View all questions & answers for the Palo Alto Networks Network Security Analyst (NetSec-Analyst) Exam Materials exam


Palo Alto Networks Network Security Analyst (NetSec-Analyst) Exam Materials-Question 49 Discussion
Comment Image Comment Image Comment Image

There are intermittent connectivity issues between two internal zones on a PA-Series firewall. Although the Security policies appear correctly configured, traffic between the zones is experiencing unexpected drops. Which troubleshooting step will isolate the root cause of this behavior? (Choose one answer)

  • A. Use the CLI command tcpdump filter and set the source and destination zones in the filter to capture and analyze traffic flows between zones, checking for packet loss on the data plane.
  • B. Use the CLI command show system info to monitor CPU and memory usage, ensuring that resource constraints are not causing interfaces to drop packets between zones.
  • C. Use the PAN-OS GUI Troubleshooting tool to review interface status, verify zone assignments, and confirm that all links are operational.
  • D. Use the CLI command show system state filter sys.sl.* | match Error to find interface errors across all the interfaces.
Correct Answer: A

Brave-Dump Clients Votes

A 66.67%
D 33.33%

Comments



Anonymous User 2026-02-11 08:27:09

Selected Answers: A


A

Vai 2026-02-26 06:48:07

Selected Answers: A


tcp dump seems ot be the best practice. D will only give errors on interface like crc etc.

Anonymous User 2026-05-01 19:12:10

Selected Answers: D


correct answer is D

Intermittent connectivity issues that occur despite correct security policies often point to layer 1 or layer 2 physical issues (e.g., faulty cables, duplex mismatches, or CRC errors). The "show system state" command provides access to the lower-level internal counters of the device. Filtering for sys.s1.* specifically targets the Service Layer, where interface hardware statistics and error counters are maintained. Matching for "Error" allows you to quickly identify if a physical interface is incrementing error counts, which would explain the unexpected packet loss.

option A is wrong because the syntax "tcpdump filter" does NOT allow one to filter by zones, only address and ports and it's only used for management-traffic-related problems

reference -> knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CleECAS