Академический Документы
Профессиональный Документы
Культура Документы
NETWORKS
PSE PLATFORM
PRO 8.0
STUDY GUIDE
February 2018
Palo Alto Networks, Inc.
www.paloaltonetworks.com
© 2018 Palo Alto Networks – all rights reserved.
Aperture, AutoFocus, GlobalProtect, Palo Alto Networks, PAN-OS, Panorama, Traps, and WildFire are trademarks of Palo Alto Networks, Inc. All other
trademarks are the property of their respective owners.
Overview
This document is the Study Guide for the Palo Alto Networks Systems Engineer: Platform Professional
Certification Exam, abbreviated as PSE: Platform – P. This exam has been refreshed to reflect product
updates, and has increased in scope to encompass the former PSE: Cyber Security subdiscipline, which
has been deprecated.
This new exam is now better focused on the Palo Alto Networks Platform as a whole, and has been
carefully tuned to better evaluate an SE’s pre-sales capability.
Prerequisites
You should complete the following prerequisites before attempting this exam:
You have passed the Palo Alto Networks Systems Engineer: Platform – Associate Accreditation
Exam, abbreviated as PSE: Platform – A.
You have completed a year of full-time experience as a Palo Alto Networks SE, either as a Palo
Alto Networks employee SE or as a Partner employee SE.
Exam Format
The test format is 60 multiple-choice items. Native English speakers will have 10 minutes to complete
the Non-Disclosure Agreement (NDA) and 80 minutes to complete the questions. Non-native English
speakers will have 10 minutes for the NDA and 110 minutes to complete the questions.
To access the PSE Professional exams, partners need to add the Private Access Code:
PSEPROFESSIONAL18
Positioning: Platform
References
At a Glance: WildFire
https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/faqs/at-a-glance-
wildfire.pdf
Log in to WildFire (https://wildfire.paloaltonetworks.com/wildfire) and then click Upload
Sample and Account. Both pages contain relevant information.
Sample Question
1. Which file type is not supported by WildFire?
A. iOS applications
Answers under the heading “Answer for Identify the Architecture Components that Benefit from
WildFire.”
Identify the Impact of the Intelligence Coming from the Threat Intelligence
Cloud
The firewall forwards unknown samples for WildFire analysis based on the configured WildFire Analysis
Profile settings. It detects links included in emails, files that are attached to emails, and browser‐based
file downloads, and also leverages the Palo Alto Networks App‐ID feature to detect file transfers within
applications. For samples that the firewall detects, the firewall checks the sample hash against WildFire
signatures to determine if WildFire has previously analyzed the sample. A sample that is identified as
malware is blocked. If the sample remains unknown after it is compared against existing WildFire
signatures, the firewall forwards the sample for WildFire analysis.
References
WildFire 8.0 Administrator’s Guide:
• WildFire Concepts
https://www.paloaltonetworks.com/documentation/80/wildfire/wf_admin/wildfire-
overview/wildfire-concepts
• WildFire Subscription
https://www.paloaltonetworks.com/documentation/80/wildfire/wf_admin/wildfire-
overview/wildfire-subscription
• Firewall File Forwarding Capacity by Model
https://www.paloaltonetworks.com/documentation/80/wildfire/wf_admin/submit-files-for-
wildfire-analysis/firewall-file-forwarding-capacity-by-model
PAN-OS® 8.0 Administrator’s Guide:
• Install Content and Software Updates
https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/getting-
started/install-content-and-software-updates
Sample Questions
1. Can you get WildFire functionality without an internet connection?
A. no
B. yes, using a WF-400 appliance
C. yes, using a WF-500 appliance
The answers are under the heading “Answers for Identify the Impact of the Intelligence Coming
from the Threat Intelligence Cloud.”
References
Documentation about WildFire integration with third-party products follows:
Airwatch:
https://my.airwatch.com/help/9.1/en/Content/Expert_Guides/App_Scan_Integration/WildFire/
C/Overview_Intro.htm
ForeScout: https://www.forescout.com/forescout-integration-palo-alto-networks-wildfire-
combats-advanced-threats/
Proofpoint: https://www.proofpoint.com/us/proofpoint-and-palo-alto-networks-partner-
integrate-automated-threat-protection
Tanium: https://docs.tanium.com/connect/connect/paloalto.html
Tripwire: http://www.tripwire.com/solutions/integrations/palo-alto/
Trusteer: http://www.trusteer.com/sites/default/files/PANIntegration.pdf
Sample Question
1. Which information does Tanium get from WildFire?
A. none; it provides information to WildFire
The answer is under the heading “Answer for Identify the Sources of Data for the Threat
Intelligence Cloud.”
Identify the Core Values of the Palo Alto Networks Security Platform
The Palo Alto Networks next-generation security platform has four major features that enable the
prevention of successful cyberattacks:
References
WildFire 8.0 Administrator’s Guide:
• WildFire Concepts
https://www.paloaltonetworks.com/documentation/80/wildfire/wf_admin/wildfire-
overview/wildfire-concepts
PAN-OS® 8.0 Administrator’s Guide:
Sample Question
1. Which attack is the Palo Alto Networks security platform unable to stop?
A. Attacks that do not cross the firewall from a Linux server to a desktop client
B. Attacks that do not cross the firewall from a desktop client to a Linux server
C. Attacks that do not cross the firewall, regardless of source or destination
D. Interzone attacks, regardless of source or destination
E. Intrazone attacks, regardless of source or destination
The answer is under the heading “Answer for Identify the Core Values of the Palo Alto Networks
Security Platform.”
Primary functions of the Palo Alto Networks Migration Tool are as follows:
Third-party migration
Adoption of App-ID
Optimization
Consolidation
Centralized management with Panorama
Auto-zoning
Customized response pages
References
Migration tool datasheet
https://www.paloaltonetworks.com/apps/pan/public/downloadResource?pagePath=/content/p
an/en_US/resources/datasheets/migration-tool
Sample Question
1. Which is not a feature of the migration tool?
A. policy migration
B. auto-zoning
C. adoption of App-ID
D. adoption of User-ID
The answer is under the heading “Answer for Identify the Presale Benefits of the Migration
Tool.”
These applications increasingly are using encrypted SSL tunnels on port 443. They use clever evasive
tactics to disguise themselves or use port-hopping to find any entry point through your firewall. Legacy
firewalls and UTMs cannot safely enable these applications. At best, they can attempt to prevent the
Palo Alto Networks next-generation firewalls enables control of applications and content (by user, not
just IP address) at up to 20Gbps with no performance degradation. The App-ID technology enables
applications – regardless of port, protocol, evasive tactic, or SSL encryption. It scans content to stop
targeted threats and prevent data leakage. You can safely enable the use of applications, maintain
complete visibility and control.
References
WildFire 8.0 Administrator’s Guide:
• WildFire Concepts
https://www.paloaltonetworks.com/documentation/80/wildfire/wf_admin/wildfire-
overview/wildfire-concepts
PAN-OS® 8.0 Administrator’s Guide:
• Segment Your Network Using Interfaces and Zones
https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/getting-
started/segment-your-network-using-interfaces-and-zones
GlobalProtect 8.0 Administrator’s Guide:
• What Features Does GlobalProtect Support?
https://www.paloaltonetworks.com/documentation/80/globalprotect/globalprotect-admin-
guide/globalprotect-overview/what-features-does-globalprotect-support
Traps 4.0 Administrator’s Guide:
Sample Question
1. Which Palo Alto Networks product directly protects corporate laptops when people use them
from home?
A. next-generation firewall
B. Traps
C. Panorama
D. WildFire
The answer is under the heading “Answers for Identify How to Position the Value of a Next-
Generation Firewall Over a Legacy Firewall.”
We use content-based protections to stop attacks at the C2 stage, thus preventing attackers from
controlling infected endpoints, spreading laterally within your organization, and accomplishing their
objectives.
Sample Question
1. Which two profile types can block a C2 channel? (Choose two.)
A. Anti-Spyware Profile
B. Certification Profile
C. Command and Control Profile
D. Decryption Profile
E. URL Filtering Profile
The answer is under the heading “Answers for Identify the Protections That the Next-Generation
Firewall Uses to Prevent Command-and-Control Traffic.”
Sample Questions
1. The customer wants a monthly report of the number of connections (of a particular application)
per day. Where do you specify that the report is by days?
A. Query Builder
B. Group By field
C. Order By field
D. Time Frame field
2. The customer wants the report to be in chronological order. Where is this setting specified?
A. Query Builder
B. Group By field
C. Order By field
D. Time Frame field
The answers are under the heading “Answers for Identify the Reporting Capabilities of the Palo
Alto Networks Firewall.”
References
PAN-OS® 8.0 Administrator’s Guide:
• View Reports https://www.paloaltonetworks.com/documentation/80/pan-os/pan-
os/monitoring/view-and-manage-reports/view-reports
• Manage Report Groups https://www.paloaltonetworks.com/documentation/80/pan-
os/pan-os/monitoring/view-and-manage-reports/manage-report-groups
• Schedule Reports for Email Delivery
https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/monitoring/view-
and-manage-reports/schedule-reports-for-email-delivery
Sample Question
1. In which two ways can you receive regularly scheduled reports? (Choose two.)
A. Retrieve the reports from the Palo Alto Networks web-based user interface
B. Upload the report to a document repository using FTP
C. Configure automatic email delivery for regularly scheduled reports
The answer is under the heading “Answer for Identify the Process of Automated Report
Distribution.”
References
PAN-OS® 8.0 Administrator’s Guide:
• Generate Botnet Reports https://www.paloaltonetworks.com/documentation/80/pan-
os/pan-os/monitoring/view-and-manage-reports/generate-botnet-reports
Sample Question
1. To disguise the C2 channel, the author of Vicious Worm (a new malware) buys five new domain
names each week and uses those domains for C2. How does that practice affect the botnet
report?
A. It helps disguise the malware.
B. It fails to disguise the malware because access to new domains (registered in the last
week) is counted as suspicious.
C. It fails to disguise the malware because access to new domains (registered in the last 30
days) is counted as suspicious.
D. It fails to disguise the malware because access to new domains (registered in the last 60
days) is counted as suspicious.
The answer is under the heading “Answer for Identify the Capabilities That Detect IOC.”
Sample Question
1. A company allows employees some personal use of the internet during work time. However, the
CEO is afraid that employees are using too much of the bandwidth for YouTube, thus causing a
performance problem. Which section of the SLR could confirm or allay this fear?
A. High-Risk Applications
B. Bandwidth Consumed by Applications
C. Categories Consuming the Most Bandwidth
D. Categories with the Most Applications
The answer is under the heading “Answer for Given a Customer Description, Identify the
Appropriate Section of an SLR (Security Lifecycle Review) to Highlight During the Presentation.”
References
PAN-OS® 8.0 Administrator’s Guide:
• Tap Interfaces https://www.paloaltonetworks.com/documentation/80/pan-os/pan-
os/networking/configure-interfaces/tap-interfaces
https://live.paloaltonetworks.com/t5/Management-Articles/Changing-the-Time-Frame-for-a-
Report-Stats-Dump/ta-p/59208
Sample Question
1. Which interface mode do you use to generate the statdump file that can be converted into an
SLR? Assume that you want to make the evaluation as non-intrusive as possible.
A. Tap
B. Virtual Wire
C. L2
D. L3
References
Security Lifecycle Review Quick Start Guide https://intranet.paloaltonetworks.com/docs/DOC-
15462
Security Lifecycle Review Quick Start Guide for Partners
https://www.paloaltonetworks.com/content/dam/pan/en_US/partners/nextwave/85132/execu
tive-slr-partners-quickstartguide.pdf
PSE Platform Associate docs (Student Manual > Examining Customer Data, p. 356 in the current
version)
Sample Question
1. Which tool do you use to convert a statdump file to an SLR report?
A. Palo Alto Networks public website
B. Palo Alto Networks partner-only website
C. The generate_slr.py script, available for download from the Palo Alto Networks public
website
D. The generate_slr.py script, available for download from the Palo Alto Networks partner-
only website
The answer is under the heading “Answer for Given a Customer Statdump File, Identify How to
Generate an SLR Report.”
Identify the Characteristics and Best Practices of Ultimate Test Drive (UTD)
Seminars
The Palo Alto Networks Ultimate Test Drive program is designed to provide you with a guided hands-on
experience of Palo Alto Networks’ products. There are multiple test drives you can offer to prospective
customers:
Next-Generation Firewall
Threat Prevention
Virtualized Data Center
Migration Process
Advanced Endpoint Protection
VM-Series for Amazon Web Services (AWS)
Reference
https://www.paloaltonetworks.com/apps/pan/public/downloadResource?pagePath=/content/p
an/en_US/resources/datasheets/ultimate-test-drive-brochure
The answer is under the heading “Answer for Identify the Characteristics and Best Practices of
Ultimate Test Drive (UTD) Seminars.”
Sample Question
1. Which firewall appliances can you order with either an AC power supply or a DC power supply?
A. PA-7000 Series
B. PA-5200 Series and PA-7000 Series
C. PA-3000 Series, PA-5200 Series, and PA-7000 Series
D. All Palo Alto Networks appliances can be ordered with either an AC power supply or a
DC power supply
The answer is under the heading “Answer for Given a Palo Alto Networks Solution Scenario
Including Products, Subscription Licenses, and Support, Identify the Bill of Materials That Should
Be Written.”
Given a Customer Environment, Identify the NGFW Model That Should Be Used
to Secure the Network
If you select a model that is too weak, performance will suffer and the customer will return the firewall.
If you select a model that is too strong, it will also be too expensive. You must select the correct model
for the circumstances.
References
Compare Firewalls https://www.paloaltonetworks.com/products/product-selection
The answer is under the heading “Answer for Given a Customer Environment, Identify the
NGFW Model That Should Be Used to Secure the Network.”
References
At a Glance Aperture
https://www.paloaltonetworks.com/apps/pan/public/downloadResource?pagePath=/content/p
an/en_US/resources/datasheets/aperture-at-glance
Sample Question
1. An enterprise needs to use web storage to collaborate with business partners. Which step is
required to ensure that web storage is not used to exfiltrate sensitive data from the enterprise?
The answer is under the heading “Answer for Given a Customer Environment, Identify How
Aperture Should Be Used to Secure the Enterprise.”
References
At a Glance: Autofocus
https://www.paloaltonetworks.com/apps/pan/public/downloadResource?pagePath=/content/p
an/en_US/resources/datasheets/autofocus-at-a-glance
Sample Question
1. Which is not something AutoFocus can do?
A. Distinguish between attacks that attempt to exfiltrate data (violate confidentiality) and
attacks that attempt to modify it (violate integrity)
B. Display the processes started by specific malware
C. Display the network connections used by specific malware
D. Distinguish between commodity attacks and advanced persistent threats (APTs) directed
against the customer’s organization or industry
The answer is under the heading “Answer for Given a Customer Environment, Identify How
Autofocus Should Be Used to Secure the Enterprise.”
Traps targets software vulnerabilities in processes that open non-executable files using exploit
prevention techniques. Traps also uses malware prevention techniques to prevent malicious executable
files from running. The Traps solution uses this two-fold approach to prevent all types of attacks,
whether they are known or unknown threats.
References
Traps Administrator’s Guide:
• About Traps https://www.paloaltonetworks.com/documentation/40/endpoint/endpoint-
admin-guide/traps-overview/about-traps
Sample Question
1. Should Advanced Endpoint Management be installed on desktop PCs that stay behind the
corporate firewall?
A. There is no reason to install Advanced Endpoint Management on those desktop PCs
they are protected by the firewall.
B. Yes, because sometimes people take those desktops home to work over the weekend
C. Yes, because there might be a network connection that bypasses the firewall
D. Yes, because malware and exploit files might be able to traverse the network until it
they are identified by WildFire, and there are file propagation methods that bypass the
firewall, such as USB drives.
References
WildFire 8.0 Administrator’s Guide:
• WildFire Deployments
https://www.paloaltonetworks.com/documentation/80/wildfire/wf_admin/wildfire-
overview/wildfire-deployments
Sample Question
1. The R&D network of the defense contractor is not connected to the internet. However, it is
connected to SIPRNet https://en.wikipedia.org/wiki/SIPRNet, which is used to transfer classified
The answer is under the heading “Answer for Given a Customer Environment, Identify How
WildFire Should Be Used to Secure the Enterprise.”
References
Firewall Overview
https://www.paloaltonetworks.com/apps/pan/public/downloadResource?pagePath=/content/p
an/en_US/resources/datasheets/firewall-feature-overview-datasheet)
Traps Administrator’s Guide:
• About Traps https://www.paloaltonetworks.com/documentation/40/endpoint/endpoint-
admin-guide/traps-overview/about-traps
WildFire 8.0 Administrator’s Guide:
• WildFire Concepts
https://www.paloaltonetworks.com/documentation/80/wildfire/wf_admin/wildfire-
overview/wildfire-concepts
Sample Question
1. A company has no internal network and only a few people work from home and use public SaaS
services (such as Google Docs). Is there any component of the Palo Alto Networks security
platform that is not needed, and, if so, which one is it?
A. WildFire
B. Traps
C. NGFW
D. All the components are needed
The answer is under the heading “Answer for Given a Customer Environment, Identify How
NGFW, WildFire, and Traps Should Be Used to Secure the Enterprise.”
Identify Which Firewall Models Support vsys and Its Common Uses
Virtual systems provide the same basic functions as a physical firewall, along with additional benefits:
Segmented administration: Different organizations (or customers or business units) can control
(and monitor) a separate firewall instance so that they have control over their own traffic
without interfering with the traffic or policies of another firewall instance on the same physical
device.
Scalability: After the physical firewall is configured, addition or removal of customers or
business units can be done efficiently. An ISP, managed security service provider, or enterprise
can provide different security services to each customer.
Reduced capital and operational expenses: Virtual systems eliminate the need to have multiple
physical firewalls at one location because virtual systems co-exist on one firewall. Because the
organization does not have to purchase multiple firewalls, it can save on the hardware expense,
electric bills, and rack space, and can reduce maintenance and management expenses.
Sample Question
1. Which is the least costly Palo Alto Networks series that supports vsys (virtual systems)?
A. PA-220
B. PA-500
C. PA-3000
D. PA-5200
E. PA-7000
The answer is under the heading “Answer for Identify Which Firewall Models Support vsys and
Its Common Uses.”
You use templates to configure the settings that enable firewalls to operate on the network. Templates
enable you to define a common base configuration using the Network and Device tabs on Panorama. For
example, you can use templates to manage interface and zone configurations, server profiles for logging
and syslog access, and network profiles for controlling access to zones and IKE gateways. When you
define a template, consider assigning firewalls that are the same hardware model and require access to
similar network resources, such as gateways and syslog servers.
References
Panorama 8.0 Administrator’s Guide:
• Templates and Template Stacks
https://www.paloaltonetworks.com/documentation/80/panorama/panorama_adminguide/
panorama-overview/templates-and-template-stacks
• Device Groups
https://www.paloaltonetworks.com/documentation/80/panorama/panorama_adminguide/
panorama-overview/device-groups
• Device Group Policies
https://www.paloaltonetworks.com/documentation/80/panorama/panorama_adminguide/
panorama-overview/device-groups#28984
• Device Group Objects
https://www.paloaltonetworks.com/documentation/80/panorama/panorama_adminguide/
panorama-overview/device-groups#57171
Sample Questions
1. In Panorama, which policy gets evaluated first?
A. device group pre-rules
The answers are under the heading “Answers for Identify How to Use Device Groups and
Templates to Manage a Deployment.”
Identify the Benefits of Panorama for Deploying Palo Alto Networks Products
Panorama network security management enables you to control your distributed network of our
firewalls from one central location. View all your firewall traffic, manage all aspects of device
configuration, push global policies, and generate reports on traffic patterns or security incidents — all
from a single console.
References
https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/faqs/PAN_AAG_pano
rama_052615.pdf
Sample Question
1. Which is not an advantage of using Panorama?
A. centralized management
The answer is under the heading “Answer for Identify the Benefits of Panorama for Deploying
Palo Alto Networks Products.”
Centralized management: Centralized policy and device management that allows for rapid
deployment and management of up to 1,000 firewalls
Visibility: Centralized logging and reporting to analyze and report about user-generated traffic
and potential threats
Role-based access control: Appropriate levels of administrative control at the firewall level or
global level for administration and management
References
Panorama 8.0 Administrator’s Guide:
• Deploy Panorama with Dedicated Log Collectors
https://www.paloaltonetworks.com/documentation/80/panorama/panorama_adminguide/
manage-log-collection/log-collection-deployments/deploy-panorama-with-dedicated-log-
collectors
• Panorama High Availability
https://www.paloaltonetworks.com/documentation/80/panorama/panorama_adminguide/
panorama-high-availability
• Panorama HA Prerequisites
https://www.paloaltonetworks.com/documentation/80/panorama/panorama_adminguide/
panorama-high-availability/panorama-ha-prerequisites
• Logging Considerations in Panorama HA
https://www.paloaltonetworks.com/documentation/80/panorama/panorama_adminguide/
panorama-high-availability/logging-considerations-in-panorama-ha
Sample Question
1. A company has a physical data center on their premises and several applications protected by
virtual firewalls on AWS. Now they will install Panorama in high availability mode (one instance
in their data center, the other on AWS). Which configuration do they need in their physical data
center?
A. M-100
B. M-500
C. M-100 or M-500
D. Virtual appliance
The answer is under the heading “Answer for Given a Customer Scenario, Identify How to Design
a Redundant Panorama Deployment.”
Every instance of Panorama requires valid licenses that entitle you to manage the devices and to obtain
support. The device management license enforces the maximum number of devices that can be
managed by Panorama. The support license enables Panorama software updates and dynamic content
updates for the latest application and threat signatures, among other updates, that are published by
Palo Alto Networks.
References
Panorama 8.0 Administrator’s Guide:
• Register Panorama and Install Licenses, including all the subsections
https://www.paloaltonetworks.com/documentation/80/panorama/panorama_adminguide/
set-up-panorama/register-panorama-and-install-licenses
• Manage Licenses and Updates
https://www.paloaltonetworks.com/documentation/80/panorama/panorama_adminguide/
manage-licenses-and-updates
• Manage Licenses of Firewalls Using Panorama
https://www.paloaltonetworks.com/documentation/80/panorama/panorama_adminguide/
manage-licenses-and-updates/manage-licenses-on-firewalls-using-panorama
Sample Question
1. How often does Panorama contact the Palo Alto Networks licensing server to look for new
licenses for its firewalls?
A. never; you need to check manually
B. once a week
The answer is under the heading “Answer for Identify how to License a Panorama Deployment.”
Panorama also can be deployed as a virtual appliance on VMware ESXi, allowing organizations to
support their virtualization initiatives and consolidate rack space, which is sometimes limited or costly in
a data center.
References
Panorama 8.0 Administrator’s Guide:
• Panorama Models
https://www.paloaltonetworks.com/documentation/80/panorama/panorama_adminguide/
panorama-overview/panorama-models
Sample Question
1. What is the maximum storage capacity of a single Panorama virtual appliance in Panorama
mode?
A. 2 TB
B. 12 TB
C. 18 TB
D. 24 TB
The answer is under the heading “Answer for Identify the Differences in Licensing of Panorama
as a Hardware Solution vs. as a Software Solution.”
Sample Question
1. Which feature is not supported in active/active (A/A) mode?
A. IPsec tunneling
B. DHCP client
C. link aggregation
D. configuration synchronization
References
PAN-OS® 8.0 Administrator’s Guide:
• HA Links and Backup Links https://www.paloaltonetworks.com/documentation/80/pan-
os/pan-os/high-availability/ha-concepts/ha-links-and-backup-links
• Set Up Active/Passive HA https://www.paloaltonetworks.com/documentation/80/pan-
os/pan-os/high-availability/set-up-activepassive-ha
• Set Up Active/Active HA https://www.paloaltonetworks.com/documentation/80/pan-
os/pan-os/high-availability/set-up-activeactive-ha
Sample Question
1. Which high availability port (or ports) is used for which plane?
A. HA1 for the dataplane, HA2 for the management plane.
B. HA1 for the management plane, HA2 for the dataplane.
C. If HA1 works, it is used for both data and management. HA2 is a backup.
D. HA1 for the management plane, HA2 for the dataplane in the 7000 Series. The less
costly models have only an HA1, which is used for both management and data.
The answer is under the heading “Answer for Identify the Functions of a Given HA Port.”
References
PAN-OS® 8.0 Administrator’s Guide:
• Install Content and Software Updates
https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/getting-
started/install-content-and-software-updates
Sample Question
1. Which two updates should be scheduled to occur once a day? (Choose two.)
A. Antivirus
B. PAN-DB URL Filtering
C. WildFire
D. Applications and Threats
E. SMS channel
The answer is under the heading “Answer for Identify Deployment Best Practices for Scheduling
Dynamic Updates.”
Given a Series of Designs, Choose the Design(s) That Would Require Virtual
Systems (vsys)
Virtual systems are separate, logical firewall instances within a single physical Palo Alto Networks
firewall. Rather than use multiple firewalls, managed service providers and enterprises can use a single
pair of firewalls (for high availability) and enable virtual systems on them. Each virtual system (vsys) is an
independent, separately managed firewall with its traffic kept separate from the traffic of other virtual
systems.
Sample Question
1. Which is not a reason to use virtual systems?
A. Multiple customers colocated in the same data center, and as the data center owner
you want to upsell a firewall service
B. The organization runs a virtualized firewall
C. A company’s business requirements are for a central IT department to manage the
firewall itself, but departments to manage their own Security policy.
D. An ISP wants to include a firewall service, with the firewall on their premises between
the customers’ connection and the internet.
The answer is under the heading “Answer for Given a Series of Designs, Choose the Design(s)
That Would Require Virtual Systems (vsys).”
Identify Best Practices for Tuning a Palo Alto Networks Firewall for Maximum
Performance
A best practice security policy is iterative. It is a tool for safely enabling applications, users, and content
by classifying all traffic, across all ports, all the time. As soon as you define the initial internet gateway
Security policy, you must begin to monitor the traffic that matches the temporary rules designed to
identify policy gaps, monitor alarming behavior, and tune your policy accordingly. By monitoring traffic
that is covered by these rules, you can make appropriate adjustments to your rules to either ensure that
all traffic is hitting your whitelist application or to allow rules or assess whether particular applications
should be allowed. As you tune your rulebase, you should see less and less traffic hitting these rules.
When you no longer see traffic encountering these rules, your positive enforcement whitelist rules are
complete and you can remove the temporary rules.
Sample Question
1. It is best practice to either block executables or send them to WildFire. Which file extension is
not an executable?
A. .jar
B. .rtf
C. .scr
D. .sys
The answer is under the heading “Answer for Identify Best Practices for Tuning a Palo Alto
Networks Firewall for Maximum Performance.”
References
PAN-OS® 8.0 Administrator’s Guide:
• Use DNS Queries to Identify Infected Hosts on the Network
https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/threat-
prevention/use-dns-queries-to-identify-infected-hosts-on-the-network
• Vulnerability Protection Profiles
https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/policy/vulnerability-
protection-profiles
• Install Content and Software Updates
https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/getting-
started/install-content-and-software-updates
The answer is under the heading” Answer for Identify How to Protect Against Known
Commodity Attacks.”
References
WildFire 8.0 Administrator’s Guide:
Sample Question
1. Which security posture is most likely to stop unknown attacks?
A. allow all the traffic that is not explicitly denied
B. deny all the traffic that is not explicitly allowed
C. deny all the traffic that is not explicitly allowed from the outside, and allow all the traffic
that is not explicitly denied from the inside
D. deny all the traffic that is not explicitly allowed from the inside, and allow all the traffic
that is not explicitly denied from the outside
The answer is under the heading “Answer for Identify How to Protect Against Unknown
Attacks.”
Sample Question
1. Which two features make a file potentially dangerous and cause the security platform to reject
it? (Choose two.)
A. Executable code (Windows code in PE files, Android code in APK files, etc.)
B. Offensive graphics
C. Financial information
D. Potentially dangerous source code
E. Malformed information that can exploit a vulnerability in a reader for that file type (for
example, a PDF file that runs a separate program)
The answer is under the heading “Answer for What Can Be Applied to Prevent Users from
Unknowingly Downloading Malicious File Types from the Internet?”
References
PAN-OS® 8.0 Administrator’s Guide:
• Configure User Mapping Using the Windows User-ID Agent
https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/user-id/configure-
user-mapping-using-the-windows-user-id-agent
• Configure User Mapping Using the PAN-OS Integrated User-ID Agent
https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/user-id/configure-
user-mapping-using-the-pan-os-integrated-user-id-agent
• Configure User-ID to Monitor Syslog Senders for User Mapping
https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/user-id/map-ip-
addresses-to-users/configure-user-id-to-monitor-syslog-senders-for-user-mapping
• Map IP Addresses to Usernames Using Captive Portal
https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/user-id/map-ip-
addresses-to-users/map-ip-addresses-to-usernames-using-captive-portal
• Deploy User-ID for Numerous Mapping Information Sources
https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/user-id/deploy-
user-id-in-a-large-scale-network/deploy-user-id-for-numerous-mapping-information-
sources
The answer is under the heading “Answer for Identify Where to Configure User-ID in the UI.”
References
PAN-OS® 8.0 Administrator’s Guide:
• User-ID Concepts https://www.paloaltonetworks.com/documentation/80/pan-os/pan-
os/user-id/user-id-concepts
• Create a Dedicated Service Account for the User-ID Agent
https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/user-id/map-ip-
addresses-to-users/create-a-dedicated-service-account-for-the-user-id-agent
The answer is under the heading “Answer for Identify How to Obtain the Parameters to
Configure User-ID.”
References
User-ID: Strengthen Security Posture and Improve Visibility by Mapping Network Traffic to Users
https://www.paloaltonetworks.com/apps/pan/public/downloadResource?pagePath=/content/p
an/en_US/resources/techbriefs/user-id-tech-brief
The answer is under the heading “Answer for Identify the Methods and Order of Precedence
That User-ID Uses.”
Sample Question
1. Should you limit the permission of the user that runs the User-ID agent? If so, why?
A. Yes, because of the principle of least privilege. You should give only processes those
permissions that are necessary for them to work.
B. Yes, to an extent. You can give it most privileges, but there is no actual user, so you
should not let it start an interactive login.
C. Yes, to an extent. You can give it most privileges, but there is no actual user, so you
should not let it have remote access.
D. No, there is nothing wrong with using the administrator’s account.
The answer is under the heading “Answer for Identify User-ID Deployment Best Practices.”
References
PAN-OS® 8.0 Administrator’s Guide:
• App-ID Overview https://www.paloaltonetworks.com/documentation/80/pan-os/pan-
os/app-id/app-id-overview
• Manage Custom or Unknown Applications
https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/app-id/manage-
custom-or-unknown-applications
• Create a Custom Application https://www.paloaltonetworks.com/documentation/80/pan-
os/pan-os/app-id/use-application-objects-in-policy/create-a-custom-application
Learn by Doing
Play with App-ID on the user interface:
• Attempt to define a custom application
• View the application information and characteristics for a Palo Alto Networks App-ID. See if
you can see the App-ID signature, timeouts, etc.
Sample Question
1. Which three reasons could cause a firewall that is fully configured, including decryption, not to
recognize an application? (Choose three.)
A. The application is running over SSL.
B. There is no App-ID signature for the application.
C. The application is running over ICMP.
D. The application is running over UDP.
E. Incomplete data, meaning that the TCP handshake happened but there had been no
application traffic.
F. Insufficient data, meaning that there had been some application traffic.
The answer is under the heading “Answer for Identify the Parameters to Configure App-ID.”
Sample Question
1. Which two methods can you use to add an application that runs on TCP port 25 to the firewall?
(Choose two.)
A. Request an App-ID from Palo Alto Networks.
B. Create a custom application with a signature.
C. Create a custom application and define an Application Override policy.
D. Write JavaScript code to identify the application.
E. Write Python code to identify the application.
The answer is under the heading “Answer for Identify App-ID Deployment Best Practices.”
Use SSL Inbound Inspection to decrypt and inspect inbound SSL traffic from a client to a targeted server
(any server you have the certificate for and can import onto the firewall). For example, if an employee is
remotely connected to a web server hosted on the company network and is attempting to add
restricted internal documents to a Dropbox folder (which uses SSL for data transmission), SSL Inbound
Inspection can be used to ensure that the sensitive data does not move outside the secure company
network by blocking or restricting the session.
In an SSH Proxy configuration, the firewall resides between a client and a server. When the client sends
an SSH request to the server, the firewall intercepts the request and forwards the SSH request to the
server. The firewall then intercepts the server’s response and forwards the response to the client,
establishing an SSH tunnel between the firewall and the client and an SSH tunnel between the firewall
and the server, with firewall functioning as a proxy. As traffic flows between the client and the server,
the firewall can distinguish whether the SSH traffic is being routed normally or if it is using SSH tunneling
(port forwarding). Content and threat inspections are not performed on SSH tunnels; however, if SSH
tunnels are identified by the firewall, the SSH tunneled traffic is blocked and restricted according to
configured security policies.
Sample Question
1. Which decryption mode or modes require(s) the private key of the destination server? (Choose
the best answer.)
A. Forward Proxy
B. Inbound Inspection
C. Both Forward Proxy and Inbound Inspection
D. SSH Proxy
The answer is under the heading “Answer for Identify the Differences in Decryption
Configuration Between Forward Proxy, Inbound Proxy, and SSH Proxy.”
References
PAN-OS® 8.0 Administrator’s Guide:
• Decryption Exclusions https://www.paloaltonetworks.com/documentation/80/pan-os/pan-
os/decryption/decryption-exclusions#93953, including all the subtopics
PAN-OS® Web Interface Reference Guide 8.0:
• Policies > Decryption https://www.paloaltonetworks.com/documentation/80/pan-os/web-
interface-help/policies/policies-decryption
• Objects > Decryption Profile https://www.paloaltonetworks.com/documentation/80/pan-
os/web-interface-help/objects/objects-decryption-profile
Sample Question
1. Which parameter cannot be used in a Decryption policy rule?
A. User-ID
B. App-ID
C. Source Zone
D. Destination Zone
The answer is under the heading “Answer for Identify How to Overcome Privacy and Legal
Objections to Decryption.”
Identify the Different Types of Certificates Used in the SSL Decryption Process
With a Decryption policy configured, a session between the client and the server is established only if
the firewall trusts the CA that signed the server certificate. To establish trust, the firewall must have the
server root CA certificate in its certificate trust list (CTL) and use the public key contained in that root CA
certificate to verify the signature. The firewall then presents a copy of the server certificate signed by
the Forward Trust certificate for the client to authenticate. You also can configure the firewall to use an
enterprise CA as a forward trust certificate for SSL Forward Proxy. If the firewall does not have the
server root CA certificate in its CTL, the firewall will present a copy of the server certificate signed by the
References
PAN-OS® 8.0 Administrator’s Guide:
• Keys and Certificates for Decryption Policies
https://www.paloaltonetworks.com/documentation/80/pan-os/pan-
os/decryption/decryption-concepts/keys-and-certificates-for-decryption-policies
• SSL Forward Proxy https://www.paloaltonetworks.com/documentation/80/pan-os/pan-
os/decryption/decryption-concepts/ssl-forward-proxy
• SSL Inbound Inspection https://www.paloaltonetworks.com/documentation/80/pan-
os/pan-os/decryption/decryption-concepts/ssl-inbound-inspection
• SSH Proxy https://www.paloaltonetworks.com/documentation/80/pan-os/pan-
os/decryption/decryption-concepts/ssh-proxy
The answer is under the heading “Answer for Identify the Different Types of Certificates Used in
the SSL Decryption Process.”
The answers are under the heading “Answers for the Sample Test.”
2. Which two answers could you give a prospect who says that updating the WildFire malware list
twice a week is unacceptable? (Choose two.)
A. With a WildFire subscription you get an update every few minutes.
B. With the Threat subscription you get an update every few minutes.
C. With the Threat subscription you get an update every hour.
D. With the Threat subscription you get an update every 24 hours.
E. Twice a week is sufficient; malware does not propagate that quickly.
4. Which Palo Alto Networks product directly protects corporate laptops when people use them
from home?
A. next-generation firewall
B. Panorama
C. WildFire
D. GlobalProtect
5. Which two C2 channels may be used when a computer tries to access the URL
http://part1.of.big.secret.i.am.exfiltrating.evil.com/part2/of/the/same/secret? (Choose two.)
A. email
B. DNS
C. URL
D. SMS
E. ICMP
8. Which two behaviors would fail to disguise the malware? (Choose two.)
A. Use domains known to be run by dynamic DNS providers.
B. Disguise the C2 traffic as email.
C. Browse directly to IP addresses without DNS resolution.
D. Infect multiple hosts before accessing the C2 channel, so that each time the C2 request
message comes from a different IP address.
E. Slow down C2 traffic to one packet in each direction each day.
9. Which element of the NGFW does the NGFW UTD show potential customers?
A. how to set up NGFW for the first time
B. how to migrate from a different firewall to NGFW
C. How to integrate with the Advanced Endpoint Protection
D. How to integrate with WildFire
10. Which firewall series (one or more) requires you to specify in the Bill of Materials the Network
Processing Cards (NPC) to include?
A. A Bill of Materials that specifies the NPC is never needed; Palo Alto Networks appliances
don’t support hardware customization
B. PA-7000
C. PA-5200 and PA-7000
D. PA-3000, PA-5200, and PA-7000
11. An enterprise needs to use web storage to collaborate with business partners. Which step is
required to ensure that web storage is not used to exfiltrate sensitive data from the enterprise?
12. A company has no internal network and only a few people work from home and use public SaaS
services (such as Google Docs). Is there any component of the Palo Alto Networks security
platform that is not needed, and if so, which one is it?
A. WildFire
B. Traps
C. NGFW
D. All the components are needed
16. Which three features are not supported by HA lite, but are available on higher-end models?
(Choose three.)
A. Link Aggregation
B. DHCP lease information synchronization
17. What could cause “split brain” in an active/passive (A/P) high availability setup?
A. Nothing; it is only a problem in active/active (A/A).
B. The connection between the dataplane ports is broken and there is no configured
backup, so no heartbeat.
C. The connection between the management plane ports is broken and there is no
configured backup, so no heartbeat.
D. The two ports, HA1 and HA2, are always backup connections to each other, so only if
both connections are broken would you get a “split brain.” problem
18. A best practice is to either block executables or to send them to WildFire. Which file extension is
not an executable?
A. .jar
B. .exe
C. .txt
D. .sys
19. Which action could disconnect a potentially infected host from the network?
A. Alert
B. Reset Client
C. Reset Server
D. Block IP
20. Which component of the security platform turns unknown attacks into known attacks?
A. Next-generation firewall
B. Advanced Endpoint Protection
C. WildFire
D. Autofocus
23. Which characteristic (or characteristics), if any, of a predefined application can be viewed and
modified by an administrator?
A. signature
B. timeout values
C. both the signature and the timeout values
D. neither the signature nor the timeout values
24. Which two decryption modes require an SSL certificate? (Choose two)
A. Forward Proxy
B. Inbound Inspection
C. Reverse Proxy
D. SSH Proxy
E. Outbound Inspection
Answers for Identify the Impact of the Intelligence Coming from the Threat Intelligence
Cloud
1. C
2. D
Answer for Identify the Sources of Data for the Threat Intelligence Cloud
1. B
Answer for Identify the Core Values of the Palo Alto Networks Security Platform
1. B
Answers for Identify How to Position the Value of a Next-Generation Firewall Over a Legacy
Firewall
1. B
Answers for Identify the Reporting Capabilities of the Palo Alto Networks Firewall
1. B
2. C
Answer for Given a Customer Statdump File, Identify How to Generate an SLR Report
1. B
Answers for Identify the Characteristics and Best Practices of Ultimate Test Drive (UTD)
Seminars
1. B, C
Answer for Given a Customer Environment, Identify the NGFW Model That Should Be Used to
Secure the Network
1. D
Answer for Given a Customer Environment, Identify How Aperture Should Be Used to Secure
the Enterprise
1. D
Answer for Given a Customer Environment, Identify How Autofocus Should Be Used to
Secure the Enterprise
1. A
Answer for Given a Customer Environment, Identify How Traps Should Be Used to Secure the
Endpoint
1. D
Answer for Given a Customer Environment, Identify How WildFire Should Be Used to Secure
the Enterprise
1. D
Answer for Given a Customer Environment, Identify How NGFW, WildFire, and Traps Should
Be Used to Secure the Enterprise
1. C
Answer for Identify the Benefits of Panorama for Deploying Palo Alto Networks Products
1. B
Answer for Given a Customer Scenario, Identify How to Design a Redundant Panorama
Deployment
1. D
Answer for Identify the Differences in Licensing of Panorama as a Hardware Solution vs. as a
Software Solution
1. D
Answers for Identify Deployment Best Practices for Scheduling Dynamic Updates
1. A, B
Answer for Given a Series of Designs, Choose the Design(s) That Would Require Virtual
Systems (vsys)
1. B
Answer for Identify Best Practices for Tuning a Palo Alto Networks Firewall for Maximum
Performance
1. B
Answers for What Can Be Applied to Prevent Users from Unknowingly Downloading
Malicious File Types from the Internet?
1. A, E
Answer for Identify the Methods and Order of Precedence That User-ID Uses
1. C
Answer for Identify How to Overcome Privacy and Legal Objections to Decryption
1. B
Answer for Identify the Different Types of Certificates Used in the SSL Decryption Process
1. A
Advanced Encryption Standard (AES): A symmetric block cipher based on the Rijndael cipher.
application programming interface (API): A set of routines, protocols, and tools for building software
applications and integrations.
bot: Individual endpoints that are infected with advanced malware that enables an attacker to take
control of the compromised endpoint. Also known as a zombie. See also botnet.
botnet: A network of bots (often tens of thousands or more) working together under the control of
attackers using numerous command and control (C2) servers. See also bot.
bring your own apps (BYOA): Closely related to BYOD, BYOA is a policy trend in which organizations
permit end users to download, install, and use their own personal apps on mobile devices, primarily
smartphones and tablets, for work-related purposes. See also bring your own device (BYOD).
bring your own device (BYOD): A policy trend in which organizations permit end users to use their own
personal devices, primarily smartphones and tablets, for work-related purposes. BYOD relieves
organizations from the cost of providing equipment to employees, but creates a management challenge
due to the vast number and type of devices that must be supported. See also bring your own apps
(BYOA).
covered entity: Defined by HIPAA as a healthcare provider that electronically transmits PHI (such as
doctors, clinics, psychologists, dentists, chiropractors, nursing homes, and pharmacies), a health plan
(such as a health insurance company, health maintenance organization, company health plan, or
government program including Medicare, Medicaid, military and veterans’ healthcare), or a healthcare
clearinghouse. See also Health Insurance Portability and Accountability Act (HIPAA) and protected health
information (PHI).
data encapsulation: A process in which protocol information from the OSI layer immediately above is
wrapped in the data section of the OSI layer immediately below. See also open systems interconnection
(OSI) reference model.
distributed denial-of-service (DDOS): A type of cyberattack in which extremely high volumes of network
traffic such as packets, data, or transactions are sent to the target victim’s network to make their
network and systems (such as an e-commerce website or other web application) unavailable or
unusable.
electronic health record (EHR): As defined by HealthIT.gov, an EHR “goes beyond the data collected in
the provider’s office and include[s] a more comprehensive patient history. EHR data can be created,
managed, and consulted by authorized providers and staff from across more than one healthcare
organization.”
electronic medical record (EMR): As defined by HealthIT.gov, an EMR “contains the standard medical
and clinical data gathered in one provider’s office.”
endpoint: A computing device such as a desktop or laptop computer, handheld scanner, point-of-sale
(POS) terminal, printer, satellite radio, security or videoconferencing camera, self-service kiosk, server,
smart meter, smart TV, smartphone, tablet, or Voice over Internet Protocol (VoIP) phone. Although
endpoints can include servers and network equipment, the term is generally used to describe end user
devices.
extensible markup language (XML): A programming language specification that defines a set of rules for
encoding documents in a human- and machine-readable format.
false negative: In anti-malware, malware that is incorrectly identified as a legitimate file or application.
In intrusion detection, a threat that is incorrectly identified as legitimate traffic. See also false positive.
false positive: In anti-malware, a legitimate file or application that is incorrectly identified as malware.
In intrusion detection, legitimate traffic that is incorrectly identified as a threat. See also false negative.
favicon (“favorite icon”): A small file containing one or more small icons associated with a particular
website or webpage.
generic routing encapsulation (GRE): A tunneling protocol developed by Cisco Systems® that can
encapsulate various network layer protocols inside virtual point-to-point links.
Gramm-Leach-Bliley Act (GLBA): A U.S. law that requires financial institutions to implement privacy and
information security policies to safeguard the non-public personal information of clients and consumers.
Also known as the Financial Services Modernization Act of 1999.
Health Insurance Portability and Accountability Act (HIPAA): A U.S. law that defines data privacy and
security requirements to protect individuals’ medical records and other personal health information. See
also covered entity and protected health information (PHI).
indicator of compromise (IOC): A network or operating system (OS) artifact that provides a high level of
confidence that a computer security incident has occurred.
least privilege: A network security principle in which only the permission or access rights necessary to
perform an authorized task are granted.
malware: Malicious software or code that typically damages, takes control of, or collects information
from an infected endpoint. Malware broadly includes viruses, worms, Trojan horses (including Remote
Access Trojans, or RATs), anti-AV, logic bombs, backdoors, rootkits, bootkits, spyware, and (to a lesser
extent) adware.
Network and Information Security (NIS) Directive: A European Union (EU) directive that imposes
network and information security requirements – to be enacted by national laws across the EU within
two years of adoption in 2016 – for banks, energy companies, healthcare providers and digital service
providers, among others.
one-way (hash) function: A mathematical function that creates a unique representation (a hash value)
of a larger set of data in a manner that is easy to compute in one direction (input to output), but not in
the reverse direction (output to input). The hash function can’t recover the original text from the hash
value. However, an attacker could attempt to guess what the original text was and see if it produces a
matching hash value.
open systems interconnection (OSI) reference model: Defines standard protocols for communication
and interoperability using a layered approach in which data is passed from the highest layer
(application) downward through each layer to the lowest layer (physical), then transmitted across the
network to its destination, then passed upward from the lowest layer to the highest layer. See also data
encapsulation.
Payment Card Industry Data Security Standards (PCI DSS): A proprietary information security standard
mandated and administered by the PCI Security Standards Council (SSC), and applicable to any
organization that transmits, processes, or stores payment card (such as debit and credit cards)
information. See also PCI Security Standards Council (SSC).
PCI: See Payment Card Industry Data Security Standards (PCI DSS).
PCI DSS: See Payment Card Industry Data Security Standards (PCI DSS).
PCI Security Standards Council (SSC): Comprised of Visa, MasterCard, American Express, Discover, and
JCB, the SSC maintains, evolves, and promotes PCI DSS. See also Payment Card Industry Data Security
Standards (PCI DSS).
Personal Information Protection and Electronic Documents Act (PIPEDA): A Canadian privacy law that
defines individual rights with respect to the privacy of their personal information, and governs how
private sector organizations collect, use, and disclose personal information in the course of business.
Personally Identifiable Information (PII): Defined by the U.S. National Institute of Standards and
Technology (NIST) as “any information about an individual maintained by an agency, including (1) any
information that can be used to distinguish or trace an individual’s identity… and (2) any other
information that is linked or linkable to an individual….”
PIPEDA: See Personal Information Protection and Electronic Documents Act (PIPEDA).
protected health information (PHI): Defined by HIPAA as information about an individual’s health
status, provision of healthcare, or payment for healthcare that includes identifiers such as names,
geographic identifiers (smaller than a state), dates, phone and fax numbers, email addresses, Social
Security numbers, medical record numbers, or photographs, among others. See also Health Insurance
Portability and Accountability Act (HIPAA).
public key infrastructure (PKI): A set of roles, policies, and procedures needed to create, manage,
distribute, use, store, and revoke digital certificates and manage public key encryption.
Remote Authentication Dial-In User Service (RADIUS): A client/server protocol and software that
enables remote access servers to communicate with a central server to authenticate users and authorize
access to a system or service.
representational state transfer (REST): An architectural programming style that typically runs over
HTTP, and is commonly used for mobile apps, social networking websites, and mashup tools.
Sarbanes-Oxley (SOX) Act: A U.S. law that increases financial governance and accountability in publicly
traded companies.
script kiddie: Someone with limited hacking and/or programming skills that uses malicious programs
(malware) written by others to attack a computer or network.
Secure Sockets Layer (SSL): A cryptographic protocol for managing authentication and encrypted
communication between a client and server to protect the confidentiality and integrity of data
exchanged in the session.
Software as a Service (SaaS): A cloud computing service model, defined by the U.S. National Institute of
Standards and Technology (NIST), in which “the capability provided to the consumer is to use the
provider’s applications running on a cloud infrastructure. The applications are accessible from various
client devices through either a thin client interface, such as a web browser, or a program interface. The
consumer does not manage or control the underlying cloud infrastructure including network, servers,
operating systems, storage, or even individual application capabilities, with the possible exception of
limited user-specific application configuration settings.”
spear phishing: A highly targeted phishing attack that uses specific information about the target to make
the phishing attempt appear legitimate.
Transport Layer Security (TLS): The successor to SSL (although it is still commonly referred to as SSL).
See also Secure Sockets Layer (SSL).
uniform resource locator (URL): A unique reference (or address) to an internet resource, such as a
webpage.
vulnerability: A bug or flaw that exists in a system or software, and creates a security risk.
zero-day threat: The window of vulnerability that exists from the time a new (unknown) threat is
released until security vendors release a signature file or security patch for the threat.
E-Learning
For those of you who want to keep up-to-date on our technology, a learning library of FREE e-Learning is
available. These on-demand, self-paced e-Learning classes are a great way of reinforcing the key
information for those who have been to the formal hands-on classes. They also serve as a great
overview and introduction to working with our technology for those unable to travel to a hands-on,
instructor-led class.
Simply register in our Learning Center and you will be given access to our eLearning portfolio. These
online classes cover foundational material and contain narrated slides, knowledge checks, and, where
applicable, demos for you to access.
New courses are being added often, so check back to see new curriculum available.
Instructor-Led Training
Looking for a hands-on, instructor-led course in your area?
Palo Alto Networks Authorized Training Centers (ATCs) are located globally and offer a breadth of
solutions from onsite training to public, open environment classes. There are about 53 authorized
training centers at more than 80 locations worldwide. For class schedule, location, and training
offerings, see https://www.paloaltonetworks.com/services/education/atc-locations.