Paloalto Networks Updated PCNSE Exam Questions and Answers by bogdan

In an active/active high availability (HA) firewall pair, when a firewall experiences a failure of a monitored path, it enters the “Tentative” state1. This state indicates that the firewall is synchronizing sessions and configurations from its peer due to a failure or a change in monitored objects such as a link or path. The firewall in this state is not fully functional but is working towards resuming normal operations by syncing with its peer. Therefore, the correct answer is B. Tentative.

When a local configuration override occurs on a firewall managed by Panorama, the administrator can enforce Panorama’s centralized management by pushing the template configuration with the "Force Template Values" option. This option overwrites any local changes on the firewall, ensuring that the Panorama-defined configuration (e.g., interface settings) takes precedence and prevents further overrides unless explicitly allowed.

Option A (device-group commit push) applies to policies and objects, not templates. Option C (commit force from CLI) reinforces local changes, not Panorama’s control. Option D (reload running config) is disruptive and doesn’t enforce Panorama’s template. The "Force Template Values" option is the documented method for this use case.