Skip to main Content

Vouchers de Exámenes: Palo Alto Networks: Network Security Architect (PAN-NSARCH)

  • Precio: eur260.00
  • Código: PAN-NSARCH

eur260.00

Inscribirse Inscribirse

Salta a:

Descripción

Top

The Palo Alto Networks Certified Network Security Architect certification is designed to validate an experienced network security architect’s competencies, skills, and abilities in understanding technical and business requirements and then architecting secure, highly available, and scalable systems with Palo Alto Networks network security portfolio solutions and relevant third-party integrations. This certification goes beyond technical knowledge to confirm a candidate’s ability to design, develop, and oversee complex security blueprints using industry frameworks that align with an organization's compliance requirements and business objectives.

Palo Alto Networks certification exam items are developed and approved by exam development experts in conjunction with subject matter experts (SMEs) who represent a broad spectrum of roles relevant to each certification. Each item is referenced to a publicly available technical or scholarly source.

Más Información

Top

Recommended Work Experience

  • 5+ years designing, implementing, and troubleshooting security and networking solutions in SASE, Branch Networking, and both on-premises Private Cloud and Public Cloud (CSP) environments; 2+ years with Palo Alto Networks architecture and solutions

Objetivos

Top

Candidates should be able to demonstrate:

  • Advanced knowledge of network security
  • Working knowledge of TCP/IP and how traffic is directed within a network
  • Advanced knowledge of networking infrastructure, protocols, and topology
  • Understanding of endpoint OS fundamentals and security hardening methods
  • Working knowledge of NGFWs and security automation technology
  • Working knowledge of current and emergent trends in information security
  • Understanding of common security industry standard principles (i.e., defense-in-depth, zero trust, separation of duties)
  • Engineering-level competency of all NGFW offerings
  • Engineering-level competency of all Prisma Access offerings
  • Engineering-level competency of all Prisma SD-WAN offerings
  • Advanced knowledge of reference architectures describing how Palo Alto Networks solutions come together to solve customer problems
  • Advanced knowledge of enabling sales and presales (including partners) to effectively position use case-based solutions based on sound architectural principals

Contenido

Top

Zero Trust Enterprise 8%

  • 1.1 Design User-ID and device health, host information profile (HIP) and security posture, and Device-IDbased least privilege access Security policy controls
  • 1.2 Design and differentiate between network segmentation and microsegmentation
  • 1.3 Differentiate access to specific applications
  • 1.4 Implement continuous security scanning of allowed traffic to stop malware and exploits
  • 1.5 Implement continuous monitoring and analytics of zero trust environment

2. AI Security 11%

  • 2.1 Differentiate between and explain the specific Palo Alto Networks products that make up Prisma AI Runtime Security (AIRS) and AI Access
    • 2.1.1 Prisma AIRS – AI red teaming, AI model scanning, AI runtime security, AI security, AI agents
    • 2.1.2 Prisma AIRS – Kubernetes integration / microsegmentation
    • 2.1.3 AI Access – App-ID Cloud Engine, Advanced Threat Prevention, Advanced URL Filtering, Enterprise DLP
  • 2.2 Determine recommended standard architectures for AI security
    • 2.2.1 AI products that solve specific AI architectures
    • 2.2.2 AIRS form factors
    • 2.2.3 AI security content and data security
  • 2.3 Identify and explain the classification and attributes of AI applications and apply security controls
    • 2.3.1 Application sanctioning and controls of sanctioned applications, including data loss prevention (DLP)
    • 2.3.2 AI applications and security frameworks (i.e., GDPR, NIST, EU Data Act, PCI DSS, HIPAA)

3. Centralized Management and IAM 13%

  • 3.1 Architect Panorama and log collectors
    • 3.1.1 Panorama high availability (HA)
    • 3.1.2 Log collection resilience and redundancy
  • 3.2 Architect Strata Cloud Manager (SCM), Strata Logging Service, and Cloud Identity Engine
  • 3.3 Recommend Cloud Identity Engine directory sync options
    • 3.3.1 On-premises agent 3.3.2 Cloud Directory / SAML 2.0, including Entra ID and Okta
  • 3.4 Recommend Strata Logging Service log forwarding methods and integrations (e.g., syslog over TLS, HTTP, email)
  • 3.5 Recommend User identification and authentication methods (e.g., Cloud Identity Engine, CAS for SAML)
  • 3.6 Evaluate Cloud Identity Engine use cases
    • 3.6.1 NGFW 3.6.2 Prisma Access 3.6.3 Prisma SD-WAN

4. SSE Private Application Access 11%

  • 4.1 Architect Prisma Access in regional and global deployments
  • 4.2 Differentiate between on-ramp and off-ramp architectures
    • 4.2.1 Service connection routing modes (default and hot-potato) and failover modes
    • 4.2.2 Zero Trust Network Access (ZTNA) Connectors (e.g., FQDN, wildcard, IP subnet, Connector IP Blocks, CSP scalability)
    • 4.2.3 Colo-Connect and Google Cloud Network Connectivity Center (NCC)
  • 4.3 Determine private application access through Prisma Browser

5. Mobile User Security 7%

  • 5.1 Evaluate Prisma Browser, Prisma Access Agent, explicit proxy, and GlobalProtect use cases
  • 5.2 Architect GlobalProtect connection methods: On-demand, User-logon (Always On), Pre-logon (Always On)
  • 5.3 Architect Prisma Access Mobile Users
  • 5.4 Design AI-Powered Autonomous Digital Experience Manager (ADEM)

6. Modernizing Branches 11%

  • 6.1 Compare and design branch architectures for SASE security and HA
    • 6.1.1 Prisma Access remote networks
    • 6.1.2 Prisma SD-WAN
    • 6.1.3 PAN-OS SD-WAN
    • 6.1.4 ADEM
    • 6.1.5 Third-party edge / SD-WAN
  • 6.2 Evaluate advanced security for Prisma SD-WAN
    • 6.2.1 App-ID, Device-ID, User-ID
    • 6.2.2 Threat, URL, DNS

7. Data Security 7%

  • 7.1 Differentiate between SaaS Security Inline and SaaS API Security
    • 7.1.1 In-motion (inline)
    • 7.1.2 At-rest (API)
    • 7.1.3 SaaS Security Posture Management (SSPM)
    • 7.1.4 Enterprise DLP and advanced web filtering
  • 7.2 Determine the most secure approach for SaaS application usage control
  • 7.3 Analyze and architect to Enterprise DLP functionality
    • 7.3.1 Classifiers
    • 7.3.2 Traditional / Regex
    • 7.3.3 Exact Data Matching (EDM), Indexed Document Matching (IDM), Optical Character Recognition (OCR)
    • 7.3.4 Machine learning (ML) classification
    • 7.3.5 Endpoint DLP
    • 7.3.6 Policy-based DLP

8. Securing IoT Environments 11%

  • 8.1 Architect Device Security
    • 8.1.1 Visibility / discovery and risk assessment
    • 8.1.2 Enforcement
  • 8.2 Differentiate between IoT sensor placement options
  • 8.3 Explain visibility functionality (e.g., NGFW, virtual metadata collector, Prisma SD-WAN, PAN-OS SD-WAN)
  • 8.4 Evaluate and design to Device-ID capabilities
  • 8.5 Confirm and design to Device Security capabilities

9. Public Cloud 11%

  • 9.1 Explain NGFW standard integrations, including AWS, Azure, GCP, and OCI
  • 9.2 Design for maintenance and security across CSP environments
    • 9.2.1 Maintenance and OS upgrade process
    • 9.2.2 VPN termination
    • 9.2.3 SSL decryption
    • 9.2.4 Centralized / decentralized architectures
  • 9.3 Design to AWS NGFW standards
    • 9.3.1 Insertion options, AWS Gateway Load Balancer (GWLB), Transit Gateway Connect
    • 9.3.2 HA and high resilience
    • 9.3.3 NGFW subinterfaces
  • 9.4 Design to Azure NGFW standards
    • 9.4.1 Insertion options and load balancer
    • 9.4.2 HA and high resilience
  • 9.5 Design to GCP NGFW standards
    • 9.5.1 Insertion options and load balancer
    • 9.5.2 HA and high resilience
  • 9.6 Justify VM-Series and Cloud NGFW solutions
    • 9.6.1 Cloud NGFW use cases
    • 9.6.2 VM-Series use cases

10. Private Cloud (PA-Series, VM-Series, Hypervisors) 10%

  • 10.1 Assess private cloud scope and capacity requirements
    • 10.1.1 Edge
    • 10.1.2 Core
    • 10.1.3 East-west uSeg
  • 10.2 Design VM-Series deployments across hypervisors (e.g., AHV, KVM, ESXi)
    • 10.2.1 Resource allocation strategy per hypervisor type
    • 10.2.2 Hardware offload and scaling for encrypted traffic
    • 10.2.3 vCPU sizing, hyperthreading, NUMA placement
    • 10.2.4 Data Plane Development Kit (DPDK), SR-IOV
  • 10.3 Evaluate SSL decryption versus performance trade-offs
  • 10.4 Architect HA deployment for private cloud resilience
    • 10.4.1 HA options (e.g., active/passive, active/active)
    • 10.4.2 Hardware firewall clustering (4th vs. 5th generation silicon)
    • 10.4.3 Software firewall Hyperscale Security Fabric (HSF)
    • 10.4.4 Fast failover guidelines for UDP and TCP applications
  • 10.5 Explain Layer 3 deployment routing considerations
    • 10.5.1 Redistribution (i.e., ECMP, static routing, and BGP and OSPF dynamic routing)
    • 10.5.2 Routing design
  • 10.6 Evaluate systems management options and considerations
  • 10.7 Evaluate new hardware deployment trending and scoping
  • 10.8 Evaluate SSL inspection sizing requirements

Prerrequisitos

Top

Recommended Certifications

  • Palo Alto Networks Certified Security Service Edge Engineer
  • Palo Alto Networks Certified Next-Generation Firewall Engineer
  • Palo Alto Networks Certified Network Security Analyst
  • Palo Alto Networks Certified SD-WAN Engineer