1. Home
  2. Palo Alto Networks
  3. PCNSA Exam Syllabus

Palo Alto Networks PCNSA Exam Topics

Palo Alto Networks PCNSA Exam Overview :

Exam Name: Palo Alto Networks Certified Network Security Administrator
Exam Code: PCNSA
Certifications: Palo Alto Networks Certified Network Security Administrator Certification
See Expected Questions: Palo Alto Networks PCNSA Expected Questions in Actual Exam

Palo Alto Networks PCNSA Exam Objectives :

Section Weight Objectives
Domain 1: Palo Alto Networks Strata Core Components 17% Task 1.1   Understand the components of the Palo AltoNetworks StrataPortfolio
     1.1.1    Understand how to configure APP-ID.
     1.1.2    Understand the purpose and usage of Content-ID.
     1.1.3    Understand the purpose and usage of User-ID.
     1.1.4    Understand the purpose and usage of captiveportal.
     1.1.5    Understand the purpose and usage of Device-ID.
     1.1.6    Understand security processes.
     1.1.7    Understand form factors of the NGFW.
     1.1.8    Understand the management implications of theform factors of theNGFW.
     1.1.9    Understand use of Authentication Policy.
     1.1.10  Understand uses for Prisma Access.
     1.1.11  Understand uses for Panorama.
     1.1.12  Understand the uses for CN-Series and VM-Series.
     1.1.13  Understand GlobalProtect.Task

1.2
Identify the order of operations of Single-PassParallel Processingarchitecture.
     1.2.1  Describe signature processing engine.
     1.2.2  Describe the security processing engine.
     1.2.3  Describe network processing engine.
     1.2.4  Understand the impact of traffic flow.
Domain 2 Device Management and Services 18% Task 2.1 Identify and use firewall management interfaces
     2.1.1  Understand the use of management user interfaces.
    
2.1.2  Understand the methods of access.
     2.1.3  Understand the access restrictions.
     2.1.4  Understand identity management traffic flow.

Task 2.2 Provisioning local administrators and assigningrole-basedauthentication
     2.2.1  Assign role-based access control to administrators.  
     2.2.2
  Assign authentication for administrators.
     2.2.3  Assign the authentication sequence for administrators.

Task 2.3 Define firewall configurations
     2.3.1  Manage running configuration.
    
2.3.2  Manage candidate configuration.
     2.3.3  Understand when to use load, save, import andexport.

Task 2.4 Understand how to push policy updates toPanorama managedFWs
     2.4.1 Understand device groups and hierarchy.
     2.4.2 Understand where to place policies.
     2.4.3 Understand implications of Panorama management.
    
2.4.4 Understand how to backup Panorama configurationsand NGFWfrom Panorama.

Task 2.5 Identify the types of dynamic updates andtheir purpose
     2.5.1 Understand the impact of dynamic updates toexisting securitypolicies.

Task 2.6 Identify what a security zone is and howto use it
     2.6.1  Identify zone types.
     2.6.2  Identify which zones to apply for security policies.

Task 2.7 Identify and configure firewall interfaces
     2.7.1  Identify and understand the different typesof interfaces.
     2.7.2  Identify how interface types affect securitypolicies.
     2.7.3  Identify how interface types affect securitypolicies.

T
ask 2.8 Configure a virtual router
     2.8.1  Identify steps to create a static route.
     2.8.2  Understand how to use the routing table.
     2.8.3  Identify steps to configure a virtual router.
     2.8.4  Identify what interface types can be added toa virtual router.
     2.8.5  Understand how to configure route monitoring.
Domain 3 Managing Objects 14% Task 3.1 Identify how to create address objects
     3.1.1  Apply address objects to policy.
     3.1.2  Create address groups.
     3.1.3  Identify how to tag objects.
     3.1.4  Differentiate between the address objects.

Task 3.2 Identify how to create services.
     3.2.1  Apply services to policy.3.2.2Create service groups.

Task 3.3 Identify how to use pre-defined Palo AltoNetworks externaldynamic lists
     3.3.1  Identify how to implement an exception to apredefined EDL.
     3.3.2  Identify how to apply in security policy.

Task 3.4 Configure application filters and applicationgroups
     3.4.1  Differentiate between application filters andgroups and when touse them.
     3.4.2  Include an application filter in policy.
     3.4.3  Include an application group in policy.
    
3.4.4  Identify the purpose of application characteristicsas defined in theApp-ID database.
Domain 4 Policy Evaluation and Management 26% Task 4.1 Identify the appropriate application-basedsecurity policy
     4.1.1  Identify an appropriate APP-ID rule.
    
4.1.2  Understand rule shadowing.
     4.1.3  Group rules by tag.
     4.1.4  Identify the potential impact of App-ID updatesto existing securitypolicy rules

Task 4.2 Identify the purpose of specific security rule types
     4.2.1  Identify when to use interzone rules.
     4.2.2  Identify when to use intrazone rules.
    
4.2.3  Identify when to use universal rules.

Task 4.3 Identify and configure Security policy matchconditions, actions,and logging options
     4.3.1  Identify and configure Security policy matchconditions, and actions.
     4.3.2  Understand how to use Application Filters andGroups.
     4.3.3  Understand how to use logging options.

Task 4.4 Identify and implement proper NAT policies
     4.4.1  Implement a destination NAT.
     4.4.2  Implement a source NAT.
     4.4.3  Differentiate various NAT options.
     4.4.4  Create a NAT in the proper order based on pre-existingNATs.

Task 4.5 Identify the tools available to optimizeSecurity policies
     4.5.1  Identify the policy test match tool.
     4.5.2  Identify the policy optimizer.
     4.5.3  Identify Expedition.
Domain 5 Securing Traffic 25% Task 5.1Identify and apply the appropriate SecurityProfile
     5.1.1  Differentiate between different types of securityprofiles.
     5.1.2  Identify how to create and modify a SecurityProfile.
     5.1.3  Identify how to add a Security Profile to policy.
     5.1.4  Identify how to create a profile group.
     5.1.5  Identify how to add a security profile groupto policy.

Task 5.2 Identify the difference between Securitypolicy actions andSecurity Profile actions
     5.2.1  Differentiate between traffic logs, threat logsand data logs.
     5.2.2  Differentiate between security profile actions.

Task 5.3 Identify how the firewall can use the cloudDNS Security tocontrol traffic based on domains
     5.3.1  Identify where to configure DNS security.
     5.3.2  Identify how to apply DNS security in policy.

Task 5.4 Identify how the firewall can use the PAN-DB database to controltraffic based on websites
     5.4.1  Identify how to apply a URL profile in a securitypolicy.
     5.4.2  Identify how to create a URL filtering profile.

Task5.5 IdentifyhowtocontrolaccesstospecificURLsusingcustomURLfiltering categories
     5.5.1  Identify why a URL was blocked.
     5.5.2  Identify how to allow a blocked URL.
     5.5.3  Identify how to request a URL recategorization.

Task5.6 DifferentiatebetweengroupmappingandIPtousermappingwithin policies and logs
     5.6.1  Identify how to control access to specific locations.
     5.6.2  Identify how to apply to specific policies.  
     5.6.3 
Identify users within the ACC and the monitortab.
Official Information https://www.paloaltonetworks.com/services/education/certification#pcnsa

Updates in the Palo Alto Networks PCNSA Exam Topics:

Palo Alto Networks PCNSA exam questions and practice test are the best ways to get fully prepared. Study4exam's trusted preparation material consists of both practice questions and practice test. To pass the actual  Palo Alto Networks Certified Network Security Administrator PCNSA  exam on the first attempt, you need to put in hard work on these questions as they cover all updated  Palo Alto Networks PCNSA exam topics included in the official syllabus. Besides studying actual questions, you should take the  Palo Alto Networks PCNSA practice test for self-assessment and actual exam simulation. Revise actual exam questions and remove your mistakes with the Palo Alto Networks Certified Network Security Administrator PCNSA exam practice test. Online and Windows-based formats of the PCNSA exam practice test are available for self-assessment.