Palo Alto PCNSA Certification Exam Syllabus

PCNSA Syllabus, PCNSA Exam Questions PDF, Palo Alto PCNSA Dumps Free, PCNSA PDF, PCNSA Dumps, PCNSA PDF, PCNSA VCE, PCNSA Questions PDF, Palo Alto PCNSA Questions PDF, Palo Alto PCNSA VCEA great way to start the Palo Alto Networks Certified Network Security Administrator (PCNSA PAN-OS 11) preparation is to begin by properly appreciating the role that syllabus and study guide play in the Palo Alto PCNSA certification exam. This study guide is an instrument to get you on the same page with Palo Alto and understand the nature of the Palo Alto PCNSA exam.

Our team of experts has composed this Palo Alto PCNSA exam preparation guide to provide the overview about Palo Alto Network Security Administrator exam, study material, sample questions, practice exam and ways to interpret the exam objectives to help you assess your readiness for the Palo Alto PCNSA PAN-OS 11 exam by identifying prerequisite areas of knowledge. We recommend you to refer the simulation questions and practice test listed in this guide to determine what type of questions will be asked and the level of difficulty that could be tested in the Palo Alto PCNSA certification exam.

Palo Alto PCNSA Exam Overview:

Exam Name
Network Security Administrator
Exam Price $155 USD
Duration 80 minutes
Number of Questions 60-75
Passing Score Variable (70-80 / 100 Approx.)
Recommended Training Firewall Essentials: Configuration and Management (EDU-210)
Exam Registration PEARSON VUE
Sample Questions Palo Alto PCNSA Sample Questions
Practice Exam Palo Alto Networks Certified Network Security Administrator Practice Test

Palo Alto PCNSA Exam Topics:

Section Objectives

Device Management and Services - 22%

Demonstrate knowledge of firewall management interfaces - Management interfaces
- Methods of access
- Access restrictions
- Identity-management traffic flow
- Management services
- Service routes
Provision local administrators - Authentication profile
- Authentication sequence
Assign role-based authentication  
Maintain firewall configurations - Running configuration
- Candidate configuration
- Discern when to use load, save, import, and export
- Differentiate between configuration states
- Back up Panorama configurations and firewalls from Panorama
Push policy updates to Panorama-managed firewalls - Device groups and hierarchy
- Where to place policies
- Implications of Panorama management
- Impact of templates, template stacks, and hierarchy
Schedule and install dynamic updates - From Panorama
- From the firewall
- Scheduling and staggering updates on an HA pair
Create and apply security zones to policies - Identify zone types
- External types
- Layer 2
- Layer 3
- VWire
- Tunnel
Identify and configure firewall interfaces - Different types of interfaces
- How interface types affect Security policies
Maintain and enhance the configuration of a virtual or logical router - Steps to create a static route
- How to use the routing table
- What interface types can be added to a virtual or logical router
- How to configure route monitoring

Managing Objects - 20%

Create and maintain address and address group objects - How to tag objects
- Differentiate between address objects
- Static groups versus dynamic groups
Create and maintain services and service groups  
Create and maintain external dynamic lists  
Configure and maintain application filters and application groups - When to use filters versus groups
- The purpose of application characteristics as defined in the App-ID database

Policy Evaluation and Management - 28%

Develop the appropriate application-based Security policy - Create an appropriate App-ID rule
- Rule shadowing
- Group rules by tag
- The potential impact of App-ID updates to existing Security policy rules
- Policy usage statistics
Differentiate specific security rule types - Interzone
- Intrazone
- Universal
Configure Security policy match conditions, actions, and logging options - Application filters and groups
- Logging options
- App-ID
- User-ID
- Device-ID
- Application filter in policy
- Application group in policy
- EDLs
Identify and implement proper NAT policies - Destination
- Source
Optimize Security policies using appropriate tools - Policy test match tool
- Policy Optimizer

Securing Traffic - 30%

Compare and contrast different types of Security profiles - Antivirus
- Anti-Spyware
- Vulnerability Protection
- URL Filtering
- WildFire Analysis
Create, modify, add, and apply the appropriate Security profiles and groups - Antivirus
- Anti-Spyware
- Vulnerability Protection
- URL Filtering
- WildFire Analysis
- Configure threat prevention policy
Differentiate between Security profile actions  
Use information available in logs - Traffic
- Threat
- Data
- System logs
Enable DNS Security to control traffic based on domains - Configure DNS Security
- Apply DNS Security in policy
Create and deploy URL-filtering-based controls - Apply a URL profile in a Security policy
- Create a URL Filtering profile
- Create a custom URL category
- Control traffic based on a URL category
- Why a URL was blocked
- How to allow a blocked URL
- How to request a URL recategorization
Differentiate between group mapping and IP-to-user mapping within policies and logs - How to control access to specific locations
- How to apply to specific policies
- Identify users within the ACC and the monitor tab

Palo Alto PCNSA PAN-OS 11 Exam Description:

The PCNSA certification validates the knowledge and skills required for network security administrators responsible for operating and managing Palo Alto Networks Next Generation Firewall. PCNSA certified individuals have demonstrated knowledge of the Palo Alto Networks firewall feature set.

Rating: 4.8 / 5 (121 votes)