Palo Alto Networks Network Security Professional Questions and Answers
Question 17
Which component of NGFW is supported in active/passive design but not in active/active design?
Options:
A.
Single floating IP address
B.
Using a DHCP client
C.
Route-based redundancy
D.
Configuring ARP load-sharing on Layer 3
Answer:
A
Explanation:
Single floating IP address(also known as a floating IP or shared IP) is supported only in anactive/passiveHA pair. In active/active HA, both firewalls are forwarding traffic simultaneously and thus do not share a single floating IP.
“In active/passive HA, a single floating IP address is used for seamless failover. Active/active HA requires separate IP addresses and does not support a single floating IP.”
(Source: Active/Passive vs. Active/Active HA)
Thissimplifies failoverin active/passive deployments by using a single shared IP that moves to the active peer upon failover.
Question 18
Which two content updates can be pushed to next-generation firewalls from Panorama? (Choose two.)
Options:
A.
Advanced URL Filtering
B.
Applications and threats
C.
WildFire
D.
GlobalProtect data file
Answer:
B, C
Explanation:
Applications and threats
Panorama can push application and threat signature updates to managed firewalls, ensuring consistent application and threat visibility.
“Panorama uses dynamic updates to distribute the latest application and threat signature packs to all managed firewalls.”
(Source: Manage Content Updates in Panorama)
WildFire
Panorama also distributes WildFire signature updates to firewalls for real-time malware detection.
“WildFire updates provide the latest malware signatures to enhance detection and prevention, and can be deployed to all managed firewalls via Panorama.”
