Palo Alto Networks (PANW) Certified Network Security Administrator (PCNSA) Practice Exam

Under what condition is an active/active High Availability (HA) deployment preferred over an active/passive setup?

• A. Lower hardware costs
• B. Potential for asymmetric routing
• C. Less traffic management
• D. Improved security

The correct answer is: Potential for asymmetric routing

An active/active High Availability (HA) deployment is often preferred over an active/passive setup when dealing with potential for asymmetric routing. In a network environment, asymmetric routing can occur when the path for outbound traffic differs from the path for inbound traffic. This can lead to complications in session management and may cause issues with stateful connections that devices like firewalls maintain. In an active/active configuration, both units actively handle traffic, distributing loads and allowing for efficient use of resources. This setup inherently supports network traffic that may flow differently on the return path, as both devices maintain session state information across the active units. This creates a more resilient and flexible network infrastructure, particularly in environments with varied traffic patterns. On the other hand, options related to lower hardware costs, less traffic management, and improved security are not typically driving factors for choosing an active/active configuration. Active/active setups often require more hardware resources to handle simultaneous traffic on two devices and can introduce complexity in managing traffic flows. Improved security may also not be an inherent feature of active/active configurations, as security depends on proper configuration and policies more than on the specific HA model used. Therefore, the preference for active/active deployments is closely aligned with the effective handling of asymmetric routing.