Visão Geral

 Cursos Palo Alto Networks Certified Network Security Administrator PCNSA:

pode operar os firewalls de próxima geração da Palo Alto Networks para proteger as redes contra ameaças cibernéticas de ponta. A certificação PCNSA valida sua capacidade de configurar os recursos centrais do Palo Alto Networks Next Generation Firewall e a capacidade de implantar efetivamente os firewalls para permitir o tráfego de rede com base em quem (ID do usuário), o quê (ID do aplicativo) e quando (Política), tudo isso garantindo a segurança (Content-ID).

O exame PCNSA deve ser realizado por qualquer pessoa que queira demonstrar um conhecimento profundo das tecnologias da Palo Alto Networks, incluindo clientes que usam produtos da Palo Alto Networks, revendedores de valor agregado, engenheiros de sistemas de pré-vendas, integradores de sistemas e administradores de sistemas.

Objetivo

• Você pode implantar, configurar e instalar componentes da plataforma operacional de segurança da Palo Alto Networks.
• Você entende os aspectos exclusivos da plataforma operacional de segurança da Palo Alto Networks e como implantá-la adequadamente.
• Você entende as políticas de rede e segurança usadas pelo software PAN-OS®.

Publico Alvo

Administradores de segurança responsáveis ​​por operar e gerenciar o conjunto de segurança de rede da Palo Alto Networks.

Pre-Requisitos

Você deve ter dois a três anos de experiência trabalhando nos setores de rede ou segurança e o equivalente a 6 meses de experiência trabalhando em tempo integral com a plataforma operacional de segurança da Palo Alto Networks. Você tem pelo menos 6 meses de experiência na implantação de NGFW da Palo Alto Networks e configuração.

• Curso Firewall Essentials Configuration and Management (EDU-210)

Informações Gerais

Materiais

Conteúdo Programatico

Device Management and Services

Demonstrate the knowledge of firewall management interfaces

1. Management interfaces
2. Methods of access
3. Access restrictions
4. Identity-management traffic flow
5. Management services
6. Service routes

Provision local administrators

1. Authentication profile
2. Authentication sequence

Assign role-based authentication
Maintain firewall configurations

1. Running configuration
2. Candidate configuration    
3. Discern when to use load, save, import, and export
4. Differentiate between configuration states    17
5. Backup Panorama configurations and firewalls from Panorama

Push policy updates to Panorama-managed firewalls

1. Device groups and hierarchy
2. Where to place policies
3. Implications of Panorama management
4. Impact of templates, template stacks, and hierarchy

Schedule and install dynamic updates

1. From Panorama
2. From the firewall
3. Scheduling and staggering updates on an HA pair
4. References

Create and apply security zones to policies

1. Identify zone types
2. External types
3. Layer 2
4. Layer 3
5. Tap
6. VWire
7. Tunnel

Identify and configure firewall interfaces

1. Different types of interfaces
2. How interface types affect Security policies

Maintain and enhance the configuration of a virtual or logical router

1. Steps to create a static route
2. How to use the routing table
3. What interface types can be added to a virtual or logical router

Create and maintain address and address group objects

1. How to tag objects
2. Differentiate between address objects
3. Static groups versus dynamic groups

Create and maintain services and service groups

Create and maintain external dynamic lists

1. When to use filters versus groups
2. The purpose of application characteristics as defined in the App-ID database

Policy Evaluation and Management

1. Create an appropriate App-ID rule
2. Rule shadowing
3. Group rules by tag
4. The potential impact of App-ID updates to existing Security policy rules
5. Policy usage statistics

Differentiate specific security rule types

1. Interzone
2. Intrazone
3. Universal

Configure security policy match conditions, actions, and logging options

1. Application filters and groups
2. Logging options
3. App-ID
4. User-ID
5. Device-ID
6. Application filter in policy
7. Application group in policy
8. EDLs

Identify and implement proper NAT policies

1. Destination
2. Source

Optimize Security policies using appropriate tools

1. Policy test match tool
2. Policy Optimizer

Securing Traffic

Compare and contrast different types of Security profiles

1. Antivirus
2. Anti-Spyware
3. Vulnerability Protection
4. URL Filtering
5. WildFire Analysis

Create, modify, add, and apply the appropriate Security profiles and groups

1. Antivirus
2. Anti-Spyware
3. Vulnerability Protection
4. URL Filtering
5. WildFire Analysis
6. Configure Threat Prevention policy

Differentiate between Security profile actions

Use information available in logs

1. Traffic
2. Traffic
3.  Data
4. System logs

Enable DNS Security to control traffic based on domains

1. Configure DNS Security
2. Apply DNS Security in policy

Create and deploy URL-filtering-based controls

1. Apply a URL profile in a Security policy
2. Create a URL Filtering profile
3. Create a custom URL category
4. Control traffic based on a URL category
5. Why a URL was blocked
6. How to allow a blocked URL
7. How to request a URL recategorization

Differentiate between group mapping and IP-to-user mapping within policies and logs

1. How to control access to specific locations
2. How to apply to specific policies
3. Identify users within the ACC and the monitor tab