Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 568

An administrator has configured a pair of firewalls using high availability in Active/Passive mode.
Path Monitoring has been enabled with a Failure Condition of "any."
A path group is configured with Failure Condition of "all" and contains a destination IP of 8.8.8.8 and 4.2.2.2 with a Ping Interval of 500ms and a Ping count of 3.
Which scenario will cause the Active firewall to fail over?

Answer options

• A. IP address 8.8.8.8 is unreachable for 1 second.
• B. IP addresses 8.8.8.8 and 4.2.2.2 are unreachable for 2 seconds.
• C. IP address 4.2.2.2 is unreachable for 2 seconds.
• D. IP addresses 8.8.8.8 and 4.2.2.2 are unreachable for 1 second.

Correct answer: B

Explanation

The correct answer is B because the path group has a Failure Condition of 'all,' meaning both IPs must be unreachable for the specified time. In this case, both 8.8.8.8 and 4.2.2.2 need to be down for 2 seconds to trigger the failover, while the other options do not meet the criteria of both IPs being down for the required duration.