Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 2

How would an administrator monitor/capture traffic on the management interface of the Palo Alto Networks NGFW?

Answer options

• A. Use the debug dataplane packet-diag set capture stage firewall file command.
• B. Enable all four stages of traffic capture (TX, RX, DROP, Firewall).
• C. Use the debug dataplane packet-diag set capture stage management file command.
• D. Use the tcpdump command.

Correct answer: D

Explanation

The correct answer is D, as tcpdump is a widely used command-line packet analyzer that can capture and display the traffic on the management interface. Options A and C refer to commands related to the firewall stage and management stage captures respectively, which are not applicable for monitoring traffic on the management interface. Option B mentions enabling traffic capture across multiple stages, which does not specifically target the management interface.