Nugget Post: Study Material Links for Palo Alto CNSE exam

The following links are useful for all those pursuing Palo Alto Network’s CNSE exam:

Give special attention to the preparation guide, trust me, just got my certification 🙂

16 thoughts on “Nugget Post: Study Material Links for Palo Alto CNSE exam

  1. Hi Dave, nice topic again mate. Any thing about Palo Alto is always interesting. Congrats on your new certification by the way. One more added in your list

    Take care dude

  2. Hi Dave, Congrats for your certif
    I would like to ask you if there is an example of QA for the exam preparation.

    1. Hi Noury,

      No unfortunately I do not know of any sample Q&A that are available. From experience:

      – the questions are all multiple choice
      – no questions will be asked about where a particular option is within the GUI, the trainer had stressed this was not the sort of knowledge they wanted tested
      – i cannot recall any performance related questions, the trainer had stressed this was a technical exam, not a sales exam

      – you need some practical experience, especially:
      * different types of interfaces and their capabilities
      * ipsec
      * panorama
      * nat and security rules

      The above will be tested thoroughly…for example I dont have all that much experience in Panorama yet so thats where I lost the most marks…

      1. Thanks for the knowledge share for the Palo Alto CNSE exam I’ve been studying for about a month and a 1/2 now and am playing around with a PA-200 device trying to get as much info as I can. I also have the CNSE preparation PowerPoint file that hits on areas to focus on in the exam and goes somewhat in depth as to what to configure for certain areas (application, ipsec/vpn, security policies…etc.) I don’t have that much experience in panorama either. If you can remember, can you give some examples of what was asked regarding to panorama? I’ve only done the basic import a device, pre and post rules, and pushing a config to a single device as well as a group. Any help would be greatly appreciated. Thanks!


  3. I’m following up on my comment I wrote back on Dec. 27. I took the Palo Alto CNSE exam this past Saturday, no luck passing. This blog is the only thing I was able to find to somewhat help me on the exam. I however must have gotten the other exam because my exam was filled with nothing but Global Protect, User-ID, SSL-Decryption, and some Panorama questions in there. Sprinkle in some Wildfire, NAT (Source and Destination)(1 of each), Security Policy, 1 or 2 Packet Flow questions, and some IPSEC/VPN (4 of those) questions and that was my exam. If there is anyone out there looking for something to study I would suggest reading the Tech Notes and making some questions out of what you study. Experience on the Palo device and Panorama is helpful for application of what you are doing. I plan on taking it again in a month. This time I’ll probably get the loaded version of IPSEC/VPN and NAT. There are 2 versions….or shall I say, 2 sets of test banks they pull from so you are either going to get the Global Protect version or the IPSEC/VPN version. You’ll know it is the Global Protect version because the 1st question on the test asks you about permissions regarding an account. It will have 4 pictures to look at. Good luck.

  4. Hello Group. I just took the CNSE 4.1 test and passed. I would say it is a challenging test, and does make you think about how the FW gets configured. I am just trying to go from memory, but I seem to recall that you should be familiar with the CLI output, to help you troubleshoot. I think there were about 5 CLI type questions. Understand Panorama, beyond just configuration/shared groups and objects, but think about tshooting. What happens if you dont merge your PAN commit with the local FW config. What happens?

    Be familiar with unknown tcp/udp rules. Custom App and App Override.

    Here are topics to be tested on:

    Admin and Mgmt
    Network and Security Architecture
    User, Content, AppID
    PAN and GP.

    NO QoS questions.

    Understand what the relationship is between HIP objects and HIP Profiles.

    Understand what is required to configure Global Protect, certs, config, etc.

    Understand how to configure and read output of the PCaps.

    Understand Captive Portal and the ways that it gets configured, and how User authentication occurs.

    The other thing that I know will help you is to take the Essentials I and II classes. There are subtle topics that are discussed in the classes that are specifically asked.

  5. THE CNSE 5.1 beta exam is available until Sunday July 7th 2013, at a cost of just $25

    You can register for the exam on Palo Alto networks education portal

    I have talked to someone who has sat the beta exam.
    He suggested looking at :

    * Capturing traffic of Management interface using tcpdump and how to view the pcap
    * APP-ID
    – Packets dropped because of a deny in security policy shows in log as “not-applicable”

    topics and knowledge of the CNSE v4.1 preparation guide still applies

    Pay special attention to Global Protect including HIP and Large Scale VPN

    Learn what IPv6 features are supported and when

  6. Today 10/12/2014, I passed my CNSE 5.1 after my 2nd attempt. I tried it last year in October and failed by 5 points. This exam is killer, one thing that makes it hard is the multiple choice questions. No partial marks if you fail any one of the choices. Luckily enough, I had free vouchers since I used to work part time for a PA partner but I have been off work for 2 months. I kept postponing for the last one month. I was totally rusted though did not have to strain much since I had worked on PA devices before. Same topics mentioned on this blog is what you should expect in the exam. It is a length exam and tiresome. Wish all of you luck..

  7. I have scheduled my exam on 30th March, 2015. I have followed all the comments and feedback shared by ever individuals.

    I will share my experience once I finish the exam.
    Did anyone appear for CNSE 6.1 exam recently? Can anyone share his experience?

    Thank you

  8. Hey Sam and all,

    I have recently passed my CNSE 6.0 exam. It was fun and challenging experience. The exam is designed to test your overall knowledge on networks, security and administration of PA appliances. Definitely hands on experience is quite quite helpful rather mugging up or studying the docs.

    I won’t share the questions I had, but topics you need to prepare are as following.

    1. Virtual Router and use cases of Virtual Router.
    2. Basic understanding of static / Dynamic Routing protocol.
    3. It will be helpful if you are aware about diagnostics command output at some extent.
    4. IPSec VPN / Global Protect and WildFire.
    5. Panorama administration and hardware specs of Panorama hardware.
    6. Application overriding feature.
    7. Packet flow.
    8. PBF

    I cannot remember other topics, but it was fun attending this exam.
    All the very best to all!


    1. congrats Darshan! I have my exam tomorrow. I am under a bit pressure 🙂 .. any last min suggestion would be really appreciated. Good Luck

  9. Thanks Sam,

    First of all, all the very best for your exam.
    2nd, the exam isn’t difficult. This isn’t to motivate you, but really it isn’t a difficult exam. Also the passing score isn’t much high I am assuming.

    If you have finished PaloAlto web based training for PA 101, you will be able to pass the exam easily.

    All the very best!

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.