The following links are useful for all those pursuing Palo Alto Network’s CNSE exam:
- Preperation Guide (overview)
- Tech Documents (more detail)
Give special attention to the preparation guide, trust me, just got my certification 🙂
The following links are useful for all those pursuing Palo Alto Network’s CNSE exam:
Give special attention to the preparation guide, trust me, just got my certification 🙂
David Vassallo's Blog 
Hi Dave, nice topic again mate. Any thing about Palo Alto is always interesting. Congrats on your new certification by the way. One more added in your list
Take care dude
Thank you Sadat!
Hi Dave, Congrats for your certif
I would like to ask you if there is an example of QA for the exam preparation.
thx
Hi Noury,
No unfortunately I do not know of any sample Q&A that are available. From experience:
– the questions are all multiple choice
– no questions will be asked about where a particular option is within the GUI, the trainer had stressed this was not the sort of knowledge they wanted tested
– i cannot recall any performance related questions, the trainer had stressed this was a technical exam, not a sales exam
– you need some practical experience, especially:
* different types of interfaces and their capabilities
* ipsec
* panorama
* nat and security rules
The above will be tested thoroughly…for example I dont have all that much experience in Panorama yet so thats where I lost the most marks…
Thanks for the knowledge share for the Palo Alto CNSE exam I’ve been studying for about a month and a 1/2 now and am playing around with a PA-200 device trying to get as much info as I can. I also have the CNSE preparation PowerPoint file that hits on areas to focus on in the exam and goes somewhat in depth as to what to configure for certain areas (application, ipsec/vpn, security policies…etc.) I don’t have that much experience in panorama either. If you can remember, can you give some examples of what was asked regarding to panorama? I’ve only done the basic import a device, pre and post rules, and pushing a config to a single device as well as a group. Any help would be greatly appreciated. Thanks!
Scott
Hi Dave,
Congrats for your certification of PAN. I also get a certif of PAN like you :). Good!
I’m following up on my comment I wrote back on Dec. 27. I took the Palo Alto CNSE exam this past Saturday, no luck passing. This blog is the only thing I was able to find to somewhat help me on the exam. I however must have gotten the other exam because my exam was filled with nothing but Global Protect, User-ID, SSL-Decryption, and some Panorama questions in there. Sprinkle in some Wildfire, NAT (Source and Destination)(1 of each), Security Policy, 1 or 2 Packet Flow questions, and some IPSEC/VPN (4 of those) questions and that was my exam. If there is anyone out there looking for something to study I would suggest reading the Tech Notes and making some questions out of what you study. Experience on the Palo device and Panorama is helpful for application of what you are doing. I plan on taking it again in a month. This time I’ll probably get the loaded version of IPSEC/VPN and NAT. There are 2 versions….or shall I say, 2 sets of test banks they pull from so you are either going to get the Global Protect version or the IPSEC/VPN version. You’ll know it is the Global Protect version because the 1st question on the test asks you about permissions regarding an account. It will have 4 pictures to look at. Good luck.
Hello Group. I just took the CNSE 4.1 test and passed. I would say it is a challenging test, and does make you think about how the FW gets configured. I am just trying to go from memory, but I seem to recall that you should be familiar with the CLI output, to help you troubleshoot. I think there were about 5 CLI type questions. Understand Panorama, beyond just configuration/shared groups and objects, but think about tshooting. What happens if you dont merge your PAN commit with the local FW config. What happens?
Be familiar with unknown tcp/udp rules. Custom App and App Override.
Here are topics to be tested on:
Admin and Mgmt
Network and Security Architecture
TShooting
User, Content, AppID
PAN and GP.
NO QoS questions.
Understand what the relationship is between HIP objects and HIP Profiles.
Understand what is required to configure Global Protect, certs, config, etc.
Understand how to configure and read output of the PCaps.
Understand Captive Portal and the ways that it gets configured, and how User authentication occurs.
The other thing that I know will help you is to take the Essentials I and II classes. There are subtle topics that are discussed in the classes that are specifically asked.
THE CNSE 5.1 beta exam is available until Sunday July 7th 2013, at a cost of just $25
You can register for the exam on Palo Alto networks education portal
https://www.paloaltonetworks.com/services/education.html
I have talked to someone who has sat the beta exam.
He suggested looking at :
* Capturing traffic of Management interface using tcpdump and how to view the pcap
* APP-ID
– Packets dropped because of a deny in security policy shows in log as “not-applicable”
topics and knowledge of the CNSE v4.1 preparation guide still applies
Pay special attention to Global Protect including HIP and Large Scale VPN
Learn what IPv6 features are supported and when
Today 10/12/2014, I passed my CNSE 5.1 after my 2nd attempt. I tried it last year in October and failed by 5 points. This exam is killer, one thing that makes it hard is the multiple choice questions. No partial marks if you fail any one of the choices. Luckily enough, I had free vouchers since I used to work part time for a PA partner but I have been off work for 2 months. I kept postponing for the last one month. I was totally rusted though did not have to strain much since I had worked on PA devices before. Same topics mentioned on this blog is what you should expect in the exam. It is a length exam and tiresome. Wish all of you luck..
I have scheduled my exam on 30th March, 2015. I have followed all the comments and feedback shared by ever individuals.
I will share my experience once I finish the exam.
Did anyone appear for CNSE 6.1 exam recently? Can anyone share his experience?
Thank you
good luck Darshan. I will be taking this exam soon too. please do share your experience.
thanks
Hey Sam and all,
I have recently passed my CNSE 6.0 exam. It was fun and challenging experience. The exam is designed to test your overall knowledge on networks, security and administration of PA appliances. Definitely hands on experience is quite quite helpful rather mugging up or studying the docs.
I won’t share the questions I had, but topics you need to prepare are as following.
1. Virtual Router and use cases of Virtual Router.
2. Basic understanding of static / Dynamic Routing protocol.
3. It will be helpful if you are aware about diagnostics command output at some extent.
4. IPSec VPN / Global Protect and WildFire.
5. Panorama administration and hardware specs of Panorama hardware.
6. Application overriding feature.
7. Packet flow.
8. PBF
I cannot remember other topics, but it was fun attending this exam.
All the very best to all!
Cheers!
Darshan
congrats Darshan! I have my exam tomorrow. I am under a bit pressure 🙂 .. any last min suggestion would be really appreciated. Good Luck
Thanks Sam,
First of all, all the very best for your exam.
2nd, the exam isn’t difficult. This isn’t to motivate you, but really it isn’t a difficult exam. Also the passing score isn’t much high I am assuming.
If you have finished PaloAlto web based training for PA 101, you will be able to pass the exam easily.
All the very best!
Darshan