pcnse-study-guide-201903培训文档手册.pdf资源-CSDN文库

版权申诉

174 浏览量 2022-10-16 14:43:47 上传评论收藏 16.6MB PDF 举报

资源推荐

资源详情

资源评论

PALO ALTO

NETWORKS

PCNSE

STUDY GUIDE

May 2019

Contents

Palo Alto Networks PCNSE Study Guide ............................................................................................................ 16

Overview ........................................................................................................................................................... 16

Exam Details ...................................................................................................................................................... 16

Intended Audience ............................................................................................................................................ 16

Qualifications .................................................................................................................................................... 16

Skills Required ................................................................................................................................................... 17

Recommended Training .................................................................................................................................... 17

About This Document ........................................................................................................................................ 17

Disclaimer .......................................................................................................................................................... 17

Preliminary Score Report ................................................................................................................................... 18

Exam Domain 1 – Plan ....................................................................................................................................... 19

1.1 Identify how the Palo Alto Networks products work together to detect and prevent threats ................... 19

Securing the Enterprise ................................................................................................................................. 20

Securing the Cloud ........................................................................................................................................ 21

Sample Questions ......................................................................................................................................... 22

1.2 Given a scenario, identify how to design an implementation of the firewall to meet business

requirements that leverage the Palo Alto Networks Security Operating Platform .......................................... 24

Choosing the Appropriate Firewall ............................................................................................................... 24

Security Policy ............................................................................................................................................... 25

Security Zones ............................................................................................................................................... 26

Traffic Processing Sequence ......................................................................................................................... 27

Enterprise Firewall Management ................................................................................................................. 27

Virtual Firewalls in Clouds ............................................................................................................................. 28

Sample Questions ......................................................................................................................................... 28

1.3 Given a scenario, identify how to design an implementation of firewalls in High Availability to meet

business requirements that leverage the Palo Alto Networks Security Operating Platform ........................... 29

High Availability ............................................................................................................................................ 29

HA Modes ...................................................................................................................................................... 29

Active/Passive Clusters ................................................................................................................................. 29

Active/Active Clusters ................................................................................................................................... 30

Choosing an HA Cluster Type ........................................................................................................................ 31

Sample Questions .............................................................................................................

............................ 33

1.4 Identify the appropriate interface type and configuration for a specified network deployment .............. 35

Types of Interfaces ........................................................................................................................................ 35

Tap ................................................................................................................................................................ 35

Virtual Wire ................................................................................................................................................... 36

Layer 2 ........................................................................................................................................................... 36

Layer 3 ........................................................................................................................................................... 37

Decrypt Mirror .............................................................................................................................................. 37

Aggregate Interfaces ..................................................................................................................................... 37

Virtual Interfaces ........................................................................................................................................... 38

VLAN Interfaces ............................................................................................................................................. 38

Loopback Interfaces ...................................................................................................................................... 38

Tunnel Interfaces .......................................................................................................................................... 39

Traffic Forwarding ......................................................................................................................................... 39

Virtual Routers .............................................................................................................................................. 41

Administrative Distance ................................................................................................................................ 42

Route Redistribution ..................................................................................................................................... 42

GRE Tunnels .................................................................................................................................................. 43

Routing Troubleshooting .............................................................................................................................. 44

Sample Questions ......................................................................................................................................... 45

1.5 Identify strategies for retaining logs using Distributed Log Collection ....................................................... 47

Event Logging on NGFWs .............................................................................................................................. 47

Distributed Log Collection ............................................................................................................................. 47

Sample Questions ......................................................................................................................................... 49

1.6 Given a scenario, identify the strategy that should be implemented for Distributed Log Collection ........ 50

Log Collection Platform Choices ................................................................................................................... 50

On-Premises Log Collection .......................................................................................................................... 50

Cortex Data Lake ........................................................................................................................................... 51

Sample Questions ......................................................................................................................................... 51

1.7 Identify how to use template stacks for administering Palo Alto Networks firewalls as a scalable solution

using Panorama ................................................................................................................................................. 52

Panorama Overview ...................................................................................................................................... 52

Templates and Template Stacks ................................................................................................................... 53

Sample Questions ......................................................................................................................................... 54

1.8 Identify how to use device group hierarchy for administering Palo Alto Networks firewalls as a scalable

solution using Panorama ......................................................................................................

............................. 55

Device Groups ............................................................................................................................................... 55

Committing Changes with Panorama ........................................................................................................... 57

Sample Questions ......................................................................................................................................... 60

1.9 Identify planning considerations unique to deploying Palo Alto Networks firewalls in a public cloud ...... 61

Virtual Firewalls ............................................................................................................................................ 61

Public Clouds ................................................................................................................................................. 62

Sample Questions ......................................................................................................................................... 62

1.10 Identify planning considerations unique to deploying Palo Alto Networks firewalls in a hybrid cloud ... 64

Hybrid Cloud ................................................................................................................................................. 64

Connectivity Considerations ......................................................................................................................... 64

Sample Question ........................................................................................................................................... 64

1.11 Identify planning considerations unique to deploying Palo Alto Networks firewalls in a private cloud .. 65

Private Clouds ............................................................................................................................................... 65

Sample Questions ......................................................................................................................................... 65

1.12 Identify methods for authorization, authentication, and device administration ..................................... 66

Administrative Accounts and Roles .............................................................................................................. 66

Authentication .............................................................................................................................................. 66

Special Note About Multi-Factor Authentication ......................................................................................... 68

Panorama Access Domains ........................................................................................................................... 69

Sample Questions ......................................................................................................................................... 69

1.13 Identify the methods of certificate creation on the firewall ..................................................................... 71

Certificate Background ................................................................................................................................. 71

Certificates on the Firewall ........................................................................................................................... 72

Certificate Creation and Import .................................................................................................................... 73

Sample Questions ......................................................................................................................................... 75

1.14 Identify options available in the firewall to support dynamic routing ...................................................... 76

Overview ....................................................................................................................................................... 76

Administrative Distance ................................................................................................................................ 77

Sample Questions ......................................................................................................................................... 78

1.15 Given a scenario, identify ways to mitigate resource exhaustion (because of denial-of-service) in

application servers ............................................................................................................................................ 79

Resource Exhaustion ..................................................................................................................................... 79

Zone Protection Profiles ............................................................................................................................... 79

DoS Protection Profile ................................................................................................................................... 80

Differences Between DoS Protection and Zone Protection .......................................................................... 81

Sample Questions ......................................................................................................................................... 82

剩余307页未读，继续阅读

评论收藏

内容反馈

版权申诉