The following links are useful for all those pursuing Palo Alto Network’s CNSE exam:
Give special attention to the preparation guide, trust me, just got my certification
Tags: certification, CNSE, education, firewalls, palo alto, paloalto
Hi Dave, nice topic again mate. Any thing about Palo Alto is always interesting. Congrats on your new certification by the way. One more added in your list
Take care dude
Thank you Sadat!
Hi Dave, Congrats for your certif
I would like to ask you if there is an example of QA for the exam preparation.
No unfortunately I do not know of any sample Q&A that are available. From experience:
- the questions are all multiple choice
- no questions will be asked about where a particular option is within the GUI, the trainer had stressed this was not the sort of knowledge they wanted tested
- i cannot recall any performance related questions, the trainer had stressed this was a technical exam, not a sales exam
- you need some practical experience, especially:
* different types of interfaces and their capabilities
* nat and security rules
The above will be tested thoroughly…for example I dont have all that much experience in Panorama yet so thats where I lost the most marks…
Thanks for the knowledge share for the Palo Alto CNSE exam I’ve been studying for about a month and a 1/2 now and am playing around with a PA-200 device trying to get as much info as I can. I also have the CNSE preparation PowerPoint file that hits on areas to focus on in the exam and goes somewhat in depth as to what to configure for certain areas (application, ipsec/vpn, security policies…etc.) I don’t have that much experience in panorama either. If you can remember, can you give some examples of what was asked regarding to panorama? I’ve only done the basic import a device, pre and post rules, and pushing a config to a single device as well as a group. Any help would be greatly appreciated. Thanks!
Congrats for your certification of PAN. I also get a certif of PAN like you :). Good!
I’m following up on my comment I wrote back on Dec. 27. I took the Palo Alto CNSE exam this past Saturday, no luck passing. This blog is the only thing I was able to find to somewhat help me on the exam. I however must have gotten the other exam because my exam was filled with nothing but Global Protect, User-ID, SSL-Decryption, and some Panorama questions in there. Sprinkle in some Wildfire, NAT (Source and Destination)(1 of each), Security Policy, 1 or 2 Packet Flow questions, and some IPSEC/VPN (4 of those) questions and that was my exam. If there is anyone out there looking for something to study I would suggest reading the Tech Notes and making some questions out of what you study. Experience on the Palo device and Panorama is helpful for application of what you are doing. I plan on taking it again in a month. This time I’ll probably get the loaded version of IPSEC/VPN and NAT. There are 2 versions….or shall I say, 2 sets of test banks they pull from so you are either going to get the Global Protect version or the IPSEC/VPN version. You’ll know it is the Global Protect version because the 1st question on the test asks you about permissions regarding an account. It will have 4 pictures to look at. Good luck.
Hello Group. I just took the CNSE 4.1 test and passed. I would say it is a challenging test, and does make you think about how the FW gets configured. I am just trying to go from memory, but I seem to recall that you should be familiar with the CLI output, to help you troubleshoot. I think there were about 5 CLI type questions. Understand Panorama, beyond just configuration/shared groups and objects, but think about tshooting. What happens if you dont merge your PAN commit with the local FW config. What happens?
Be familiar with unknown tcp/udp rules. Custom App and App Override.
Here are topics to be tested on:
Admin and Mgmt
Network and Security Architecture
User, Content, AppID
PAN and GP.
NO QoS questions.
Understand what the relationship is between HIP objects and HIP Profiles.
Understand what is required to configure Global Protect, certs, config, etc.
Understand how to configure and read output of the PCaps.
Understand Captive Portal and the ways that it gets configured, and how User authentication occurs.
The other thing that I know will help you is to take the Essentials I and II classes. There are subtle topics that are discussed in the classes that are specifically asked.
THE CNSE 5.1 beta exam is available until Sunday July 7th 2013, at a cost of just $25
You can register for the exam on Palo Alto networks education portal
I have talked to someone who has sat the beta exam.
He suggested looking at :
* Capturing traffic of Management interface using tcpdump and how to view the pcap
– Packets dropped because of a deny in security policy shows in log as “not-applicable”
topics and knowledge of the CNSE v4.1 preparation guide still applies
Pay special attention to Global Protect including HIP and Large Scale VPN
Learn what IPv6 features are supported and when
Today 10/12/2014, I passed my CNSE 5.1 after my 2nd attempt. I tried it last year in October and failed by 5 points. This exam is killer, one thing that makes it hard is the multiple choice questions. No partial marks if you fail any one of the choices. Luckily enough, I had free vouchers since I used to work part time for a PA partner but I have been off work for 2 months. I kept postponing for the last one month. I was totally rusted though did not have to strain much since I had worked on PA devices before. Same topics mentioned on this blog is what you should expect in the exam. It is a length exam and tiresome. Wish all of you luck..
Fill in your details below or click an icon to log in:
You are commenting using your WordPress.com account. ( Log Out / Change )
You are commenting using your Twitter account. ( Log Out / Change )
You are commenting using your Facebook account. ( Log Out / Change )
You are commenting using your Google+ account. ( Log Out / Change )
Connecting to %s
Notify me of follow-up comments via email.
Enter your email address to subscribe to this blog and receive notifications of new posts by email.
Join 134 other followers
David Vassallo's Blog
Blog at WordPress.com. The Skeptical Theme.
Get every new post delivered to your Inbox.