Palo Alto Networks PCNSC Exam Practice Test Instant Access

Question 1

Your customer believes that the Panorama appliance is being overwhelmed by the logs from deployed Palo Alto Networks Next-Generation Firewalls. What CLl command can you run to determine the number of logs per second sent by each firewall?

Adebug log-sender statistics

Blogging status

Cshow log traffic

Ddebug log-receiver statistics

Answer : D

To determine the number of logs per second sent by each firewall to a Panorama appliance, the appropriate CLI command to use is:

D . debug log-receiver statistics

This command provides detailed statistics about the logs being received by the Panorama, including the rate at which logs are being sent by each connected firewall. This information can help identify whether the Panorama is being overwhelmed by the volume of logs and which firewalls are contributing the most to the log traffic.

Palo Alto Networks - CLI Commands for Troubleshooting Panorama: https://docs.paloaltonetworks.com

Palo Alto Networks - Managing Logs and Log Forwarding: https://knowledgebase.paloaltonetworks.com

Question 2

Which command would you use to view the current sessions on a Palo Alto firewall?

Ashow session all

Bshow session info

Cshow session list

Dshow session current

Answer : B

Question 3

Which interface deployments support the Aggregate Ethernet Active configuration? (Choose three.)

ALACP in TAP

BLACP in Layer 3

CLACP in Layer 2

DLACP in Virtual Wire

ELLDP in Layer 3

Answer : B, C, D

The interface deployments that support the Aggregate Ethernet (AE) Active configuration are:

B . LACP in Layer 3: Link Aggregation Control Protocol (LACP) can be used in Layer 3 interfaces to bundle multiple physical interfaces into a single logical interface for redundancy and increased bandwidth.

C . LACP in Layer 2: LACP can be used in Layer 2 interfaces to aggregate multiple Ethernet interfaces, enhancing throughput and providing failover capabilities within a Layer 2 network.

D . LACP in Virtual Wire: LACP can also be configured in Virtual Wire mode, which allows the firewall to aggregate interfaces while operating in a transparent mode, bridging traffic between interfaces without routing.

These configurations leverage LACP to improve network performance and reliability by combining multiple physical links into a single logical link.

Palo Alto Networks - Aggregate Interfaces: https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/networking/aggregate-ethernet/aggregate-ethernet-overview

Palo Alto Networks - LACP and LLDP Support: https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/networking/aggregate-ethernet/lacp-and-lldp-support

Question 4

Which log type would you consult to diagnose why a specific URL is being blocked?

AThreat log

BURL Filtering log

CTraffic log

DData Filtering log

Answer : B

Question 5

What is the default port used by the Terminal Services agent to communicate with a firewall?

A5007

B5009

C443

D636

Answer : A

The default port used by the Terminal Services agent to communicate with a Palo Alto Networks firewall is 5007. The Terminal Services agent (TS agent) integrates with Microsoft Terminal Services to associate user information with sessions, enabling User-ID to accurately map user identities to security policies. Reference: Palo Alto Networks Terminal Services Agent Documentation.

Question 6

What command can you use to check the status of GlobalProtect clients connected to the firewall?

Ashow globalprotect status

Bshow globalprotect gateway

Cshow globalprotect current-user

Dshow globalprotect statistics

Answer : B

Question 7

When creating a custom application signature, which field allows you to specify the layer 7 protocol details to match?

AApplication ID

BSignature ID

CPattern Match

DProtocol Decoder

Answer : C

Palo Alto Networks PCNSC Palo Alto Networks Certified Network Security Consultant Exam Practice Test