Palo Alto Networks – PCNSE Certification – Part 1 – Breaking down the Exam Objectives

As the new year hits, I have new resolutions, and these entail getting my feet wet with Palo Alto Networks, due to my job and many other factors I’m open to learning and get certified on the PCNSE, which stands for Palo Alto Networks Certified Network Security Engineer

The Certification Requirements

This exam contains 75 questions and over 80 minutes – The intended audience are engineers that currently work with Next-generation firewalls and would like to take their knowledge to the next level. They recommend having 3 to 5 years of experience

Recommended Training

Firewall Essentials: Configuration and Management (EDU-210) or digital learning (EDU-110)
Panorama: Managing Firewalls at Scale (EDU-220) or digital learning (EDU-120)

In my case I have been using the Digital Learning version of their training, this seems to be available if you are PAN partner, luckily I have access to it, I have not tested with an account that is not associated with a Partner company, so my knowledge of availability is limited on that one.

What will you be tested on?

Like any other exam, this one is tested by different Knloledge domains:

  • 16% – Plan
  • 23% – Deploy and Configure
  • 20% – Operate
  • 18% – Configuration and Troubleshooting
  • 23% – Core Concepts


This section concentrates on different objective domains that contain lots of PAN tools and available software to help enforce the Network Security of an enterprise

  • Securing the Enterprise
  • Securing the Cloud

It goes over few other aspects as sizing and understanding of the platforms, so lots of Product placing on this section, and lots of other helpful stuff that is critical for success on the certification exam, as well as in real life

  • Firewall Sizing
  • Security Policies
  • Security Zones
  • Traffic Processing sequences
  • Enterprise Management of Firewalls
  • Virtual Firewall in the Cloud

The next visible section talks about High Availability and the different options of HA you have, some of the demonstrations I will have on these posts will be limited to only one device, yes I was able to score a Virtual appliance but not 2 🙁

  • High Availability
  • HA Modes
  • Active/Active
  • Active/Passive

Another important aspect for this section of the exam is to identify the type of Interfaces available in your PAN appliance or VM

  • TAP
  • Virtual Wire
  • Layer 2
  • Layer 3
  • Decrypt Mirror
  • Aggregate Interfaces
  • Virtual Interfaces
  • VLAN Interfaces
  • Loopback Interfaces
  • Tunnel Interfaces
  • Virtual Routers
  • GRE Tunnels

Planning for Logging is critical and is also part of this section

  • Event Logging on Firewall
  • Distributed Log Collection
  • On-Premises and Cloud Log Collection

Virtual Firewalls and Public Cloud is also key and important to understand, there is a big section that goes over this

  • Virtual Firewalls
  • Public Cloud
  • Hybrid Cloud

The next few sections can be condensed to best practices configuration items as follows:

  • Admin Accounts and Roles
  • Authentication, Authorization, MFA
  • Panorama Access Domains
  • Certificate Operations
  • Dynamic Routing
  • Mitigation of Resource Exhaustion (Zone Protection Profiles, DoS Protection Profiles

Deploy and Configure

For the interesting stuff, because we are here to also do for the sake of learning, the deployment and Configuration section is a lot of the things that were mentioned in the previous section.

Flagship functionality and Features – how to implement them in real life

  • User-ID
  • App-ID
  • URL Filtering

Some regular firewall stuff and how does it work with PANOS

  • VPN Connectivity (Remote VPN)
  • Site to Site VPN
  • Implementing NAT Policies
  • Implementing Security Profiles
  • Implementing Security Rules


This section is interesting because it starts by helping you make sense of many of the things that you configure and how to interpret the data

  • Logging Considerations
  • Destination Types and Formatting
  • Reports: User Activity Reports, APP Scores, Application Command Center, Automated Correlation Engine
  • Log Forwarding, Filtering and Tagging
  • Updating your Firewall (Standalone, HA)
  • Running Configuration and Candidate Configuration

Configuration and Troubleshooting

This is where we spend most of our times, troubleshooting and making sure we can block or forward packets as intended

  • Packet Captures and How to use them
  • Automatic Thread detection Captures
  • Manual Packet Captures
  • Troubleshoot Interfaces
  • Troubleshooting SSL Decryption

Core Concepts

Not sure why this one is listed as the last component on the Study Guide, but I suspect is the combination of the multiple things we went over, so I will list them for reference

  • Policies and Matching of policies
  • Mitigating APT
  • Security Policies and Profiles
  • Management and Data Planes
  • WildFire

What to Look Forward to?

As I continue studying for this exam you will see more information that I think will be useful for me to succeed on the exam. I hope this helps someone out there as well 🙂

About the Author:

Andres Sarmiento, CCIE # 53520 (Collaboration)
With more than 15 years of experience, Andres is specialized in Unified Communications and Collaboration technologies. Consulted for several companies in South Florida, also Financial Institutions on behalf of Cisco Systems. Andres has been involved in high-profile implementations including Cisco technologies; such as Data Center, UC & Collaboration, Contact Center Express, Routing & Switching, Security and Hosted IPT Service provider infrastructures.

You can follow Andres using Twitter, LinkedIn or Facebook

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top