Free Palo Alto Networks NGFW-Engineer Actual Exam Questions - Question 5 Discussion
Question No. 5
An administrator plans to upgrade a pair of active/passive firewalls to a new PAN-OS release. The
environment is highly sensitive, and downtime must be minimized.
What is the recommended upgrade process for minimal disruption in this high availability (HA)
scenario?
environment is highly sensitive, and downtime must be minimized.
What is the recommended upgrade process for minimal disruption in this high availability (HA)
scenario?
Select one option, then reveal solution.
US
HC
Haris C.
2026-02-09
Makes sense to go with A because it ensures one firewall is always handling traffic, so downtime is limited. Upgrading the passive first after forcing a failover feels safer than shutting the active down outright like in B, which could risk unexpected downtime. C and D seem too risky since isolating or upgrading both at once can cause bigger service gaps. So yeah, sticking with A looks like the way to keep things running smoothly during the upgrade.
0
HC
Haris C.
2026-01-27
Guessing A, as it lets you upgrade one firewall without taking down both at once.
0
UO
Usman O.
2026-01-15
A imo, since suspending the active unit triggers a clean failover, letting you upgrade one firewall at a time without downtime. The other options feel riskier or cause more disruption.
0