Palo Alto Networks Network Security Engineer (PCNSE) Certificate
Exam Name : PCNSE
Format: multiple-choice questions
Delivered by: Pearson VUE
Exam Length: 90 minutes
Language: English
Do you want to guarantee your passing in the Palo Alto Networks Network Security Engineer (PCNSE) Certificate?
Do you want to guarantee your pass in Palo Alto Networks Network Security Engineer (PCNSE) Certificate without the need for training classes and studying Dumps and questions?
We HELP you PASS Palo Alto Networks Network Security Engineer (PCNSE) Certificate, without exam and training!
***Pay after you Pass***
Palo Alto Networks Network Security Engineer (PCNSE) Certificate details
The Palo Alto Networks Certied Network Security Engineer (PCNSE) certication is designed to validate the in-depth knowledge and skills required to design, deploy, operate, manage, and troubleshoot Palo Alto Networks Next-Generation Firewalls.
Exam registration: Pearson VUE
This certication is designed for individuals who want to demonstrate the in-depth knowledge and skills required to design, deploy, operate, manage, and troubleshoot Palo Alto Next-Generation Firewalls—including customers, partners, systems engineers,system integrators, and support engineers.
Blueprint
The blueprint table lists the domains covered and includes domain weighting. The percentage weights represent the portion of the exam score that is attributed to each domain. Many candidates nd the table provides focus for studies during exam preparation. Also included in the blueprint table are the more specic tasks associated with each domain. Pay particular attention to these tasks, as they
provide more targeted areas of study within the domains.
1. Core Concepts  12%
1.1 Identify how Palo Alto Networks products work together to improve PAN-OS services
1.1.1 Security components
1.1.2 Firewall components
1.1.3 Panorama components
1.1.4 PAN-OS subscriptions and the features they enable
1.1.5 Plug-in components
1.1.6 Heatmap and BPA reports
1.1.7 Articial intelligence operations (AIOps)/Telemetry
1.1.8 IPv6
1.1.9 Internet of things (IoT)
1.2 Determine and assess appropriate interface or zone types for various environments
1.2.1 Layer 2 interfaces
1.2.2 Layer 3 interfaces
1.2.3 Virtual wire (vwire) interfaces
1.2.4 Tap interfaces
1.2.5 Subinterfaces
1.2.6 Tunnel interfaces
1.2.7 Aggregate interfaces
1.2.8 Loopback interfaces
1.2.9 Decrypt mirror interfaces
1.2.10 VLAN interfaces
1.3 Identify decryption deployment strategies
1.3.1 Risks and implications of enabling decryption
1.3.2 Use cases
1.3.3 Decryption types
1.3.4 Decryption proles and certicates
1.3.5 Create decryption policy in the rewall
1.3.6 Congure SSH Proxy
1.4 Enforce User-ID
1.4.1 Methods of building user-to-IP mappings
1.4.2 Determine if User-ID agent or agentless should be used
1.4.3 Compare and contrast User-ID agents
1.4.4 Methods of User-ID redistribution
1.4.5 Methods of group mapping
1.4.6 Server prole & authentication prole
1.5 Determine how and when to use the Authentication policy
1.5.1 Purpose of, and use case for, the Authentication policy
1.5.2 Dependencies
1.5.3 Captive portal versus GlobalProtect (GP) client
1.6 Dierentiate between the fundamental functions that reside on the management plane and data plane
1.7 Dene multiple virtual systems (multi-vsys) environment
1.7.1 User-ID hub
1.7.2 Inter-vsys routing
1.7.3 Service routes
1.7.4 Administration
2. Deploy and Congure Core Components 20%
2.1 Congure management proles
2.1.1 Interface management prole
2.1.2 SSL/TLS service prole
2.2 Deploy and congure Security proles
2.2.1 Custom conguration of dierent Security proles and Security prole groups
2.2.2 Relationship between URL ltering and credential theft prevention
2.2.3 Use of username and domain name in HTTP header insertion
2.2.4 DNS Security
2.2.5 How to tune or add exceptions to a Security prole
2.2.6 Compare and contrast threat prevention and advanced threat prevention
2.2.7 Compare and contrast URL Filtering and Advanced URL Filtering
2.3 Congure zone protection, packet buer protection, and DoS protection
2.3.1 Customized values versus default settings
2.3.2 Classied versus aggregate prole types
2.3.3 Layer 3 and Layer 4 header inspection
2.4 Design the deployment conguration of a Palo Alto Networks rewall
2.4.1 Advanced high availability (HA) deployments
2.4.2 HA pair
2.4.3 Zero Touch Provisioning (ZTP)
2.4.4 Bootstrapping
2.5 Congure authorization, authentication, and device access
2.5.1 Role-based access control for authorization
2.5.2 Dierent methods used to authenticate
2.5.3 The authentication sequence
2.5.4 The device access method
2.6 Congure and manage certicates
2.6.1 Usage
2.6.2 Proles
2.6.3 Chains
2.7 Congure routing
2.7.1 Dynamic routing
2.7.2 Redistribution proles
2.7.3 Static routes
2.7.4 Path monitoring
2.7.5 Policy-based forwarding
2.7.6 Virtual router versus logical router
2.8 Congure NAT
2.8.1 NAT policy rules
2.8.2 Security rules
2.8.3 Source NAT
2.8.4 No NAT
2.8.5 Use session browser to nd NAT rule name
2.8.6 U-Turn NAT
2.8.7 Check HIT counts
