A great way to start the Palo Alto Networks Certified Network Security Administrator (PCNSA PAN-OS 11) preparation is to begin by properly appreciating the role that syllabus and study guide play in the Palo Alto PCNSA certification exam. This study guide is an instrument to get you on the same page with Palo Alto and understand the nature of the Palo Alto PCNSA exam.
Our team of experts has composed this Palo Alto PCNSA exam preparation guide to provide the overview about Palo Alto Network Security Administrator exam, study material, sample questions, practice exam and ways to interpret the exam objectives to help you assess your readiness for the Palo Alto PCNSA PAN-OS 11 exam by identifying prerequisite areas of knowledge. We recommend you to refer the simulation questions and practice test listed in this guide to determine what type of questions will be asked and the level of difficulty that could be tested in the Palo Alto PCNSA certification exam.
Palo Alto PCNSA Exam Overview:
|
Exam Name
|
Network Security Administrator |
| Exam Number | PCNSA PCNSA PAN-OS 11 |
| Exam Price | $155 USD |
| Duration | 80 minutes |
| Number of Questions | 60-75 |
| Passing Score | Variable (70-80 / 100 Approx.) |
| Recommended Training | Firewall Essentials: Configuration and Management (EDU-210) |
| Exam Registration | PEARSON VUE |
| Sample Questions | Palo Alto PCNSA Sample Questions |
| Practice Exam | Palo Alto Networks Certified Network Security Administrator Practice Test |
Palo Alto PCNSA Exam Topics:
| Section | Objectives |
|---|---|
Device Management and Services - 22% |
|
| Demonstrate knowledge of firewall management interfaces |
- Management interfaces - Methods of access - Access restrictions - Identity-management traffic flow - Management services - Service routes |
| Provision local administrators |
- Authentication profile - Authentication sequence |
| Assign role-based authentication | |
| Maintain firewall configurations |
- Running configuration - Candidate configuration - Discern when to use load, save, import, and export - Differentiate between configuration states - Back up Panorama configurations and firewalls from Panorama |
| Push policy updates to Panorama-managed firewalls |
- Device groups and hierarchy - Where to place policies - Implications of Panorama management - Impact of templates, template stacks, and hierarchy |
| Schedule and install dynamic updates |
- From Panorama - From the firewall - Scheduling and staggering updates on an HA pair |
| Create and apply security zones to policies |
- Identify zone types - External types - Layer 2 - Layer 3 - TAP - VWire - Tunnel |
| Identify and configure firewall interfaces |
- Different types of interfaces - How interface types affect Security policies |
| Maintain and enhance the configuration of a virtual or logical router |
- Steps to create a static route - How to use the routing table - What interface types can be added to a virtual or logical router - How to configure route monitoring |
Managing Objects - 20% |
|
| Create and maintain address and address group objects |
- How to tag objects - Differentiate between address objects - Static groups versus dynamic groups |
| Create and maintain services and service groups | |
| Create and maintain external dynamic lists | |
| Configure and maintain application filters and application groups |
- When to use filters versus groups - The purpose of application characteristics as defined in the App-ID database |
Policy Evaluation and Management - 28% |
|
| Develop the appropriate application-based Security policy |
- Create an appropriate App-ID rule - Rule shadowing - Group rules by tag - The potential impact of App-ID updates to existing Security policy rules - Policy usage statistics |
| Differentiate specific security rule types |
- Interzone - Intrazone - Universal |
| Configure Security policy match conditions, actions, and logging options |
- Application filters and groups - Logging options - App-ID - User-ID - Device-ID - Application filter in policy - Application group in policy - EDLs |
| Identify and implement proper NAT policies |
- Destination - Source |
| Optimize Security policies using appropriate tools |
- Policy test match tool - Policy Optimizer |
Securing Traffic - 30% |
|
| Compare and contrast different types of Security profiles |
- Antivirus - Anti-Spyware - Vulnerability Protection - URL Filtering - WildFire Analysis |
| Create, modify, add, and apply the appropriate Security profiles and groups |
- Antivirus - Anti-Spyware - Vulnerability Protection - URL Filtering - WildFire Analysis - Configure threat prevention policy |
| Differentiate between Security profile actions | |
| Use information available in logs |
- Traffic - Threat - Data - System logs |
| Enable DNS Security to control traffic based on domains |
- Configure DNS Security - Apply DNS Security in policy |
| Create and deploy URL-filtering-based controls |
- Apply a URL profile in a Security policy - Create a URL Filtering profile - Create a custom URL category - Control traffic based on a URL category - Why a URL was blocked - How to allow a blocked URL - How to request a URL recategorization |
| Differentiate between group mapping and IP-to-user mapping within policies and logs |
- How to control access to specific locations - How to apply to specific policies - Identify users within the ACC and the monitor tab |
Palo Alto PCNSA PAN-OS 11 Exam Description:
The PCNSA certification validates the knowledge and skills required for network security administrators responsible for operating and managing Palo Alto Networks Next Generation Firewall. PCNSA certified individuals have demonstrated knowledge of the Palo Alto Networks firewall feature set.