Table of Contents
Question
What is the behavior of Defenders when the Console is unreachable during upgrades?
A. Defenders continue to alert, but not enforce, using the policies and settings most recently cached before upgrading the Console.
B. Defenders will fail closed until the web-socket can be re-established.
C. Defenders will fail open until the web-socket can be re-established.
D. Defenders continue to alert and enforce using the policies and settings most recently cached before upgrading the Console.
Answer
D. Defenders continue to alert and enforce using the policies and settings most recently cached before upgrading the Console.
Explanation
The behavior of Defenders when the Console is unreachable during upgrades is:
D. Defenders continue to alert and enforce using the policies and settings most recently cached before upgrading the Console.
Explanation:
In a Palo Alto Networks Prisma Cloud environment, the Defenders are the agents installed on hosts or virtual machines that provide security functionality and collect data for analysis by the Console. The Console is the centralized management and control plane for Prisma Cloud.
During upgrades or if the Console becomes unreachable for any reason, the Defenders will continue to operate based on the policies and settings that were most recently cached before the Console upgrade or unavailability. This means that the Defenders will continue to alert and enforce security measures based on the last known policies and configurations stored in their local cache.
Defenders are designed to operate autonomously, even when the Console is temporarily unavailable. They will continue to monitor and enforce security policies based on the cached information until the connection to the Console is re-established.
Option A is incorrect because Defenders do not stop enforcing policies when the Console is unreachable. They will continue to enforce policies using the most recently cached information.
Option B is incorrect because Defenders do not fail closed until the web-socket is re-established. The term “fail closed” typically refers to a security mechanism that blocks all access when a critical component fails. In this case, the Defenders continue to operate and enforce policies even if the connection to the Console is lost temporarily.
Option C is incorrect because Defenders do not fail open until the web-socket is re-established. “Fail open” generally refers to a security mechanism that allows unrestricted access when a critical component fails. In this scenario, the Defenders do not stop enforcing policies and do not operate in an unrestricted manner when the connection to the Console is lost.
Therefore, the correct behavior of Defenders when the Console is unreachable during upgrades is that they continue to alert and enforce using the policies and settings most recently cached before upgrading the Console, as stated in option D.
Reference
- Deploy Prisma Cloud Defenders (paloaltonetworks.com)
- Prisma Cloud Compute: Cannot connect to Console address – Knowledge Base – Palo Alto Networks
- Defender unable to connect to the Prisma Cloud Console with the Error “Connection failed due to hostname conflict” (paloaltonetworks.com)
Palo Alto Networks Prisma Certified Cloud Security Engineer PCCSE certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Palo Alto Networks Prisma Certified Cloud Security Engineer PCCSE exam and earn Palo Alto Networks Prisma Certified Cloud Security Engineer PCCSE certification.