Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd Logo
Upload

Welcome to Scribd!

  • 26 views

    Palo Alto Networks Certified Network Security Administrator (PCNSA) Blueprint

    Uploaded by

    lokiller

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    Palo Alto Networks Certified Network Security Administrator (PCNSA) Blueprint

    Uploaded by

    lokiller
    26 views5 pages

    Original Title

    pcnsa-blueprint

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    26 views5 pages

    Palo Alto Networks Certified Network Security Administrator (PCNSA) Blueprint

    Uploaded by

    lokiller

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    You are on page 1of 5

    Palo Alto Networks Certified

    Network Security Administrator (PCNSA)


    Blueprint

    Domain Weight (%)


    Palo Alto Networks Strata Core Components 17%
    Device Management and Services 18%
    Managing Objects 14%
    Policy Evaluation and Management 26%
    Securing Traffic 25%

    Domain 1 Palo Alto Networks Strata Core Components 17%

    Task 1.1 Understand the components of the Palo Alto Networks Strata
    Portfolio
    1.1.1 Understand how to configure APP-ID.
    1.1.2 Understand the purpose and usage of Content-ID.
    1.1.3 Understand the purpose and usage of User-ID.
    1.1.4 Understand the purpose and usage of captive portal.
    1.1.5 Understand the purpose and usage of Device-ID.
    1.1.6 Understand security processes.
    1.1.7 Understand form factors of the NGFW.
    1.1.8 Understand the management implications of the form factors of the
    NGFW.
    1.1.9 Understand use of Authentication Policy.
    1.1.10 Understand uses for Prisma Access.
    1.1.11 Understand uses for Panorama.
    1.1.12 Understand the uses for CN-Series and VM-Series.
    1.1.13 Understand GlobalProtect.

    Task 1.2 Identify the order of operations of Single-Pass Parallel Processing


    architecture.
    1.2.1 Describe signature processing engine.
    1.2.2 Describe the security processing engine.
    1.2.3 Describe network processing engine.
    1.2.4 Understand the impact of traffic flow.
    Domain 2 Device Management and Services 18%

    Task 2.1 Identify and use firewall management interfaces


    2.1.1 Understand the use of management user interfaces.
    2.1.2 Understand the methods of access.
    2.1.3 Understand the access restrictions.
    2.1.4 Understand identity management traffic flow.

    Task 2.2 Provisioning local administrators and assigning role-based


    authentication
    2.2.1 Assign role-based access control to administrators.
    2.2.2 Assign authentication for administrators.
    2.2.3 Assign the authentication sequence for administrators.

    Task 2.3 Define firewall configurations


    2.3.1 Manage running configuration.
    2.3.2 Manage candidate configuration.
    2.3.3 Understand when to use load, save, import and export.

    Task 2.4 Understand how to push policy updates to Panorama managed


    FWs
    2.4.1 Understand device groups and hierarchy.
    2.4.2 Understand where to place policies.
    2.4.3 Understand implications of Panorama management.
    2.4.4 Understand how to backup Panorama configurations and NGFW
    from Panorama.

    Task 2.5 Identify the types of dynamic updates and their purpose
    2.5.1 Understand the impact of dynamic updates to existing security
    policies.

    Task 2.6 Identify what a security zone is and how to use it


    2.6.1 Identify zone types.
    2.6.2 Identify which zones to apply for security policies.

    Task 2.7 Identify and configure firewall interfaces


    2.7.1 Identify and understand the different types of interfaces.
    2.7.2 Identify how interface types affect security policies.
    2.7.3 Identify how interface types affect security policies.

    © 2021 Palo Alto Networks PCNSA: Palo Alto Networks Certified Network Security
    Administrator Blueprint, Confidential and Proprietary, V2. June 2021 2
    Task 2.8 Configure a virtual router
    2.8.1 Identify steps to create a static route.
    2.8.2 Understand how to use the routing table.
    2.8.3 Identify steps to configure a virtual router.
    2.8.4 Identify what interface types can be added to a virtual router.
    2.8.5 Understand how to configure route monitoring.

    Domain 3 Managing Objects 14%

    Task 3.1 Identify how to create address objects


    3.1.1 Apply address objects to policy.
    3.1.2 Create address groups.
    3.1.3 Identify how to tag objects.
    3.1.4 Differentiate between the address objects.

    Task 3.2 Identify how to create services.


    3.2.1 Apply services to policy.
    3.2.2 Create service groups.

    Task 3.3 Identify how to use pre-defined Palo Alto Networks external
    dynamic lists
    3.3.1 Identify how to implement an exception to a predefined EDL.
    3.3.2 Identify how to apply in security policy.

    Task 3.4 Configure application filters and application groups


    3.4.1 Differentiate between application filters and groups and when to
    use them.
    3.4.2 Include an application filter in policy.
    3.4.3 Include an application group in policy.
    3.4.4 Identify the purpose of application characteristics as defined in the
    App-ID database.

    Domain 4 Policy Evaluation and Management 26%

    Task 4.1 Identify the appropriate application-based security policy


    4.1.1 Identify an appropriate APP-ID rule.
    4.1.2 Understand rule shadowing.
    4.1.3 Group rules by tag.
    4.1.4 Identify the potential impact of App-ID updates to existing security
    policy rules.

    © 2021 Palo Alto Networks PCNSA: Palo Alto Networks Certified Network Security
    Administrator Blueprint, Confidential and Proprietary, V2. June 2021 3
    Task 4.2 Identify the purpose of specific security rule types
    4.2.1 Identify when to use interzone rules.
    4.2.2 Identify when to use intrazone rules.
    4.2.3 Identify when to use universal rules.

    Task 4.3 Identify and configure Security policy match conditions, actions,
    and logging options
    4.3.1 Identify and configure Security policy match conditions, and actions.
    4.3.2 Understand how to use Application Filters and Groups.
    4.3.3 Understand how to use logging options.

    Task 4.4 Identify and implement proper NAT policies


    4.4.1 Implement a destination NAT.
    4.4.2 Implement a source NAT.
    4.4.3 Differentiate various NAT options.
    4.4.4 Create a NAT in the proper order based on pre-existing NATs.

    Task 4.5 Identify the tools available to optimize Security policies


    4.5.1 Identify the policy test match tool.
    4.5.2 Identify the policy optimizer.
    4.5.3 Identify Expedition.

    Domain 5 Securing Traffic 25%

    Task 5.1 Identify and apply the appropriate Security Profile


    5.1.1 Differentiate between different types of security profiles.
    5.1.2 Identify how to create and modify a Security Profile.
    5.1.3 Identify how to add a Security Profile to policy.
    5.1.4 Identify how to create a profile group.
    5.1.5 Identify how to add a security profile group to policy.

    Task 5.2 Identify the difference between Security policy actions and
    Security Profile actions
    5.2.1 Differentiate between traffic logs, threat logs and data logs.
    5.2.2 Differentiate between security profile actions.

    Task 5.3 Identify how the firewall can use the cloud DNS Security to
    control traffic based on domains
    5.3.1 Identify where to configure DNS security.
    5.3.2 Identify how to apply DNS security in policy.

    © 2021 Palo Alto Networks PCNSA: Palo Alto Networks Certified Network Security
    Administrator Blueprint, Confidential and Proprietary, V2. June 2021 4
    Task 5.4 Identify how the firewall can use the PAN-DB database to control
    traffic based on websites
    5.4.1 Identify how to apply a URL profile in a security policy.
    5.4.2 Identify how to create a URL filtering profile.

    Task 5.5 Identify how to control access to specific URLs using custom URL
    filtering categories
    5.5.1 Identify why a URL was blocked.
    5.5.2 Identify how to allow a blocked URL.
    5.5.3 Identify how to request a URL recategorization.

    Task 5.6 Differentiate between group mapping and IP to user mapping


    within policies and logs
    5.6.1 Identify how to control access to specific locations.
    5.6.2 Identify how to apply to specific policies.
    5.6.3 Identify users within the ACC and the monitor tab.

    © 2021 Palo Alto Networks PCNSA: Palo Alto Networks Certified Network Security
    Administrator Blueprint, Confidential and Proprietary, V2. June 2021 5

    You might also like