as per
https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/high-availability/ha-concepts/ha-modes
An active/active configuration does not load-balance traffic. Although you can load-share by sending traffic to the peer, no load balancing occurs.
Not only that, but it specifically states
"An active/active configuration does not load-balance traffic. Although you can load-share by sending traffic to the peer, no load balancing occurs. Ways to load share sessions to both firewalls include using ECMP, multiple ISPs, and load balancers."
https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/high-availability/ha-concepts/ha-modes
Hello,
if you look at the palo reference for HA Sync, you see that more things can be synced with A/P (i.e FIB,MFIB, ARP Table, MAC Table) so it is clear in Active/Active deployment full sync is beside the point....
https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/high-availability/reference-ha-synchronization
Here the question does not refer to firewall doing the load balancing, but the environment requires load balancing to allow the customer to send traffic through both firewalls.
Im guessing ADE, and not choosing B as Palo Alto explicitly dissuades configuring the firewalls to handle more traffic than one firewall is capable of handling. This would defeat the entire purpose of HA in the event of a failover, as the failover would result in network performance degradation from the newly created bottleneck.
https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/high-availability/ha-concepts/arp-load-sharing
Firewall support ARP load sharing but not the load balancing.
ABE.
"Active/active mode has faster failover and can handle peak traffic flows better than active/passive mode because both firewalls are actively processing traffic."
Source:https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/high-availability/ha-concepts/ha-modes
Correct answer is ABE
C makes no sense
D can also be done with Active-Passive HA
A is a little ambiguous since A/A HA doesn't guarantee that both fw will always be working, it just says that if one fails the other is still working, but A/P just guarantees that at least one will always be working so only A/A can achieve what A) describes
B. Is the textbook definition of why Active/active HA can be useful
E. Is one of the reasons why A/A HA can be faster.
This section is not available anymore. Please use the main Exam Page.PCNSE Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Alquicerm
Highly Voted 2 years, 6 months ago443Annny
4 months, 1 week agodivi1
Most Recent 2 weeks agom70855712
1 month, 4 weeks agoNullNull88
2 months, 1 week agoALCOSTA35
2 months, 1 week agom70855712
1 month, 4 weeks agocorpguy
3 months, 2 weeks agoTeachTrooper
3 months, 4 weeks ago62c930f
5 months, 1 week agoCarlosDV06
5 months, 1 week agoNSO_Blue
6 months ago123XYZT
10 months, 2 weeks agoguy276465281819372
11 months ago0d2fdfa
11 months, 1 week agoThirdLevel
11 months, 4 weeks agojoquin0020
1 year, 2 months agoevilCorpBot7494
1 year, 3 months agoMetgatz
1 year, 4 months ago