Skip to main Content

Exam Vouchers: Palo Alto Networks: Certified Security Operations Professional (PAN-CSOP)

  • Price: £155.00
  • Code: PAN-CSOP

£155.00

excl. VAT

Add to Cart Add to Cart

Jump to:

Description

Top

The Palo Alto Networks Certified Security Operations Professional certification is designed to validate knowledge, understanding, and the job-ready skills required for basic application of the Palo Alto Networks Cortex portfolio of solutions and related technologies in a Security Operations Center (SOC). The purpose of this document is to help you prepare for the exam and attain the certification. Please note that this document is intended to help identify the topics covered and to provide resources and references for understanding those topics. It is not intended to be used as the sole document to prepare for the Security Operations Professional exam.

Duration: 90 minutes

Format: Multiple-choice questions

Language: English

Further Information

Top

Target Audience

This exam is designed for the individuals with the following job roles:

Security Operations Center (SOC) professionals responsible for the basic application of Palo Alto Networks Cortex products and solutions:

- Cortex XDR

- Cortex XSIAM

- Cortex XSOAR

 

References:

Palo Alto Networks certification exam items are referenced to various publicly available technical or scholarly sources. The following list includes several sources that may have been referenced during the exam item development process.

- Palo Alto Networks TechDocs

- Palo Alto Networks Resource Center

- Palo Alto Networks Cyberpedia

- Palo Alto Networks Knowledge Base

- Palo Alto Networks Unit 42

 

English as a Second Language (ESL) Accommodation

All exams are delivered worldwide in English. A 30-minute time extension is provided by default to candidates testing in non-English speaking countries.

 

Blueprint

The blueprint table lists the domains covered and includes domain weighting. The percentage weights represent the portion of the exam score that is attributed to each domain. Many candidates find the table provides focus for studies during exam preparation. Also included in the blueprint table are the more specific tasks associated with each domain. Pay particular attention to these tasks, as they provide more targeted areas of study within the domains.

Content

Top
  1. Security Operations Fundamentals 25%
    • Explain the function of users, roles, log management, compliance, and data protection in Cortex XDR
    • Explain the process of creating and managing reports and dashboards in Cortex products
    • Explain the common components and functions of a Security Operations Center (SOC)
      • Roles and responsibilities
      • Tools, technologies, and analytics
    • Differentiate between AI and machine learning (ML) in Security Operations
  2. Threat Intelligence and Incident Response 16%
    • Identify and explain the steps of the NIST incident response plan
    • Explain the concept of incident management and response
    • Explain the role of threat intelligence in incident response
    • Explain the function of incident categorization and prioritization
    • Explain how file, IP address, domain, and URL indicator types are used in Cortex products
    • Compare and contrast WildFire, Unit 42 intelligence, and VirusTotal
    • Evaluate false positive, false negative, and true positive security incidents
    • Conduct basic threat hunting based on a common indicator types
  3. Cortex XDR 23%
    • Identify and explain the use of key Cortex XDR elements
      • Sensors
      • Log Stitching
      • Causality View
      • WildFire
      • Detection and response
      • Behavioral analytics
      • Data sources, users, artifacts, and assets in investigations
    • Explain the process of agent management and deployment, including cloud workloads
    • Identify use cases where a business would benefit from Cortex XDR compared to an EDR solution
  4. Cortex XSOAR 16%
    • Explain the features and functionality of Cortex XSOAR
      • Marketplace
      • Playbooks
      • Third-party system integration
      • Indicators and feeds in Threat Intelligence Management
      • War Room
      • Incident investigation
    • Differentiate between scripts and jobs in Cortex XSOAR
  5. Cortex XSIAM 20%
    • Explain the function of key Cortex XSIAM components
      • Sensors
      • Log Stitching
      • Automations and integrations
      • Content packs
      • Playbooks
    • Explain Cortex XSIAM processes, capabilities, use cases, and rules
      • Data ingestion
      • Key investigation artifacts and assets
      • Threat management, detection, and response
      • Threat hunting and investigation searches and queries
      • IOC, BIOC, and correlations

Pre-requisites

Top

The successful candidate can demonstrate understanding of SecOps processes and procedures

  • MITRE ATT&CK framework
  • Incident response plans
  • Investigative lifecycle
  • Cortex XDR, Cortex XSIAM, Cortex XSOAR in the SOC
    • Review dashboards and generate reports (compliance)
    • Identify key components of incidents
    • Initiate playbooks
    • Identify IOCs
    • Escalate incidents
    • Initiate response actions
  • Basic knowledge of analytics concepts, such as profiling and entity classification
  • Alerts and incidents
  • Interaction with playbook tasks to progress an investigation