top of page
Blue Skies

Palo Alto Networks Certified Network Security Engineer

Palo Alto Networks Certified Network Security Engineer


Course duration

• Instructor-led training: 5 Days


What you’ll learn in this course


PCNSE certification training course helps in understanding advanced topics in Palo Alto Networks.
Achieving the PCNSE certification certifies that an IP professional has up-to-date skills, gained
extensive knowledge in the cybersecurity area and has learnt about cyber threats. This training course
validates your skills and demonstrates your proficiency in designing, managing, operating, configuring,
troubleshooting and deploying Palo Alto Networks.

 

The PCNSE certification training includes hands-on labs on security firewall essentials: security
management concepts, deployment and configuration, management and operation of security
platforms, and troubleshooting network security issues.

 

Who should enroll


▪ Plan
▪ Deploy and Configure
▪ Operate
▪ Configuration Troubleshooting
▪ Core Concepts

 

Target audience


The PCNSE Palo Alto Networks Certified Network Security Engineer certification training is suitable for
individuals who interface with cybersecurity, such as:


▪ Sales executives
▪ System engineers
▪ Security administrators
▪ Students of cybersecurity

 

Course outline:


▪ Identify how the Palo Alto Networks products work together to detect and prevent threats
▪ Given a scenario, identify how to design an implementation of the firewall to meet business
   requirements that leverage the Palo Alto Networks product
▪ Given a scenario, identify how to design an implementation of firewalls in High Availability to
   meet business requirements that leverage the Palo Alto
▪ Identify the appropriate interface type and configuration for a specified network deployment
▪ Identify strategies for retaining logs using Distributed Log Collection
▪ Identify how to use template stacks for administering Palo Alto Networks firewalls as a scalable
   solution using Panorama
▪ Identify how to use device group hierarchy for administering Palo Alto Networks firewalls as a
   scalable solution using Panorama
▪ Identify planning considerations unique to deploying Palo Alto Networks firewalls in a public
  cloud
▪ Identify planning considerations unique to deploying Palo Alto Networks firewalls in a hybrid
  cloud
▪ Identify planning considerations unique to deploying Palo Alto Networks firewalls in a private
  cloud
▪ Identify methods for authorization, authentication, and device administration
▪ Identify the methods of certificate creation on the firewall
▪ Identify options available in the firewall to support dynamic routing
▪ Given a scenario, identify ways to mitigate resource exhaustion (because of denial-of-service) in
  application servers
▪ Identify decryption deployment strategies
▪ Identify the impact of application override to the overall functionality of the firewall
▪ Identify the methods of User-ID redistribution
▪ Identify VM-Series bootstrap components and their function
▪ Identify the benefits of using dynamic user groups in policy rules
▪ Identify the requirements to support dynamic user groups
▪ Identify the items for which you must plan when deploying SD-WAN
▪ Identify the application meanings in the Traffic log (incomplete, insufficient data, non-syn TCP,
  not applicable, unknown TCP, unknown UDP, and unknown P2P)
▪ Given a scenario, identify the set of Security Profiles that should be used
▪ Identify the relationship between URL filtering and credential theft prevention
▪ Implement and maintain the App-ID adoption
▪ Identify how to create security rules to implement App-ID without relying on port-based rules
▪ Identify configurations for distributed Log Collectors
▪ Identify the required settings and steps necessary to provision and deploy a next‐generation
   firewall
▪ Identify which device of an HA pair is the active partner
▪ Identify various methods for authentication, authorization, and device administration within
   PAN-OS software for connecting to the firewall

▪ Identify various methods for authentication, authorization, and device administration within
   PAN-OS software for connecting to services through the firewall
▪ Identify how to configure and maintain certificates to support firewall features
▪ Identify the features that support IPv6
▪ Identify how to configure a virtual router
▪ Given a scenario, identify how to configure an interface as a DHCP relay agent
▪ Identify the configuration settings for site‐to‐site VPN
▪ Identify the configuration settings for GlobalProtect
▪ Identify how to configure items pertaining to denial-of-service protection and zone protection
▪ Identify how to configure features of NAT policy rules
▪ Given a configuration example including DNAT, identify how to configure security rules
▪ Given a scenario, identify an application override configuration and use case
▪ Identify how to configure VM-Series firewalls for deployment
▪ Identify how to configure firewalls to use tags and filtered log forwarding for integration with
  network automation
▪ Identify the use of username and domain name in HTTP header insertion
▪ Identify the configuration settings for Panorama automatic commit recovery
▪ Identify the configuration settings for a dynamic user group
▪ Identify the configuration settings for SD-WAN
▪ Identify considerations for configuring external log forwarding
▪ Interpret log files, reports, and graphs to determine traffic and threat trends
▪ Identify scenarios in which there is a benefit from using custom signatures
▪ Given a scenario, identify the process to update a Palo Alto Networks system to the latest
   version of the software
▪ Identify how configuration management operations are used to ensure desired operational
   state of stability and continuity
▪ Identify the settings related to critical HA functions (link monitoring; path monitoring; HA1, HA2,
   HA3, and HA4 functionality; HA backup links; and differences between A/A and A/P HA pairs and
   HA clusters)
▪ Identify the sources of information that pertain to HA functionality
▪ Identify the impact of deploying dynamic updates
▪ Identify the relationship between Panorama and devices as pertaining to dynamic updates
  versions and policy implementation and/or HA peers
▪ Identify the benefits and drawbacks to the various procedures to manage application-based
  rule application dependencies
▪ Identify how to monitor SD-WAN connection status and failovers in Panorama
▪ Identify system and traffic issues using the web interface and CLI tools
▪ Given a session output, identify the configuration requirements used to perform a packet
  capture
▪ Given a scenario, identify how to troubleshoot and configure interface components
▪ Identify how to troubleshoot SSL decryption failures
▪ Identify issues with the certificate chain of trust
▪ Given a scenario, identify how to troubleshoot traffic routing issues
▪ Given a screenshot, identify ACC chart activities
▪ Identify how to view GlobalProtect troubleshooting information

▪ Identify how to determine when an SD-WAN path has failed
▪ Identify the correct order of the policy evaluation based on the packet flow architecture
▪ Given an attack scenario against firewall resources, identify the appropriate Palo Alto Networks
   threat prevention component to prevent or mitigate the attack
▪ Given an attack scenario against resources behind the firewall, identify the appropriate Palo
   Alto Networks threat prevention component to prevent
▪ Identify methods for identifying users
▪ Identify the fundamental functions residing on the management plane and data plane of a Palo
  Alto Networks firewall
▪ Given a scenario, determine how to control bandwidth use on a per-application basis
▪ Identify the fundamental functions and concepts of WildFire
▪ Identify the purpose of and use case for MFA and the Authentication policy
▪ Identify the dependencies for implementing MFA
▪ Given a scenario, identify how to forward traffic
▪ Given a scenario, identify how to configure policies and related objects
▪ Identify the methods for automating the configuration of a firewall
▪ Describe the pros and cons of deploying distributed networking using SD-WAN
▪ Identify how the Panorama commit recovery feature operates

bottom of page