PCNSA: Palo Alto Networks Certified Network Security Administrator

The PCNSA certification validates the knowledge and skills required for network security administrators responsible for deploying and operating Palo Alto Networks Next-Generation Firewalls (NGFWs). PCNSA certified individuals have demonstrated knowledge of the Palo Alto Networks NGFW feature set and in the Palo Alto Networks product portfolio core components.

Certification Objectives

Palo Alto Networks technology is highly integrated and automated. The Palo Alto Networks product portfolio comprises multiple separate technologies working in unison to prevent successful cyberattacks. The PCNSA seeks to identify people who can operate Palo Alto Networks Next-Generation Firewalls to protect networks from cutting edge cyberthreats.

Target Audience

Security administrators responsible for deploying, operating, and managing Palo Alto Networks network security suite.

Palo Alto PCNSA Exam Overview:

Exam Name Network Security Administrator
Exam Number   PCNSA PAN‐OS 10
Exam Price   $155 USD
Duration  80 minutes 
Number of Questions   50 
Passing Score   Variable (70-80 / 100 Approx.)
Recommended Training  Firewall Essentials – Configuration and Management (EDU-210)
Sample Questions   Palo Alto PCNSA Sample Questions
Practice Exam   Palo Alto Networks Certified Network Security Administrator Practice Test

Palo Alto PCNSA Exam Topics:

Section Objectives  Weight
Palo Alto Networks Security Operating Platform Core Components – Identify the components of the Palo Alto Networks Cybersecurity Portfolio.
– Identify the components and operation of Single-Pass Parallel Processing architecture.
– Given a network design scenario, apply the Zero Trust security model and describe how it relates to traffic moving through your network.
– Identify stages in the cyberattack lifecycle and firewall mitigations that can prevent attacks.
Simply Passing Traffic – Identify and configure firewall management interfaces.
– Identify how to manage firewall configurations.
– Identify and schedule dynamic updates.
– Configure internal and external services for account administration.
– Given a network diagram, create the appropriate security zones.
– Identify and configure firewall interfaces.
– Given a scenario, identify steps to create and configure a virtual router.
– Identify the purpose of specific security rule types.
– Identify and configure security policy match conditions, actions, and logging options.
– Given a scenario, identify and implement the proper NAT solution.
Traffic Visibility – Given a scenario, select the appropriate application-based security policy rules.
– Given a scenario, configure application filters or application groups.
– Identify the purpose of application characteristics as defined in the App-ID database.
– Identify the potential impact of App-ID updates to existing security policy rules.
– Identify the tools to optimize security policies.
– Identify features used to streamline App-ID policy creation.
Securing Traffic – Given a risk scenario, identify and apply the appropriate security profile.
– Identify the difference between security policy actions and security profile actions.
– Given a network scenario, identify how to customize security profiles.
– Identify the firewall’s protection against packet- and protocol-based attacks.
– Identify how the firewall can use the cloud DNS Security to control traffic based on domains.
– Identify how the firewall can use the PAN-DB database to control traffic based on websites.
– Identify how to control access to specific URLs using custom URL filtering categories.
Identifying Users – Given a scenario, identify an appropriate method to map IP addresses to usernames.
– Given a scenario, identify the appropriate User-ID agent to deploy.
– Identify how the firewall maps usernames to user groups.
– Given a graphic, identify User-ID configuration options.
Deployment Optimization  – Identify the benefits and differences between the Heatmap and the BPA reports. 4%