Palo Alto Networks Certified Cybersecurity Entry-level Technician

Fundamentals of Cybersecurity

- Distinguish between Web 2.0 and 3.0 applications and services
- Describe port-scanning methodologies and their impact
Nonstandard ports
Identify applications by their port number
- Recognize applications used to circumvent port-based firewalls
- Differentiate between common cloud computing service models
SaaS
PaaS
IaaS
- Describe the business processes of supply-chain management
- Describe the vulnerabilities associated with data being stored in the SaaS environment
Describe roles within a SaaS environment
Describe security controls for SaaS applications
- Describe the impact of governance, regulation, and compliance
Differentiate between compliance and security
Identify major cybersecurity laws and their implications
- Describe the tactics of the MITRE ATT&CK framework
Identify a leading indicator of a compromise
Describe how to use CVE
Describe how to use CVS
- Identify the different attacker profiles and motivations
Describe the different value levels of the information that needs to be protected (political, financial, etc.)
- Describe the different phases and events of the cyberattack lifecycle
Describe the purpose of command and control (C2)
- Identify the characteristics, capabilities, and appropriate actions for different types of malware and ransomware
- Differentiate between vulnerabilities and exploits
Differentiate between various business email compromise attacks
Identify different methodologies for social engineering
Identify the chain of events that result from social engineering
- Identify what chain of events follows an attack
- Differentiate between the functional aspects of bots and botnets
Describe the type of IoT devices that are part of a botnet attack
- Differentiate the TCP/IP roles in DDoS attacks
Differentiate between DoS and DDoS
- Describe advanced persistent threats
- Describe risks with Wi-Fi networks
Differentiate between common types of Wi-Fi attacks
Describe how to monitor your Wi-Fi network
- Describe perimeter-based network security
Identify the types of devices used in perimeter defense
- Describe the Demilitarized Zone (DMZ)
- Describe the transition from a trusted network to an untrusted network
Differentiate between North-South and East-West zones
- Describe Zero Trust
Identify the benefits of the Zero Trust model
Identify the design principles for Zero Trust
Describe a microperimeter
Differentiate between Trust and Untrust zones
- Describe the integration of services for network, endpoint, and cloud
- Identify the capabilities of an effective Security Operating Platform
Describe the components of the Security Operating Platform

Network Security Components

- Differentiate between hubs, switches, and routers
Given a network diagram, Identify the icons for hubs, switches, and routers
- Describe the use of VLANs
- Differentiate between routed and routing protocols
- Differentiate between static and dynamic routing protocols
Differentiate between link state and distance vector
- Identify the borders of collision and broadcast domains
- Differentiate between different types of area networks
WAN
LAN
- Describe the advantages of SD-WAN
- Describe the purpose of the Domain Name System (DNS)
Describe how DNS record types are used
Identify a fully qualified domain name (FQDN)
Describe the DNS hierarchy
- Differentiate between categories of IoT devices
Identify the known security risks and solutions associated with IoT
- Identify IoT connectivity technologies
- Differentiate between IPv4 and IPv6 addresses
Describe binary-to-decimal conversion
Describe IPv4 CIDR notation
Describe IPv4 classful subnetting
Given a scenario, identify the proper subnet mask
Describe the purpose of subnetting
Describe the structure of IPv4 and IPv6
Describe the purpose of IPv4 and IPv6 addressing
- Describe the purpose of a default gateway
- Describe the role of NAT
- Describe OSI and TCP/IP models
Identify the order of the layers of both OSI and TCP/IP models
Compare the similarities of some OSI and TCP/IP layers
Identify the protocols and functions of each OSI layer
- Describe the data-encapsulation process
Describe the PDU format used at different layers
- Identify the characteristics of various types of network firewalls
Traditional firewalls
Next-generation firewalls
Differentiate between NGFWs and traditional firewalls
- Describe the application of NGFW deployment options (i.e., PA-, VM- and CN-Series)
- Differentiate between intrusion detection systems and intrusion prevention systems
Differentiate between knowledge-based and behavior-based systems
- Describe virtual private networks
Describe when to use VPNs
- Differentiate between the different tunneling protocols
- Describe the purpose of data loss prevention
Classify different types of data (e.g., sensitive, inappropriate)
- Differentiate the various types of security functions from those that are integrated into UTM devices
- Describe endpoint security standards
Describe the advantages of endpoint security
Describe host-based intrusion detection/prevention systems
Differentiate between signature-based and behavioral-based malware protection
Describe application block and allow listing
Describe the concepts of false-positive and false-negative alerts
Describe the purpose of anti-spyware software
- Identify differences in managing wireless devices compared to other endpoint devices
- Describe the purpose of identity and access management
Single- and multi-factor Authentication
Separation of duties and impact on privileges
RBAC, ABAC, DAC, and MAC
User profiles
- Describe the integration of NGFWs with the cloud, networks, and endpoints
- Describe App-ID, User-ID, and Content-ID
- Describe Palo Alto Networks firewall subscription services
WildFire
URL Filtering
Threat Prevention
DNS Security
IoT Security
SD-WAN
Advanced Threat Prevention
Advanced URL Filtering
GlobalProtect
Enterprise DLP
SaaS Security Inline
Virtual Systems
- Describe network security management
Identify the deployment modes of Panorama
Describe the three components of Best Practice Assessment (BPA)

Cloud Technologies

- Describe the NIST cloud service and deployment models
- Recognize and list cloud security challenges
Describe the vulnerabilities in a shared community environment
Describe cloud security responsibilities
Describe cloud multitenancy
Differentiate between security tools in various cloud environments
Describe identity and access management controls for cloud resources
Describe different types of cloud security alerts and notifications
- Identify the 4 Cs of cloud native security
- Describe the purpose of virtualization in cloud computing
Describe the types of hypervisors
Describe characteristics of various cloud providers
Describe economic benefits of cloud computing and virtualization
Describe the security implications of virtualization
- Explain the purpose of containers in application deployment
Differentiate containers versus virtual machines
Describe Container as a Service
Differentiate a hypervisor from a Docker Container
- Describe how serverless computing is used
- Describe DevOps
- Describe DevSecOps
- Illustrate the continuous integration/continuous delivery pipeline
- Explain governance and compliance related to deployment of SaaS applications
Describe security compliance to protect data
Describe privacy regulations globally
Describe security compliance between local policies and SaaS applications
- Describe the cost of maintaining a physical data center
- Differentiate between data-center security weaknesses of traditional solutions versus cloud environments
- Differentiate between east-west and north-south traffic patterns
- Describe the four phases of hybrid data-center security
- Describe how data centers can transform their operations incrementally
- Describe the cloud-native security platform
- Identify the four pillars of Prisma Cloud application security
- Describe the concept of SASE
- Describe the SASE layer
Describe sanctioned, tolerated, and unsanctioned SaaS applications
List how to control sanctioned SaaS usage
- Describe the network-as-a-service layer
- Describe how Prisma Access provides traffic protection
- Describe Prisma Cloud Security Posture Management (CSPM)

Elements of Security Operations

- Describe the main elements included in the development of SOC business objectives
- Describe the components of SOC business management and operations
- List the six essential elements of effective security operations
- Describe the four SecOps functions
Identify
Investigate
Mitigate
Improve
- Describe SIEM
- Describe the purpose of security orchestration, automation, and response (SOAR)
- Describe the analysis tools used to detect evidence of a security compromise
- Describe how to collect security data for analysis
- Describe the use of analysis tools within a security operations environment
- Describe the responsibilities of a security operations engineering team
- Describe the Cortex platform in a security operations environment and the purpose of Cortex XDR for various endpoints
- Describe how Cortex XSOAR improves security operations efficiency
- Describe how Cortex Data Lake improves security operations visibility
- Describe how XSIAM can be used to accelerate SOC threat response