CLI commands Flashcards
Question #24 Topic 1
A speed/duplex negotiation mismatch is between the Palo Alto Networks management port and the switch port to which it connects.
How would an administrator configure the interface to 1Gbps?
A. set deviceconfig interface speed-duplex 1Gbps-full-duplex
B. set deviceconfig system speed-duplex 1Gbps-duplex
C. set deviceconfig system speed-duplex 1Gbps-full-duplex
D. set deviceconfig Interface speed-duplex 1Gbps-half-duplex
C. set deviceconfig system speed-duplex 1Gbps-full-duplex
Question #507 Topic 1
An engineer receives reports from users that applications are not working and that websites are only partially loading in an asymmetric
environment. After investigating, the engineer observes the flow_tcp_non_syn_drop counter increasing in the show counters global output.
Which troubleshooting command should the engineer use to work around this issue?
A. set deviceconfig setting tcp asymmetric-path drop
B. set session tcp-reject-non-syn yes
C. set deviceconfig setting tcp asymmetric-path bypass
D. set deviceconfig setting session tcp-reject-non-syn no
D. set deviceconfig setting session tcp-reject-non-syn no
“Question #29 Topic 1
How would an administrator monitor/capture traffic on the management interface of the Palo Alto Networks NGFW?
A. Use the debug dataplane packet-diag set capture stage firewall file command.
B. Enable all four stages of traffic capture (TX, RX, DROP, Firewall).
C. Use the debug dataplane packet-diag set capture stage management file command.
D. Use the tcpdump command.
D. Use the tcpdump command.
Question #64 Topic 1
Which CLI command enables an administrator to view details about the firewall including uptime, PAN-OS®ֲ version, and serial number?
A. debug system details
B. show session info
C. show system info
D. show system details”
C. show system info
Question #97 Topic 1
Which CLI command enables an administrator to check the CPU utilization of the dataplane?
A. show running resource-monitor
B. debug data-plane dp-cpu
C. show system resources
D. debug running resources
A. show running resource-monitor
shows the CPU utilization
Resource utilization (%) during last 24 hours:
session (average):
0 0 0 0 0 0 0 0
Question #248 Topic 1
While troubleshooting an SSL Forward Proxy decryption issue, which PAN-OS CLI command would you use to check the details of the end entity
certificate that is signed by the Forward Trust Certificate or Forward Untrust Certificate?
A. show system setting ssl-decrypt certs
B. show system setting ssl-decrypt certificate
C. debug dataplane show ssl-decrypt ssl-stats
D. show system setting ssl-decrypt certificate-cache
B. show system setting ssl-decrypt certificate
!! this is NOT cached, but actually installed on the FW
Question #344 Topic 1
An engineer needs to see how many existing SSL decryption sessions are traversing a firewall.
What command should be used?
A. debug sessions | match proxy
B. debug dataplane pool statistics | match proxy
C. show dataplane pool statistics | match proxy
D. show sessions all
B. debug dataplane pool statistics | match proxy
A - not exist
B - correct https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClhdCAC
C - not exist
D - incorect - should
Vm100> debug dataplane pool statistics | match proxy
proxy_l2info 12802 0 0 0 0 0 0 0 0 118 (192)
proxy_fptcp_sess 6401 0 0 0 0 0 0 0 0 24 (32)
Question #366 Topic 1
Which CLI command is used to determine how much disk space is allocated to logs?
A. debug log-receiver show
B. show system info
C. show system logdb-quota
D. show logging-status
C. show system logdb-quota
Vm100> show system logdb-quota
Quotas:
system: 4.00%, 0.185 GB Expiration-period: 0 days
config: 4.00%, 0.185 GB Expiration-period: 0 days
……..
Disk usage:
traffic: Logs and Indexes: 448M Current Retention: 228 days
threat: Logs and Indexes: 8.1M Current Retention: 228 days
system: Logs and Indexes: 190M Current Retention: 104 days
