Documente Academic
Documente Profesional
Documente Cultură
NETWORKS
PSE PLATFORM
PRO 8.0
STUDY GUIDE
April 2017
Palo Alto Networks, Inc.
www.paloaltonetworks.com
©2017, Palo Alto Networks – all rights reserved.
Aperture, AutoFocus, GlobalProtect, Palo Alto Networks, PAN-OS, Panorama, Traps, and WildFire are trademarks of Palo Alto Networks, Inc. All other
trademarks are the property of their respective owners.
Overview
This document is the Study Guide for the Palo Alto Networks Systems Engineer: Platform Professional
Certification Exam, abbreviated as PSE: Platform – P. This exam has been refreshed to reflect product
updates, and has increased in scope to encompass the former PSE: Cyber Security subdiscipline, which
has been deprecated.
This new exam is now better focused on the Palo Alto Networks Platform as a whole, and has been
carefully tuned to better evaluate an SE’s pre-sales capability.
https://www.paloaltonetworks.com/services/education/pcnse
Prerequisites
You should complete the following prerequisites before attempting this exam:
▪ You have passed the Palo Alto Networks Systems Engineer: Platform – Associate Accreditation
Exam, abbreviated as PSE: Platform – A.
▪ You have completed a year of full-time experience as a Palo Alto Networks SE, either as a Palo
Alto Networks employee SE or as a Partner employee SE.
Exam Format
The test format is 60 multiple-choice items. Native English speakers will have 10 minutes to complete
the Non-Disclosure Agreement (NDA) and 80 minutes to complete the questions. Non-native English
speakers will have 10 minutes for the NDA and 110 minutes to complete the questions.
To access the PSE Professional exams, partners need to add the Private Access Code:
PSEPROFESSIONAL16
Positioning: Platform
Identify the Architecture Components That Benefit from WildFire
WildFire inspects millions of samples daily from its global network of customers and threat intelligence
partners, looking for new forms of previously unknown malware, exploits, malicious domains, and
outbound command-and-control (C2) activity. WildFire matches any forwarded samples against its
database of known files and designates never-before-seen items for further investigation, which covers
static and dynamic analysis against multiple operating systems and application versions.
References
▪ At a Glance: WildFire
(https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/faqs/at-a-glance-
wildfire.pdf)
▪ Log in to WildFire (https://wildfire.paloaltonetworks.com/wildfire) and then click Upload
Sample and Account. Both pages contain relevant information.
Sample Question
1. Which file type is not supported by WildFire?
Answers under the heading “Answer for Identify the Architecture Components That Benefit from
WildFire.”
Identify the Impact of the Intelligence Coming from the Threat Intelligence
Cloud
The firewall forwards unknown samples for WildFire analysis based on the configured WildFire Analysis
Profile settings. It detects links included in emails, files that are attached to emails, and browser‐based
file downloads, and also leverages the Palo Alto Networks App‐ID feature to detect file transfers within
applications. For samples that the firewall detects, the firewall checks the sample hash against WildFire
signatures to determine if WildFire has previously analyzed the sample. A sample that is identified as
malware is blocked. If the sample remains unknown after it is compared against existing WildFire
signatures, the firewall forwards the sample for WildFire analysis.
References
▪ WildFire 8.0 Administrator’s Guide:
• WildFire Concepts
(https://www.paloaltonetworks.com/documentation/80/wildfire/wf_admin/wildfire-
overview/wildfire-concepts)
• WildFire Subscription
(https://www.paloaltonetworks.com/documentation/80/wildfire/wf_admin/wildfire-
overview/wildfire-subscription)
• Firewall File Forwarding Capacity by Model
(https://www.paloaltonetworks.com/documentation/80/wildfire/wf_admin/submit-files-
for-wildfire-analysis/firewall-file-forwarding-capacity-by-model)
▪ PAN-OS® 8.0 Administrator’s Guide:
• Install Content and Software Updates
(https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/getting-
started/install-content-and-software-updates)
The answers are under the heading “Answers for Identify the Impact of the Intelligence Coming
from the Threat Intelligence Cloud.”
References
Documentation about WildFire integration with third-party products follows:
▪ Airwatch: http://marketplace.air-watch.com/app/wildfire
▪ ForeScout: https://www.forescout.com/forescout-integration-palo-alto-networks-wildfire-
combats-advanced-threats/
▪ Proofpoint: https://www.proofpoint.com/us/proofpoint-and-palo-alto-networks-partner-
integrate-automated-threat-protection
▪ Tanium: https://docs.tanium.com/connect/connect/paloalto.html
▪ Tripwire: http://www.tripwire.com/solutions/integrations/palo-alto/
Sample Question
1. Which information does Tanium get from WildFire?
A. none; it provides information to WildFire
B. indicators of compromise (IOCs)
C. hashes of malware for EXE and MSI files
D. hashes of malware, for APK files
The answer is under the heading “Answer for Identify the Sources of Data for the Threat
Intelligence Cloud
Identify the Core Values of the Palo Alto Networks Security Platform
The Palo Alto Networks next-generation security platform has four major features that enable the
prevention of successful cyberattacks:
Sample Question
1. Which attack is the Palo Alto Networks security platform unable to stop?
A. Attacks that do not cross the firewall from a Linux server to a desktop client
B. Attacks that do not cross the firewall from a desktop client to a Linux server
C. Attacks that do not cross the firewall, regardless of source or destination
D. Interzone attacks, regardless of source or destination
E. Intrazone attacks, regardless of source or destination
The answer is under the heading “Answer for Identify the Core Values of the Palo Alto Networks
Security Platform.”
Primary functions of the Palo Alto Networks Migration Tool are as follows:
▪ Third-party migration
▪ Adoption of App-ID
Palo Alto Networks provides a combination of tools, expertise, and best practices to help you analyze an
existing environment, migrate policies and firewall settings to the next-generation firewall, and assist in
all phases of the transition.
References
▪ Migration tool datasheet
(https://www.paloaltonetworks.com/apps/pan/public/downloadResource?pagePath=/content/
pan/en_US/resources/datasheets/migration-tool)
Sample Question
1. Which is not a feature of the migration tool?
A. policy migration
B. auto-zoning
C. adoption of App-ID
D. adoption of User-ID
The answer is under the heading “Answer for Identify the Presale Benefits of the Migration
Tool.”
These applications increasingly are using encrypted SSL tunnels on port 443. They use clever evasive
tactics to disguise themselves or use port-hopping to find any entry point through your firewall. Legacy
firewalls and UTMs cannot safely enable these applications. At best, they can attempt to prevent the
application from entering the network, which stifles your business and restricts you from benefitting
from innovation.
Palo Alto Networks next-generation firewalls enables control of applications and content (by user, not
just IP address) at up to 20Gbps with no performance degradation. The App-ID technology enables
applications – regardless of port, protocol, evasive tactic, or SSL encryption. It scans content to stop
targeted threats and prevent data leakage. You can safely enable the use of applications, maintain
complete visibility and control.
References
▪ WildFire 8.0 Administrator’s Guide:
• WildFire Concepts
(https://www.paloaltonetworks.com/documentation/80/wildfire/wf_admin/wildfire-
overview/wildfire-concepts)
▪ PAN-OS® 8.0 Administrator’s Guide:
Sample Question
1. Which Palo Alto Networks product directly protects corporate laptops when people use them
from home?
A. next-generation firewall
B. Traps
C. Panorama
D. WildFire
The answer is under the heading “Answers for Identify How to Position the Value of a Next-
Generation Firewall Over a Legacy Firewall.”
We use content-based protections to stop attacks at the C2 stage, thus preventing attackers from
controlling infected endpoints, spreading laterally within your organization, and accomplishing their
objectives.
Sample Question
1. Which two profile types can block a C2 channel? (Choose two.)
A. Anti-Spyware Profile
B. Certification Profile
C. Command and Control Profile
D. Decryption Profile
E. URL Filtering Profile
The answer is under the heading “Answers for Identify the Protections That the Next-Generation
Firewall Has to Prevent Against Command-and-Control Traffic.”
References
▪ PAN-OS® 8.0 Administrator’s Guide:
• Custom Reports (https://www.paloaltonetworks.com/documentation/80/pan-os/pan-
os/monitoring/custom-reports)
Sample Questions
1. The customer wants a monthly report of the number of connections (of a particular application)
per day. Where do you specify that the report is by days?
A. Query Builder
B. Group By field
C. Order By field
D. Time Frame field
2. The customer wants the report to be in chronological order. Where is this setting specified?
A. Query Builder
B. Group By field
C. Order By field
D. Time Frame field
The answers are under the heading “Answers for Identify the Reporting Capabilities of the Palo
Alto Networks Firewall.”
References
▪ PAN-OS® 8.0 Administrator’s Guide:
• View Reports (https://www.paloaltonetworks.com/documentation/80/pan-os/pan-
os/monitoring/view-reports)
• Manage Report Groups (https://www.paloaltonetworks.com/documentation/80/pan-
os/pan-os/monitoring/manage-report-groups)
• Schedule Reports for Email Delivery
(https://www.paloaltonetworks.com/documentation/80/pan-os/pan-
os/monitoring/schedule-reports-for-email-delivery)
Sample Question
1. In which two ways can you receive regularly scheduled reports? (Choose two.)
A. Retrieve the reports from the Palo Alto Networks web-based user interface
B. Upload the report to a document repository using FTP
C. Configure automatic email delivery for regularly scheduled reports
D. Configure automatic printing to the office printer
E. Upload the report to the domain’s document repository using a shared drive
The answer is under the heading “Answers for Identify the Process of Automated Report
Distribution.”
References
▪ PAN-OS® 8.0 Administrator’s Guide:
• Generate Botnet Reports (https://www.paloaltonetworks.com/documentation/80/pan-
os/pan-os/monitoring/generate-botnet-reports)
The answer is under the heading “Answer for Identify the Capabilities That Detect IOC.”
References
Security Lifecycle Review Quick Start Guide:
https://intranet.paloaltonetworks.com/docs/DOC-15462
Security Lifecycle Review Quick Start Guide for Partners:
https://intranet.paloaltonetworks.com/docs/DOC-15465
Sample Question
1. A company allows employees some personal use of the internet during work time. However, the
CEO is afraid that employees are using too much of the bandwidth for YouTube, thus causing a
performance problem. Which section of the SLR could confirm or allay this fear?
A. High-Risk Applications
B. Bandwidth Consumed by Applications
C. Categories Consuming the Most Bandwidth
D. Categories with the Most Applications
References
▪ PAN-OS® 8.0 Administrator’s Guide:
• Tap Interfaces (https://www.paloaltonetworks.com/documentation/80/pan-os/pan-
os/networking/tap-interfaces)
▪ https://live.paloaltonetworks.com/t5/Management-Articles/Changing-the-Time-Frame-for-a-
Report-Stats-Dump/ta-p/59208
Sample Question
1. Which interface mode do you use to generate the statdump file that can be converted into an
SLR? Assume that you want to make the evaluation as unintrusive as possible.
A. Tap
B. Virtual Wire
C. L2
D. L3
The answer is under the heading “Answer for Answer for Identify How to Configure an NGFW for
Evaluation Purposes.”
References
▪ Security Lifecycle Review Quick Start Guide (https://intranet.paloaltonetworks.com/docs/DOC-
15462)
▪ Security Lifecycle Review Quick Start Guide for Partners
(https://intranet.paloaltonetworks.com/docs/DOC-15465)
▪ PSE Platform Associate docs (Student Manual > Examining Customer Data, p. 356 in the current
version)
Sample Question
1. Which tool do you use to convert a statdump file to an SLR report?
The answer is under the heading “Answer for Given a Customer Statdump File, Identify How to
Generate an SLR Report.”
Identify the Characteristics and Best Practices of Ultimate Test Drive (UTD)
Seminars
The Palo Alto Networks Ultimate Test Drive program is designed to provide you with a guided hands-on
experience of Palo Alto Networks’ products. There are multiple test drives you can offer to prospective
customers:
▪ Next-Generation Firewall
▪ Threat Prevention
▪ Virtualized Data Center
▪ Migration Process
▪ Advanced Endpoint Protection
▪ VM-Series for Amazon Web Services (AWS)
Reference
▪ https://www.paloaltonetworks.com/apps/pan/public/downloadResource?pagePath=/content/p
an/en_US/resources/datasheets/ultimate-test-drive-brochure
Sample Question
1. Which two elements of the NGFW does the NGFW UTD show potential customers? (Choose
two.)
A. how to set up NGFW for the first time
B. how to modify the Security policy
C. how to view log entries and reports
D. how to migrate from a different firewall to NGFW
E. how to integrate with the Advanced Endpoint Protection
Sample Question
1. Which firewall appliances can you order with either an AC power supply or a DC power supply?
A. PA-7000 Series
B. PA-5000 Series and PA-7000 Series
C. PA-3000 Series, PA-5000 Series, and PA-7000 Series
D. All Palo Alto Networks appliances can be ordered with either an AC power supply or a
DC power supply
The answer is under the heading “Answer for Given a Palo Alto Networks Solution Scenario
Including Products, Subscription Licenses, and Support, Identify the Bill of Materials That Should
Be Written
References
▪ Compare Firewalls (https://www.paloaltonetworks.com/products/product-selection)
Sample Question
1. A potential customer has many satellite offices, each of which is connected to the internet using
a 250Mbps link. The customer requirements include threat prevention for all the traffic. Which
model should be deployed in those offices to fulfill these requirements, assuming a reduction in
network capacity is unacceptable and cost is a concern?
A. PA-100
B. PA-500
C. PA-2020
D. PA-3020
The answer is under the heading “Answer for Given a Customer Environment, Identify the
NGFW Model That Should Be Used to Secure the Network.”
Sample Question
1. An enterprise needs to use web storage to collaborate with business partners. Which step is
required to ensure that web storage is not used to exfiltrate sensitive data from the enterprise?
A. Disconnect from the internet
B. Configure a local shared drive and use that instead of web storage
C. Install Advanced Endpoint Protection
D. Use the firewall to forbid uploads to other web storage instances
The answer is under the heading “Answer for Given a Customer Environment, Identify How
Aperture Should Be Used to Secure the Enterprise
Sample Question
1. Which is not something AutoFocus can do?
A. Distinguish between attacks that attempt to exfiltrate data (violate confidentiality) and
attacks that attempt to modify it (violate integrity)
B. Display the processes started by specific malware
C. Display the network connections used by specific malware
D. Distinguish between commodity attacks and advanced persistent threats (APTs) directed
against the customer’s organization or industry
The answer is under the heading “Answer for Given a Customer Environment, Identify How
Autofocus Should Be Used to Secure the Enterprise
Traps targets software vulnerabilities in processes that open non-executable files using exploit
prevention techniques. Traps also uses malware prevention techniques to prevent malicious executable
files from running. The Traps solution uses this two-fold approach to prevent all types of attacks,
whether they are known or unknown threats.
Sample Question
1. Should Advanced Endpoint Management be installed on desktop PCs that stay behind the
corporate firewall?
A. There is no reason to install Advanced Endpoint Management on those desktop PCs
they are protected by the firewall.
B. Yes, because sometimes people take those desktops home to work over the weekend
C. Yes, because there might be a network connection that bypasses the firewall
D. Yes, because malware and exploit files might be able to traverse the network until it
they are identified by WildFire, and there are file propagation methods that bypass the
firewall, such as USB drives.
The answer is under the heading “Answer for Given a Customer Environment, Identify How
Traps Should Be Used to Secure the Endpoint
Sample Question
1. The R&D network of the defense contractor is not connected to the internet. However, it is
connected to SIPRNet (https://en.wikipedia.org/wiki/SIPRNet), which is used to transfer
classified information. The contractor is afraid of getting malware files and infected PDFs
through that network. Can they use WildFire for protection?
A. No, because there is no network path to the WildFire server
B. No, but no protection is needed because everybody with SIPRnet access has a security
clearance and is trustworthy.
C. Yes, but only if they can get approval to have a gateway to the public internet.
D. Yes. They can use a WF-500 appliance.
The answer is under the heading “Answer for Given a Customer Environment, Identify How
WildFire Should Be Used to Secure the Enterprise
References
▪ Firewall Overview
(https://www.paloaltonetworks.com/apps/pan/public/downloadResource?pagePath=/content/
pan/en_US/resources/datasheets/firewall-feature-overview-datasheet)
▪ Traps Administrator’s Guide:
• About Traps (https://www.paloaltonetworks.com/documentation/40/endpoint/endpoint-
admin-guide/traps-overview/about-traps
▪ WildFire 8.0 Administrator’s Guide:
• WildFire Concepts
(https://www.paloaltonetworks.com/documentation/80/wildfire/wf_admin/wildfire-
overview/wildfire-concepts)
▪ Prevent Patient Zero: A Closer Look at Traps 3.2
(http://researchcenter.paloaltonetworks.com/2015/04/prevent-patient-zero-with-advanced-
endpoint-protection-3-2/)
Sample Question
1. A company has no internal network and only a few people work from home and use public SaaS
services (such as Google Docs). Is there any component of the Palo Alto Networks security
platform that is not needed, and, if so, which one is it?
A. WildFire
B. Traps
C. NGFW
The answer is under the heading “Answer for Given a Customer Environment, Identify How
NGFW, WildFire, and Traps Should Be Used to Secure the Enterprise
Identify Which Firewall Models Support vsys and Its Common Uses
Virtual systems provide the same basic functions as a physical firewall, along with additional benefits:
▪ Segmented administration: Different organizations (or customers or business units) can control
(and monitor) a separate firewall instance so that they have control over their own traffic
without interfering with the traffic or policies of another firewall instance on the same physical
device.
▪ Scalability: After the physical firewall is configured, addition or removal of customers or
business units can be done efficiently. An ISP, managed security service provider, or enterprise
can provide different security services to each customer.
▪ Reduced capital and operational expenses: Virtual systems eliminate the need to have multiple
physical firewalls at one location because virtual systems co-exist on one firewall. Because the
organization does not have to purchase multiple firewalls, it can save on the hardware expense,
electric bills, and rack space, and can reduce maintenance and management expenses.
References
▪ PAN-OS® 8.0 Administrator’s Guide:
• Virtual System Components and Segmentation
(https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/virtual-
systems/virtual-systems-overview)
• Use Case for Virtual Systems (https://www.paloaltonetworks.com/documentation/80/pan-
os/pan-os/virtual-systems/virtual-systems-overview)
• Platform Support and Licensing for Virtual Systems
(https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/virtual-
systems/virtual-systems-overview)
The answer is under the heading “Answer for Identify Which Firewall Models Support vsys and
Its Common Uses
You use templates to configure the settings that enable firewalls to operate on the network. Templates
enable you to define a common base configuration using the Network and Device tabs on Panorama. For
example, you can use templates to manage interface and zone configurations, server profiles for logging
and syslog access, and network profiles for controlling access to zones and IKE gateways. When you
define a template, consider assigning firewalls that are the same hardware model and require access to
similar network resources, such as gateways and syslog servers.
Sample Questions
1. In Panorama, which policy gets evaluated first?
A. device group pre-rules
B. device group post-rules
C. shared pre-rules
D. shared post-rules
E. local firewall rules
2. Can the same rule allow traffic from different sources on different firewalls?
A. No. Rules mean exactly the same on all firewalls that receive the same policy.
B. Not exactly. However, a rule can allow traffic from a group of sources. If each of those
sources is behind a different firewall, then in practical terms on each firewall the rule is
applied to a different source.
C. Yes, because objects in a device group can override global objects. The same name
could mean different things in different device groups.
D. Yes, because there could be clauses in a rule with effects limited to a specific device
group.
The answers are under the heading “Answers for Identify How to Use Device Groups and
Templates to Manage a Deployment.”
Identify the Benefits of Panorama for Deploying Palo Alto Networks Products
References
▪ https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/faqs/PAN_AAG_pano
rama_052615.pdf
Sample Question
1. Which is not an advantage of using Panorama?
A. centralized management
B. higher throughput on the firewalls
C. centralized view of collected logs
D. automatic event correlation
The answer is under the heading “Answer for Identify the Benefits of Panorama for Deploying
Palo Alto Networks Products.”
▪ Centralized management: Centralized policy and device management that allows for rapid
deployment and management of up to 1,000 firewalls
▪ Visibility: Centralized logging and reporting to analyze and report about user-generated traffic
and potential threats
References
▪ Panorama 8.0 Administrator’s Guide:
• Deploy Panorama with Dedicated Log Collectors
(https://www.paloaltonetworks.com/documentation/80/panorama/panorama_adminguide
/manage-log-collection/deploy-panorama-with-dedicated-log-collectors)
• Panorama High Availability
(https://www.paloaltonetworks.com/documentation/80/panorama/panorama_adminguide
/panorama-high-availability)
• Panorama HA Prerequisites
(https://www.paloaltonetworks.com/documentation/80/panorama/panorama_adminguide
/panorama-high-availability/panorama-ha-prerequisites)
• Logging Considerations in Panorama HA
(https://www.paloaltonetworks.com/documentation/80/panorama/panorama_adminguide
/panorama-high-availability/logging-considerations-in-panorama-ha)
▪ https://live.paloaltonetworks.com/t5/Management-Articles/Panorama-Sizing-and-Design-
Guide/ta-p/72181
Sample Question
1. A company has a physical data center on their premises and several applications protected by
virtual firewalls on AWS. Now they will install Panorama in high availability mode (one instance
in their data center, the other on AWS). Which configuration do they need in their physical data
center?
A. M-100
B. M-500
C. M-100 or M-500
D. Virtual appliance
Every instance of Panorama requires valid licenses that entitle you to manage the devices and to obtain
support. The device management license enforces the maximum number of devices that can be
managed by Panorama. The support license enables Panorama software updates and dynamic content
updates for the latest application and threat signatures, among other updates, that are published by
Palo Alto Networks.
References
▪ Panorama 8.0 Administrator’s Guide:
• Register Panorama and Install Licenses, including all the subsections
(https://www.paloaltonetworks.com/documentation/80/panorama/panorama_adminguide
/set-up-panorama/register-panorama-and-install-licenses)
• Manage Licenses and Updates
(https://www.paloaltonetworks.com/documentation/80/panorama/panorama_adminguide
/manage-licenses-and-updates)
• Manage Licenses of Firewalls Using Panorama
(https://www.paloaltonetworks.com/documentation/80/panorama/panorama_adminguide
/manage-licenses-and-updates/manage-licenses-on-firewalls-using-panorama)
Sample Question
1. How often does Panorama contact the Palo Alto Networks licensing server to look for new
licenses for its firewalls?
A. never; you need to check manually
B. once a week
C. every 24 hours
D. every 6 hours
The answer is under the heading “Answer for Identify how to License a Panorama Deployment.”
References
▪ Panorama 8.0 Administrator’s Guide:
• Panorama Models
(https://www.paloaltonetworks.com/documentation/80/panorama/panorama_adminguide
/panorama-overview/panorama-models)
Sample Question
1. What is the maximum storage capacity of a single Panorama virtual appliance in Panorama
mode?
A. 2 TB
B. 12 TB
C. 18 TB
D. 24 TB
The answer is under the heading “Answer for Identify the Differences in Licensing of Panorama
as a Hardware Solution vs. as a Software Solution.”
Sample Question
1. Which feature is not supported in active/active (A/A) mode?
A. IPsec tunneling
B. DHCP client
C. link aggregation
D. configuration synchronization
References
▪ PAN-OS® 8.0 Administrator’s Guide:
• HA Links and Backup Links (https://www.paloaltonetworks.com/documentation/80/pan-
os/pan-os/high-availability/ha-links-and-backup-links)
• Set Up Active/Passive HA (https://www.paloaltonetworks.com/documentation/80/pan-
os/pan-os/high-availability/set-up-active-passive-ha)
• Set Up Active/Active HA (https://www.paloaltonetworks.com/documentation/80/pan-
os/pan-os/high-availability/set-up-active-active-ha)
Sample Question
1. Which high availability port (or ports) is used for which plane?
A. HA1 for the dataplane, HA2 for the management plane.
B. HA1 for the management plane, HA2 for the dataplane.
C. If HA1 works, it is used for both data and management. HA2 is a backup.
The answer is under the heading “Answer for Identify the Functions of a Given HA Port.”
References
▪ PAN-OS® 8.0 Administrator’s Guide:
• Install Content and Software Updates
(https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/getting-
started/install-content-and-software-updates)
Sample Question
1. Which two updates should be scheduled to occur once a day? (Choose two.)
A. Antivirus
B. PAN-DB URL Filtering
C. WildFire
D. Applications and Threats
E. SMS channel
The answer is under the heading “Answers for Identify Deployment Best Practices for Scheduling
Dynamic Updates.”
Given a Series of Designs, Choose the Design(s) That Would Require Virtual
Systems (vsys)
Virtual systems are separate, logical firewall instances within a single physical Palo Alto Networks
firewall. Rather than use multiple firewalls, managed service providers and enterprises can use a single
References
▪ PAN-OS® 8.0 Administrator’s Guide:
• Virtual Systems Overview, with all the subtopics
(https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/virtual-
systems/virtual-systems-overview)
Sample Question
1. Which is not a reason to use virtual systems?
A. Multiple customers colocated in the same data center, and as the data center owner
you want to upsell a firewall service
B. The organization runs a virtualized firewall
C. A company’s business requirements are for a central IT department to manage the
firewall itself, but departments to manage their own Security policy.
D. An ISP wants to include a firewall service, with the firewall on their premises between
the customers’ connection and the internet.
The answer is under the heading “Answer for Given a Series of Designs, Choose the Design(s)
That Would Require Virtual Systems (vsys).”
References
▪ PAN-OS® 8.0 Administrator’s Guide:
• Create Best Practice Security Profiles
(https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/policy/create-best-
practice-security-profiles)
• Step 4: Create the Temporary Tuning Rules
(https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/policy/define-the-
initial-internet-gateway-security-policy#42505 (scroll down)
• Monitor and Fine Tune the Policy Rulebase
(https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/policy/monitor-
and-fine-tune-the-policy-rulebase)
The answer is under the heading “Answer for Identify Best Practices for Tuning a Palo Alto
Networks Firewall for Maximum Performance.”
Sample Question
1. Which profile type is used to protect against most protocol-based attacks?
A. Antivirus Profile
B. URL Filtering Profile
C. Vulnerability Protection Profile
D. WildFire Analysis Profile
The answer is under the heading” Answer for Identify How to Protect Against Known
Commodity Attacks.”
Sample Question
1. Which security posture is most likely to stop unknown attacks?
A. allow all the traffic that is not explicitly denied
B. deny all the traffic that is not explicitly allowed
C. deny all the traffic that is not explicitly allowed from the outside, and allow all the traffic
that is not explicitly denied from the inside
D. deny all the traffic that is not explicitly allowed from the inside, and allow all the traffic
that is not explicitly denied from the outside
The answer is under the heading “Answer for Identify How to Protect Against Unknown
Attacks.”
References
▪ PAN-OS® 8.0 Administrator’s Guide:
• Create Best Practice Security Profiles
(https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/policy/create-best-
practice-security-profiles#_48239)
▪ WildFire 8.0 Administrator’s Guide:
• WildFire File Type Support
(https://www.paloaltonetworks.com/documentation/80/wildfire/wf_admin/wildfire-
overview/wildfire-file-type-support)
▪ Distributing Malware Inside Adobe PDF Documents (http://www.drchaos.com/distributing-
malware-inside-adobe-pdf-documents/)
The answer is under the heading “Answers for What Can Be Applied to Prevent Users from
Unknowingly Downloading Malicious File Types from the Internet?
References
▪ PAN-OS® 8.0 Administrator’s Guide:
Sample Question
1. What is the maximum number of servers supported by a single User-ID agent?
A. 10
B. 50
C. 100
D. 500
The answer is under the heading “Answer for Error! Reference source not found..”
Sample Question
1. How does the firewall know that a specific connection comes from a specific user?
A. Every connection has a user ID encoded in it.
B. User-ID is only supported in protocols that use user authentication, which provides the
user identity to the firewall and the back end.
C. The firewall always uses the IP address in the IP header to locate the user ID.
D. Usually the firewall uses the IP address in the IP header to locate the user ID, but there
are a few additional techniques (for example, HTTP proxies provide the client’s IP
address in the HTTP header).
The answer is under the heading “Answer for Identify How to Obtain the Parameters to
Configure User-ID.”
References
▪ User-ID: Strengthen Security Posture and Improve Visibility by Mapping Network Traffic to Users
(https://www.paloaltonetworks.com/apps/pan/public/downloadResource?pagePath=/content/
pan/en_US/resources/techbriefs/user-id-tech-brief)
Sample Question
1. A customer has a proprietary user authentication system that is not supported by User-ID. Can
you provide User-ID information to their firewall, and if so how?
A. It is impossible. They’ll need to upgrade to something more standard.
B. It can be done, but only for HTTP applications because HTTP supports XFF headers.
C. It can be done using the XML API.
D. It can be done, but it requires programming that can be performed only by the Palo Alto
Networks professional services organization.
The answer is under the heading “Answer for Identify the Methods and Order of Precedence
That User-ID Uses.”
References
▪ https://live.paloaltonetworks.com/t5/Learning-Articles/Best-Practices-for-Securing-User-ID-
Deployments/ta-p/61606
Sample Question
1. Should you limit the permission of the user that runs the User-ID agent? If so, why?
A. Yes, because of the principle of least privilege. You should give only processes those
permissions that are necessary for them to work.
B. Yes, to an extent. You can give it most privileges, but there is no actual user, so you
should not let it start an interactive login.
C. Yes, to an extent. You can give it most privileges, but there is no actual user, so you
should not let it have remote access.
D. No, there is nothing wrong with using the administrator’s account.
References
▪ PAN-OS® 8.0 Administrator’s Guide:
• App-ID Overview (https://www.paloaltonetworks.com/documentation/80/pan-os/pan-
os/app-id/app-id-overview)
• Manage Custom or Unknown Applications
(https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/app-id/manage-
custom-or-unknown-applications)
• Create a Custom Application (https://www.paloaltonetworks.com/documentation/80/pan-
os/pan-os/app-id/create-a-custom-application)
▪ PAN-OS® Web Interface Reference Guide 8.0:
• Policies > Application Override
(https://www.paloaltonetworks.com/documentation/80/pan-os/web-interface-
help/policies/policies-application-override)
• Defining Applications (https://www.paloaltonetworks.com/documentation/80/pan-os/web-
interface-help/objects/objects-applications (scroll down)
▪ https://www.paloaltonetworks.com/apps/pan/public/downloadResource?pagePath=/content/p
an/en_US/resources/techbriefs/app-id-tech-brief
Learn by Doing
▪ Play with App-ID on the user interface:
• Attempt to define a custom application
Sample Question
1. Which three reasons could cause a firewall that is fully configured, including decryption, not to
recognize an application? (Choose three.)
A. The application is running over SSL.
B. There is no App-ID signature for the application.
C. The application is running over ICMP.
D. The application is running over UDP.
E. Incomplete data, meaning that the TCP handshake happened but there had been no
application traffic.
F. Insufficient data, meaning that there had been some application traffic.
The answer is under the heading “Answers for Identify the Parameters to Configure App-ID.”
References
▪ PAN-OS® 8.0 Administrator’s Guide:
Sample Question
1. Which two methods can you use to add an application that runs on TCP port 25 to the firewall?
(Choose two.)
A. Request an App-ID from Palo Alto Networks.
B. Create a custom application with a signature.
C. Create a custom application and define an Application Override policy.
D. Write JavaScript code to identify the application.
E. Write Python code to identify the application.
The answer is under the heading “Answer for Error! Reference source not found..”
Use SSL Inbound Inspection to decrypt and inspect inbound SSL traffic from a client to a targeted server
(any server you have the certificate for and can import onto the firewall). For example, if an employee is
remotely connected to a web server hosted on the company network and is attempting to add
restricted internal documents to a Dropbox folder (which uses SSL for data transmission), SSL Inbound
Inspection can be used to ensure that the sensitive data does not move outside the secure company
network by blocking or restricting the session.
References
▪ PAN-OS® 8.0 Administrator’s Guide:
• Decryption Overview (https://www.paloaltonetworks.com/documentation/80/pan-os/pan-
os/decryption/decryption-overview)
▪ Difference Between SSL Forward-Proxy and Inbound Inspection Decryption Mode
(https://live.paloaltonetworks.com/t5/Learning-Articles/Difference-Between-SSL-Forward-
Proxy-and-Inbound-Inspection/ta-p/55553)
Sample Question
1. Which decryption mode or modes require(s) the private key of the destination server? (Choose
the best answer.)
A. Forward Proxy
B. Inbound Inspection
The answer is under the heading “Answer for Identify the Differences in Decryption
Configuration Between Forward Proxy, Inbound Proxy, and SSH Proxy.”
▪ Exclude certain URL categories or applications that either do not work properly with decryption
enabled or for any other reason, including for legal or privacy purposes. You can use a
Decryption policy to exclude traffic from decryption based on source, destination, URL category,
service (port or protocol), and TCP port numbers. For example, with SSL decryption enabled, you
can choose URL categories to exclude traffic that is categorized as financial or health‐related
from decryption.
▪ Exclude server traffic from SSL decryption based on the Common Name (CN) in the server
certificate. For example, if you have SSL decryption enabled but have certain servers for which
you do not want to decrypt traffic, such as the web services for your HR systems, exclude those
servers from decryption by importing the server certificate onto the firewall and modifying the
certificate to be an SSL Exclude certificate.
References
▪ PAN-OS® 8.0 Administrator’s Guide:
• Decryption Exclusions (https://www.paloaltonetworks.com/documentation/80/pan-os/pan-
os/decryption/decryption-exclusions#93953), including all the subtopics
▪ PAN-OS® Web Interface Reference Guide 8.0:
• Policies > Decryption (https://www.paloaltonetworks.com/documentation/80/pan-os/web-
interface-help/policies/policies-decryption)
• Objects > Decryption Profile (https://www.paloaltonetworks.com/documentation/80/pan-
os/web-interface-help/objects/objects-decryption-profile)
Sample Question
1. Which parameter cannot be used in a Decryption policy rule?
A. User-ID
B. App-ID
C. Source Zone
D. Destination Zone
Identify the Different Types of Certificates Used in the SSL Decryption Process
With a Decryption policy configured, a session between the client and the server is established only if
the firewall trusts the CA that signed the server certificate. To establish trust, the firewall must have the
server root CA certificate in its certificate trust list (CTL) and use the public key contained in that root CA
certificate to verify the signature. The firewall then presents a copy of the server certificate signed by
the Forward Trust certificate for the client to authenticate. You also can configure the firewall to use an
enterprise CA as a forward trust certificate for SSL Forward Proxy. If the firewall does not have the
server root CA certificate in its CTL, the firewall will present a copy of the server certificate signed by the
Forward Untrust certificate to the client. The Forward Untrust certificate ensures that clients are
prompted with a certificate warning when they attempt to access sites hosted by a server with
untrusted certificates.
Sample Question
1. Which decryption method requires the client to trust either the firewall’s own self-signed
certificate or a certificate authority that provided the firewall with a certificate?
A. Forward Proxy
B. Inbound Inspection
C. SSH Proxy
D. Reverse Proxy
The answer is under the heading “Answer for Identify the Different Types of Certificates Used in
the SSL Decryption Process.”
The answers are under the heading “Answers for the Sample Test.”
2. Which two answers could you give a prospect who says that updating the WildFire malware list
twice a week is unacceptable? (Choose two.)
A. With a WildFire subscription you get an update every few minutes.
B. With the Threat subscription you get an update every few minutes.
C. With the Threat subscription you get an update every hour.
D. With the Threat subscription you get an update every 24 hours.
E. Twice a week is sufficient; malware does not propagate that quickly.
4. Which Palo Alto Networks product directly protects corporate laptops when people use them
from home?
A. next-generation firewall
B. Panorama
C. WildFire
D. GlobalProtect
5. Which two C2 channels may be used when a computer tries to access the URL
http://part1.of.big.secret.i.am.exfiltrating.evil.com/part2/of/the/same/secret? (Choose two.)
A. email
B. DNS
C. URL
D. SMS
8. Which two behaviors would fail to disguise the malware? (Choose two.)
A. Use domains known to be run by dynamic DNS providers.
B. Disguise the C2 traffic as email.
C. Browse directly to IP addresses without DNS resolution.
D. Infect multiple hosts before accessing the C2 channel, so that each time the C2 request
message comes from a different IP address.
E. Slow down C2 traffic to one packet in each direction each day.
9. Which element of the NGFW does the NGFW UTD show potential customers?
A. how to set up NGFW for the first time
B. how to migrate from a different firewall to NGFW
C. How to integrate with the Advanced Endpoint Protection
D. How to integrate with WildFire
10. Which firewall series (one or more) requires you to specify in the Bill of Materials the Network
Processing Cards (NPC) to include?
A. A Bill of Materials that specifies the NPC is never needed; Palo Alto Networks appliances
don’t support hardware customization
B. PA-7000
C. PA-5000 and PA-7000
D. PA-3000, PA-5000, and PA-7000
12. A company has no internal network and only a few people work from home and use public SaaS
services (such as Google Docs). Is there any component of the Palo Alto Networks security
platform that is not needed, and if so, which one is it?
A. WildFire
B. Traps
C. NGFW
D. All the components are needed
16. Which three features are not supported by HA lite, but are available on higher-end models?
(Choose three.)
17. What could cause “split brain” in an active/passive (A/P) high availability setup?
A. Nothing; it is only a problem in active/active (A/A).
B. The connection between the dataplane ports is broken and there is no configured
backup, so no heartbeat.
C. The connection between the management plane ports is broken and there is no
configured backup, so no heartbeat.
D. The two ports, HA1 and HA2, are always backup connections to each other, so only if
both connections are broken would you get a “split brain.” problem
18. A best practice is to either block executables or to send them to WildFire. Which file extension is
not an executable?
A. .jar
B. .exe
C. .txt
D. .sys
19. Which action could disconnect a potentially infected host from the network?
A. Alert
B. Reset Client
C. Reset Server
D. Block IP
20. Which component of the security platform turns unknown attacks into known attacks?
A. Next-generation firewall
B. Advanced Endpoint Protection
C. WildFire
D. Autofocus
22. Must the agent account be a member of the Distributed COM Users group?
A. yes, always
B. only when using the Windows-based User-ID agent
C. only when using the PAN-OS® integrated User-ID agent
D. No, never
23. Which characteristic (or characteristics), if any, of a predefined application can be viewed and
modified by an administrator?
A. signature
B. timeout values
C. both the signature and the timeout values
D. neither the signature nor the timeout values
24. Which two decryption modes require an SSL certificate? (Choose two)
A. Forward Proxy
B. Inbound Inspection
C. Reverse Proxy
D. SSH Proxy
E. Outbound Inspection
Answers for
Positioning: Platform
Answer for Identify the Architecture Components That Benefit from WildFire
1. A
Answers for Identify the Impact of the Intelligence Coming from the Threat Intelligence
Cloud
1. C
2. D
Answer for Identify the Sources of Data for the Threat Intelligence Cloud
1. B
Answer for Identify the Core Values of the Palo Alto Networks Security Platform
1. B
Answers for Identify How to Position the Value of a Next-Generation Firewall Over a Legacy
Firewall
1. B
Answers for Identify the Reporting Capabilities of the Palo Alto Networks Firewall
1. B
2. C
Answer for Given a Customer Statdump File, Identify How to Generate an SLR Report
1. B
Answer for Given a Customer Environment, Identify the NGFW Model That Should Be Used to
Secure the Network
1. D
Answer for Given a Customer Environment, Identify How Aperture Should Be Used to Secure
the Enterprise
1. D
Answer for Given a Customer Environment, Identify How Autofocus Should Be Used to
Secure the Enterprise
1. A
Answer for Given a Customer Environment, Identify How Traps Should Be Used to Secure the
Endpoint
1. D
Answer for Given a Customer Environment, Identify How WildFire Should Be Used to Secure
the Enterprise
1. D
Answer for Given a Customer Environment, Identify How NGFW, WildFire, and Traps Should
Be Used to Secure the Enterprise
1. C
Answer for Identify the Benefits of Panorama for Deploying Palo Alto Networks Products
1. B
Answer for Given a Customer Scenario, Identify How to Design a Redundant Panorama
Deployment
1. D
Answer for Identify the Differences in Licensing of Panorama as a Hardware Solution vs. as a
Software Solution
1. D
Answers for Identify Deployment Best Practices for Scheduling Dynamic Updates
1. A, B
Answer for Given a Series of Designs, Choose the Design(s) That Would Require Virtual
Systems (vsys)
1. B
Answer for Identify Best Practices for Tuning a Palo Alto Networks Firewall for Maximum
Performance
1. B
The answer is under the heading “Answer for Identify Best Practices for Tuning a Palo Alto
Networks Firewall for Maximum Performance.”
Answers for What Can Be Applied to Prevent Users from Unknowingly Downloading
Malicious File Types from the Internet?
1. A, E
Answer for Identify the Methods and Order of Precedence That User-ID Uses
1. C
Answer for Identify How to Overcome Privacy and Legal Objections to Decryption
1. B
Answer for Identify the Different Types of Certificates Used in the SSL Decryption Process
1. A
Advanced Encryption Standard (AES): A symmetric block cipher based on the Rijndael cipher.
application programming interface (API): A set of routines, protocols, and tools for building software
applications and integrations.
bot: Individual endpoints that are infected with advanced malware that enables an attacker to take
control of the compromised endpoint. Also known as a zombie. See also botnet.
botnet: A network of bots (often tens of thousands or more) working together under the control of
attackers using numerous command and control (C2) servers. See also bot.
bring your own apps (BYOA): Closely related to BYOD, BYOA is a policy trend in which organizations
permit end users to download, install, and use their own personal apps on mobile devices, primarily
smartphones and tablets, for work-related purposes. See also bring your own device (BYOD).
bring your own device (BYOD): A policy trend in which organizations permit end users to use their own
personal devices, primarily smartphones and tablets, for work-related purposes. BYOD relieves
organizations from the cost of providing equipment to employees, but creates a management challenge
due to the vast number and type of devices that must be supported. See also bring your own apps
(BYOA).
covered entity: Defined by HIPAA as a healthcare provider that electronically transmits PHI (such as
doctors, clinics, psychologists, dentists, chiropractors, nursing homes, and pharmacies), a health plan
(such as a health insurance company, health maintenance organization, company health plan, or
government program including Medicare, Medicaid, military and veterans’ healthcare), or a healthcare
clearinghouse. See also Health Insurance Portability and Accountability Act (HIPAA) and protected health
information (PHI).
data encapsulation: A process in which protocol information from the OSI layer immediately above is
wrapped in the data section of the OSI layer immediately below. See also open systems interconnection
(OSI) reference model.
distributed denial-of-service (DDOS): A type of cyberattack in which extremely high volumes of network
traffic such as packets, data, or transactions are sent to the target victim’s network to make their
network and systems (such as an e-commerce website or other web application) unavailable or
unusable.
electronic health record (EHR): As defined by HealthIT.gov, an EHR “goes beyond the data collected in
the provider’s office and include[s] a more comprehensive patient history. EHR data can be created,
managed, and consulted by authorized providers and staff from across more than one healthcare
organization.”
electronic medical record (EMR): As defined by HealthIT.gov, an EMR “contains the standard medical
and clinical data gathered in one provider’s office.”
endpoint: A computing device such as a desktop or laptop computer, handheld scanner, point-of-sale
(POS) terminal, printer, satellite radio, security or videoconferencing camera, self-service kiosk, server,
smart meter, smart TV, smartphone, tablet, or Voice over Internet Protocol (VoIP) phone. Although
endpoints can include servers and network equipment, the term is generally used to describe end user
devices.
extensible markup language (XML): A programming language specification that defines a set of rules for
encoding documents in a human- and machine-readable format.
false negative: In anti-malware, malware that is incorrectly identified as a legitimate file or application.
In intrusion detection, a threat that is incorrectly identified as legitimate traffic. See also false positive.
false positive: In anti-malware, a legitimate file or application that is incorrectly identified as malware.
In intrusion detection, legitimate traffic that is incorrectly identified as a threat. See also false negative.
favicon (“favorite icon”): A small file containing one or more small icons associated with a particular
website or webpage.
generic routing encapsulation (GRE): A tunneling protocol developed by Cisco Systems® that can
encapsulate various network layer protocols inside virtual point-to-point links.
Gramm-Leach-Bliley Act (GLBA): A U.S. law that requires financial institutions to implement privacy and
information security policies to safeguard the non-public personal information of clients and consumers.
Also known as the Financial Services Modernization Act of 1999.
Health Insurance Portability and Accountability Act (HIPAA): A U.S. law that defines data privacy and
security requirements to protect individuals’ medical records and other personal health information. See
also covered entity and protected health information (PHI).
indicator of compromise (IOC): A network or operating system (OS) artifact that provides a high level of
confidence that a computer security incident has occurred.
least privilege: A network security principle in which only the permission or access rights necessary to
perform an authorized task are granted.
malware: Malicious software or code that typically damages, takes control of, or collects information
from an infected endpoint. Malware broadly includes viruses, worms, Trojan horses (including Remote
Access Trojans, or RATs), anti-AV, logic bombs, backdoors, rootkits, bootkits, spyware, and (to a lesser
extent) adware.
Network and Information Security (NIS) Directive: A European Union (EU) directive that imposes
network and information security requirements – to be enacted by national laws across the EU within
two years of adoption in 2016 – for banks, energy companies, healthcare providers and digital service
providers, among others.
one-way (hash) function: A mathematical function that creates a unique representation (a hash value)
of a larger set of data in a manner that is easy to compute in one direction (input to output), but not in
the reverse direction (output to input). The hash function can’t recover the original text from the hash
value. However, an attacker could attempt to guess what the original text was and see if it produces a
matching hash value.
open systems interconnection (OSI) reference model: Defines standard protocols for communication
and interoperability using a layered approach in which data is passed from the highest layer
(application) downward through each layer to the lowest layer (physical), then transmitted across the
network to its destination, then passed upward from the lowest layer to the highest layer. See also data
encapsulation.
Payment Card Industry Data Security Standards (PCI DSS): A proprietary information security standard
mandated and administered by the PCI Security Standards Council (SSC), and applicable to any
organization that transmits, processes, or stores payment card (such as debit and credit cards)
information. See also PCI Security Standards Council (SSC).
PCI: See Payment Card Industry Data Security Standards (PCI DSS).
PCI DSS: See Payment Card Industry Data Security Standards (PCI DSS).
PCI Security Standards Council (SSC): Comprised of Visa, MasterCard, American Express, Discover, and
JCB, the SSC maintains, evolves, and promotes PCI DSS. See also Payment Card Industry Data Security
Standards (PCI DSS).
Personal Information Protection and Electronic Documents Act (PIPEDA): A Canadian privacy law that
defines individual rights with respect to the privacy of their personal information, and governs how
private sector organizations collect, use, and disclose personal information in the course of business.
Personally Identifiable Information (PII): Defined by the U.S. National Institute of Standards and
Technology (NIST) as “any information about an individual maintained by an agency, including (1) any
information that can be used to distinguish or trace an individual’s identity… and (2) any other
information that is linked or linkable to an individual….”
PIPEDA: See Personal Information Protection and Electronic Documents Act (PIPEDA).
protected health information (PHI): Defined by HIPAA as information about an individual’s health
status, provision of healthcare, or payment for healthcare that includes identifiers such as names,
geographic identifiers (smaller than a state), dates, phone and fax numbers, email addresses, Social
Security numbers, medical record numbers, or photographs, among others. See also Health Insurance
Portability and Accountability Act (HIPAA).
public key infrastructure (PKI): A set of roles, policies, and procedures needed to create, manage,
distribute, use, store, and revoke digital certificates and manage public key encryption.
Remote Authentication Dial-In User Service (RADIUS): A client/server protocol and software that
enables remote access servers to communicate with a central server to authenticate users and authorize
access to a system or service.
representational state transfer (REST): An architectural programming style that typically runs over
HTTP, and is commonly used for mobile apps, social networking websites, and mashup tools.
Sarbanes-Oxley (SOX) Act: A U.S. law that increases financial governance and accountability in publicly
traded companies.
script kiddie: Someone with limited hacking and/or programming skills that uses malicious programs
(malware) written by others to attack a computer or network.
Secure Sockets Layer (SSL): A cryptographic protocol for managing authentication and encrypted
communication between a client and server to protect the confidentiality and integrity of data
exchanged in the session.
Software as a Service (SaaS): A cloud computing service model, defined by the U.S. National Institute of
Standards and Technology (NIST), in which “the capability provided to the consumer is to use the
provider’s applications running on a cloud infrastructure. The applications are accessible from various
client devices through either a thin client interface, such as a web browser, or a program interface. The
consumer does not manage or control the underlying cloud infrastructure including network, servers,
operating systems, storage, or even individual application capabilities, with the possible exception of
limited user-specific application configuration settings.”
spear phishing: A highly targeted phishing attack that uses specific information about the target to make
the phishing attempt appear legitimate.
Transport Layer Security (TLS): The successor to SSL (although it is still commonly referred to as SSL).
See also Secure Sockets Layer (SSL).
uniform resource locator (URL): A unique reference (or address) to an internet resource, such as a
webpage.
vulnerability: A bug or flaw that exists in a system or software, and creates a security risk.
zero-day threat: The window of vulnerability that exists from the time a new (unknown) threat is
released until security vendors release a signature file or security patch for the threat.
E-Learning
For those of you who want to keep up-to-date on our technology, a learning library of FREE e-Learning is
available. These on-demand, self-paced e-Learning classes are a great way of reinforcing the key
information for those who have been to the formal hands-on classes. They also serve as a great
overview and introduction to working with our technology for those unable to travel to a hands-on,
instructor-led class.
Simply register in our Learning Center and you will be given access to our eLearning portfolio. These
online classes cover foundational material and contain narrated slides, knowledge checks, and, where
applicable, demos for you to access.
New courses are being added often, so check back to see new curriculum available.
Palo Alto Networks Authorized Training Centers (ATCs) are located globally and offer a breadth of
solutions from onsite training to public, open environment classes. There are about 53 authorized
training centers at more than 80 locations worldwide. For class schedule, location, and training offerings
see https://www.paloaltonetworks.com/services/education/atc-locations.