Palo Alto Certified Network Security Engineer- PCNSE- (NEW)

Description

The Palo Alto Networks Certified Network Security Engineer (PCNSE) is a formal, third-party proctored certification that indicates that those who have passed it possess the in-depth knowledge to design, install, configure, maintain, and troubleshoot most implementations based on the Palo Alto Networks platform.

This practice test is an instrument to get you on the same page with Palo Alto and understand the nature of the Palo Alto PCNSE exam.

A great way to start the Palo Alto Networks Certified Network Security Engineer (PCNSE PAN-OS 10) preparation is to begin by properly appreciating the role that syllabus and study guide play in the Palo Alto PCNSE certification exam. This study guide is an instrument to get you on the same page with Palo Alto and understand the nature of the Palo Alto PCNSE exam.

Our team of experts has composed this Palo Alto PCNSE exam preparation guide to provide the overview about Palo Alto Network Security Engineer exam, study material, sample questions, practice exam and ways to interpret the exam objectives to help you assess your readiness for the Palo Alto PCNSE PAN-OS 10 exam by identifying prerequisite areas of knowledge. We recommend you to refer the simulation questions and practice test listed in this guide to determine what type of questions will be asked and the level of difficulty that could be tested in the Palo Alto PCNSE certification exam.

Palo Alto PCNSE Exam Overview:

Exam NameNetwork Security EngineerExam NumberPCNSE PAN-OS 10Exam Price$175 USDDuration80 minutesNumber of Questions75Passing ScoreVariable (70-80 / 100 Approx.)Recommended TrainingFirewall Essentials - Configuration and Management (EDU-210)
Panorama - Managing Firewalls at Scale (EDU-220)
Firewall - Troubleshooting (330)
Firewall 10.0 - Optimizing Firewall Threat Prevention (EDU-214)Exam RegistrationPEARSON VUESample QuestionsPalo Alto PCNSE Sample QuestionsPractice ExamPalo Alto Networks Certified Network Security Engineer Practice Test

Palo Alto PCNSE Exam Topics:

SectionWeightObjectivesPlanning and Core Concepts19%- Identify and characterize the security components of the PAN-OS and how they work together

• Identify the security components.

• Identify the NGFW components.

• Identify Panorama components.

• Understand the PAN-OS subscriptions and the features they enable.

• Understand plug-in components.

- Differentiate between deployment considerations of virtual form factors.

• Understand public cloud virtual firewall deployment considerations.

• Understand hybrid cloud virtual firewall deployment considerations.

• Understand private cloud virtual firewall deployment considerations.

• Understand container firewall deployment considerations.

- Determine appropriate interface types for various environments

• Leverage Layer 2 interfaces.

• Leverage Layer 3 interfaces.

• Leverage vWire interfaces.

• Leverage Tap interfaces.

• Leverage sub-interfaces.

• Leverage tunnel interfaces.

• Leverage aggregate interfaces.

• Leverage loopback interfaces.

• Leverage decrypt mirror interfaces.

- Identify decryption deployment strategies

• Understand the risks and implications of enabling decryption.

• Identify what cannot be decrypted.

• Understand the impact to the hardware of enabling decryption.

• Identify use cases and configure SSH proxy.

• Identify uses of decryption profiles.

• Understand the impact of using SSL decryption.

- Understand how to insert the firewall within a larger security stack

• Identify the main use cases of decryption broker.

• Identify the purpose of clear text pass-through.

- Plan User-ID deployment

• Identify the methods of building user to IP mappings.

• Differentiate User-ID agents.

• Identify the methods of User-ID redistribution.

• Identify the methods for group mapping.

• Identify the use of username and domain name in HTTP header insertion.

- Identify the purpose of captive portal, MFA and the authentication policy

• Identify the purpose of and use case for MFA and the Authentication policy.

• Identify the dependencies for implementing MFA.

- Summarize the components of Palo Alto Networks SD-WAN deployments

• Identify requirements for a PAN-OS SD-WAN deployment.

• Identify requirements for a Prisma SD-WAN deployment.

• Identify whether to use Prisma SD-WAN for an SD-WAN deployment.

• Identify SD-WAN integrations.

- Differentiate between the fundamental functions of the management plane and data plane

• Identify functions that reside on the management plane.

• Identify functions that reside on the data plane.

• Scope the impact of using SSL decryption.

• Scope the impact of turning logs on for every security policy.

Deploy and Configure32%- Configure management profiles

• Configure the SSH management profile.

• Configure the SSL/TLS profile.

• Configure interface management.

- Deploy and configure security profiles

• Identify and configure the different security profiles and security profile groups.

• Identify steps needed to create a custom security profile.

• Configure exceptions to a security profile.

• Identify the relationship between URL filtering and credential theft prevention.

• Identify the impact of turning logs on for every security policy.

- Configure App-ID

• Identify how to create security rules to implement App-ID without relying on port-based rules.

• Migrate port and protocol rules.

• Identify the impact of application override to the overall functionality of the firewall.

• Create custom apps and threats.

- Configure zone protection, packet buffer protection and DoS protection

• Implement zone protection profiles.

• Implement denial-of-service protections.

• Implement packet buffer protections.

- Implement the firewall to meet business requirements that leverage the Palo Alto Networks product portfolio

• Plan a NGFW deployment.

• Implement a single firewall.

• Implement an active passive High Availability pair.

• Understand the considerations of advanced HA deployments.

• Implement zero touch provisioning.

• Configure bootstrapping.

- Configure authorization, authentication and device administration

• Configure RBAC for authorization.

• Understand the different methods to authenticate.

• Implement the authentication sequence.

• Understand the device administration method.

- Configure and manage certificates

• Identify which certificates to use.

• Configure certificates.

• Manage certificates.

- Configure routing

• Configure dynamic routing.

• Configure redistribution profiles.

• Configure static routes.

• Configure route monitoring.

• Configure and understand policy-based forwarding and how it affects routing and FW security.

- Configure Prisma Access

• Configure service setup.

• Configure service connections.

• Configure mobile users.

• Configure remote networks.

• Understand the implications of regions, locations, and terms when configuring.

- Configure GlobalProtect

• Understand the components of a portal.

• Configure gateway.

• Install agent.

• Differentiate between logon methods.

• Configure clientless VPN.

• Understand GlobalProtect licensing.

- Configure NAT

• Configure features of NAT policy rules.

• Configure security rules.

• Configure sourcenet.

- Configure decryption

• Configure inbound decryption.

• Configure SSL forward proxy.

• Configure SSH proxy.

- Configure site-to-site tunnels

• Configure IPsec, GRE.

• Configure one-to-one and one-to-many tunnels.

• Determine when to use proxy IDs.

- Configure SD-WAN

• Configure PAN-OS.

• Configure Prisma SD-WAN.

• Identify how to monitor SD-WAN connection status and failovers in Panorama.

- Configure User-ID

• Understand captive portal.

• Identify the benefits of using dynamic user groups in policy rules.

• Identify the requirements to support dynamic user groups.

• Identify how internal and external gateways can be used.

• Identify the use of username and domain name in HTTP header insertion.

- Configure service routes

• Configure default routes.

• Configure custom routes.

- Configure application-based QoS

• Select/identify the app.

• Select egress interface (and turn QoS on after configuring it).

• Configure QoS policy rule.

• Configure QoS profile.

- Configure WildFire

• Configure WildFire submission.

• Configure WildFire consumption.

• Configure supported file types.

• Configure file sizes.

Deploy and Configure Firewalls Using Panorama13%- Configure templates and template stacks

• Identify how to use templates and template stacks.

• Identify how the order of templates in a stack affect the configuration push to a firewall.

• Identify the components configured in a template.

• Configure variables in templates.

• Identify the relationship between Panorama and devices as pertaining to dynamic updates versions and policy implementation and/or HA peers.

- Configure device groups

• Understand device group hierarchies.

• Identify what device groups contain.

• Differentiate between different use cases for pre-rules and post-rules.

• Identify the impact of configuring a master device.

- Manage firewall configurations within Panorama

• Identify how the Panorama commit recovery feature operates.

• Identify the configuration settings for Panorama automatic commit recovery.

• Configure commit schedules.

• Manage config backups.

• Understand various commit type options.

Manage and Operate16%- Manage and configure log forwarding

• Identify log types and criticalities.

• Manage external services.

• Create and manage tags.

• Identify system and traffic issues using the web interface and CLI tools.

- Plan and execute the process to update a Palo Alto Networks system

• Update a single firewall.

• Update HA pairs.

• Perform Panorama push.

• Schedule and manage dynamic updates.

• Schedule and manage software updates.

- Manage HA functions

• Configure link monitoring.

• Configure path monitoring.

• Identify when to use HA links.

• Tune failover.

• Configure A/A and A/P.

• Manage HA interfaces.

- Identify the benefits and differences between the Heatmap and the BPA reports

• Identify how to use the Heatmap and BPA to optimize FW configurations.

Troubleshooting20%- Troubleshoot site-to-site tunnels

• Troubleshoot IPsec, GRE.

• Troubleshoot one-to-one and one-to-many tunnels.

• Troubleshoot proxy IDs.

- Troubleshoot physical interfaces

• Troubleshoot transceivers.

• Troubleshoot settings.

- Troubleshoot SSL Decryption

• View decrypted traffic in GUI.

• View SSL decrypt info on CLI.

• Differentiate between supported and unsupported cipher suites.

• Identify certificate issues.

• Troubleshoot inbound decryption.

• Troubleshoot SSL forward proxy.

• Troubleshoot SSH proxy.

- Troubleshoot routing

• Configure dynamic routing.

• Configure redistribution profiles.

• Configure static routes.

• Configure route monitoring.

• Configure and understand policy-based forwarding and how it affects routing and FW security.

- Investigate Traffic Patterns on the NGFW or Panorama

• Interpret log files.

• Create and interpret reports.

• Create and interpret graphs.

• Identify system and traffic issues using the web interface and CLI tools.

- Troubleshoot zone protection, packet buffer protection and DoS protection

• Troubleshoot zone protection profiles.

• Troubleshoot denial-of-service protections.

• Troubleshoot packet buffer protections.

- Troubleshoot GlobalProtect

• Troubleshoot connection problems to Portal.

• Troubleshoot connection problems to Gateway.

• Troubleshoot connection problems to the provided resources.

• Troubleshoot GP client.

- Troubleshooting PAN-OS-based SD-WAN

• Troubleshoot simple SD-WAN event status.

• Troubleshoot interpreting counters.

• Troubleshoot VPN Tunnel.

• Troubleshoot App-Performance via Panorama Monitoring.

• Troubleshoot Link Performance via Panorama Monitoring.

TAKE THIS COURSE