Palo Alto Networks PCNSC Palo Alto Networks Certified Network Security Consultant Exam Practice Test

Page: 1 / 14
Total 60 questions
Question 1

Your customer believes that the Panorama appliance is being overwhelmed by the logs from deployed Palo Alto Networks Next-Generation Firewalls. What CLl command can you run to determine the number of logs per second sent by each firewall?



Answer : D

To determine the number of logs per second sent by each firewall to a Panorama appliance, the appropriate CLI command to use is:

D . debug log-receiver statistics

This command provides detailed statistics about the logs being received by the Panorama, including the rate at which logs are being sent by each connected firewall. This information can help identify whether the Panorama is being overwhelmed by the volume of logs and which firewalls are contributing the most to the log traffic.


Palo Alto Networks - CLI Commands for Troubleshooting Panorama: https://docs.paloaltonetworks.com

Palo Alto Networks - Managing Logs and Log Forwarding: https://knowledgebase.paloaltonetworks.com

Question 2

Which command would you use to view the current sessions on a Palo Alto firewall?



Answer : B


Question 3

Which interface deployments support the Aggregate Ethernet Active configuration? (Choose three.)



Answer : B, C, D

The interface deployments that support the Aggregate Ethernet (AE) Active configuration are:

B . LACP in Layer 3: Link Aggregation Control Protocol (LACP) can be used in Layer 3 interfaces to bundle multiple physical interfaces into a single logical interface for redundancy and increased bandwidth.

C . LACP in Layer 2: LACP can be used in Layer 2 interfaces to aggregate multiple Ethernet interfaces, enhancing throughput and providing failover capabilities within a Layer 2 network.

D . LACP in Virtual Wire: LACP can also be configured in Virtual Wire mode, which allows the firewall to aggregate interfaces while operating in a transparent mode, bridging traffic between interfaces without routing.

These configurations leverage LACP to improve network performance and reliability by combining multiple physical links into a single logical link.


Palo Alto Networks - Aggregate Interfaces: https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/networking/aggregate-ethernet/aggregate-ethernet-overview

Palo Alto Networks - LACP and LLDP Support: https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/networking/aggregate-ethernet/lacp-and-lldp-support

Question 4

Which log type would you consult to diagnose why a specific URL is being blocked?



Answer : B


Question 5

What is the default port used by the Terminal Services agent to communicate with a firewall?



Answer : A

The default port used by the Terminal Services agent to communicate with a Palo Alto Networks firewall is 5007. The Terminal Services agent (TS agent) integrates with Microsoft Terminal Services to associate user information with sessions, enabling User-ID to accurately map user identities to security policies. Reference: Palo Alto Networks Terminal Services Agent Documentation.


Question 6

What command can you use to check the status of GlobalProtect clients connected to the firewall?



Answer : B


Question 7

When creating a custom application signature, which field allows you to specify the layer 7 protocol details to match?



Answer : C


Page:    1 / 14   
Total 60 questions