address and Service Objects with Devices option enables you to limit the objects that Panorama pushes to the managed firewalls. If "Share Unused Address and Service Objects with Device" is disabled/unchecked, Panorama evaluates unused objects while pushing configuration to the device. However this feature ignores the "target device" in security rules while evaluating unused objects.

Answer is "D" but I had to re-read the meaning of the "share unused address and service objects with devices" phrase because it is entirely COUNTER PRODUCTIVE to what it actually does. By default Panorama will share ALL objects whether or not they are used by members of the device group. Ticking the option above DISABLES that function forcing Panorama to only send objects that are used by the members of service groups. I swear a lot of PAN articles need proper grammar checks as they confuse learners. Even the aforementioned phrase should be changed to something like: "DISABLE sharing unused address and service objects with devices" See how much more clear that option now is? I think I will contact PAN customer support to factor this change. PAN tech is complicated enough, we don't need overly complicated grammar to make it even worse to understand!!!!!

D. Because everything will be shared except for the shared policy 2, because it is targeting to share only with NYC-FW.

There's no "Branch Policy1" by the way...

None of the above as the shared policy 1 has a typo in the target fw name (yes I know none of the above isn't an option)

"Shared Policy 2" has set Target Device as NYC-FW, so Dallas-FW will never get it. (so B and C are not applicable) Dallas-FW should also get both Shared Addresses 1 and 2 (So A is not applicable)

D is correct.

Definitely D

Hard to freaking read, but yes answer is really D.

A is correct..

D is correct. I agree with Micutzu. I built this out in my lab. Dallas will not recieve anything from the DataCenter Group. Only from the the shared and the Branch group. D is Correct.

C is correct. It will receive everything under the Share.