- Home
- Palo Alto Networks Certifications
- PCNSA Palo Alto Networks Certified Network Security Administrator Dumps
Pass Palo Alto Networks PCNSA Exam in First Attempt Guaranteed!
Get 100% Latest Exam Questions, Accurate & Verified Answers to Pass the Actual Exam!
30 Days Free Updates, Instant Download!
PCNSA Premium Bundle
- Premium File 420 Questions & Answers. Last update: Dec 16, 2024
- Training Course 77 Video Lectures
- Study Guide 803 Pages
Last Week Results!
Includes question types found on the actual exam such as drag and drop, simulation, type-in and fill-in-the-blank.
Based on real-life scenarios similar to those encountered in the exam, allowing you to learn by working with real equipment.
Developed by IT experts who have passed the exam in the past. Covers in-depth knowledge required for exam preparation.
All Palo Alto Networks PCNSA certification exam dumps, study guide, training courses are Prepared by industry experts. PrepAway's ETE files povide the PCNSA Palo Alto Networks Certified Network Security Administrator practice test questions and answers & exam dumps, study guide and training courses help you study and pass hassle-free!
Chapter 5 - Content-ID
5. 5.5 File Blocking Profiles
On this video, we are covering PC NSA210, and this is chapter five, content ID. This is the fifth video of chapter five, which is 5.5 file Blocking profiles. Now file blocking security will enable you to block prohibited, malicious, and suspect files from being downloaded to or uploaded from your network. Its purpose is to prevent the introduction of malicious data or the exfiltration of sensitive data from your network. File blocking activity is locked to the data filtering log. File types will be identified by the file extension and examination of the file content. File Blocking Security Profile Overview Now you can configure a file blocking profile with three actions. We have alert, continue, and block. Now, if you imagine as our network traffic is coming into our firewall, the firewall is going to first check the security policy rule to determine whether that traffic is allowed or blocked.
For example, it's going to check if the source zone IP address (source IP address) going to the destination zone (destination IP address) is allowed or not. If it's plugged, nothing is going to be applied, no profile. If it's allowed, then we can apply the login profile as well as other profiles as well. Now, for example, we need to identify what application file type the file is, and then we can set the action to alert. Alert will allow the transfer, but it will log the activity into the data filtering log, which we can set to "Continue." Continue will allow the file to be transferred, but with the user's permission, the user has to select Continue. Or we can set the block, which is going to drop the packet, but the log is going to be logged, and the activity is going to be locked. This is a data filtering lock. So as you can see on the data filtering, what we see—for example, if we see some problems uploading or downloading—shouldn't be there. We can go to the monitor, and then we can have access to data filtering by logging in there. We can see, for example, the IP address, the source IP address, the destination IP address zones, the filename, the name of the file of the threat, and when it was received in the category.
So there's lots of information here, but it's under data filtering, so there's no point in looking under threats or traffic. Okay. Now to create a file blocking profile, this will instruct the file how to treat a file to match a certain criteria. Now, for example, to create a file blocking profile, we need to go to the object security profile, and then we have a file blocking. A file blocking profile is something we can use already preset ones or we can create our own one. Once we create our own, we can choose. For example, first we give it a name, whatever you want; then you give us a description; and for the files that you're going to be blocking, you give it a name, whatever you want; and then you can choose the application, whatever the application, or you can set it to any, and then file types. You can select what file typesyou want to block for example. Or you can block all of them if you want. You can block upload, download, or both directions and then alert, generate a log message block, drop that file, and continue.
The user has to press "continue," and then we have to go and apply it to a non-security policy, which I'm going to show you. I'm going to do a demonstration for you. Go to policies, security policy, and check whatever policy you want to apply it to. Then you need to go to action in the profile settings file block for the one that you created it. And then, as a user tries to access something they shouldn't be accessing, they should get a message that the file download has been blocked. Okay, so I'm going to show you this on my firewall. I'll do a demonstration for you. So the first thing is that we need to go and create a file blocking profile, so objects and then security profiles. And in there we have a file blocking. I'm going to create my own one. So add that and here I'm going to say astrid file blocking profile. OK description. I'm going to leave it empty, but obviously you would write something on it in the production. Click "add and then whatever you want to choose; maybe whatever the name you want this to be, you can call it whatever you want.
So no PDF. I'm calling it a PDF. An application could be any file type. If I search for PDF, I can now have an encrypted PDF as well. encrypted PDF, but I can't have anything encrypted because we don't have any decryption policies yet. So once we do that, we can, for example, have encrypted PDF for example. But there's no point to having it encrypted because there's no decryption policy yet. Delete that. So I'm just going to have a PDF direction for both. I can choose to upload, download, or both; just leave it at both, and then we can have an action. So alert, it generates a log but allows the transfer block. It will drop the packet, generate an alert, and then continue. You will ask the user to actually continue. So let's select "continue," right? Okay, now I need to apply this to my security policy. So I'll go to policies and then security, and then from the inside to the outside zone. that security policy. Go to "Actions," and I'll apply the file blockin. I'll use the one that I just created, okay. and then commit it. Okay, now they have committed successfully. We can go and test it. So we have a file blocking profile, no PDF.
So I'm going to go to my client machine, and I'm going to access a PDF that is in clear text because if I try and access a PDF that's encrypted, it's not going to work. because we don't have a decryption policy. Okay, so in the clear text PDF, the one that I know, it's in the pan.edu files. And let's try to access this Panorama admin guide. So I click that, and as you can see there, it says file blocked, file download blocked, access is blocked. That's it. The PDF. But we can click here to continue to download. So I just click here, and then that's something the user has to choose, and I'm okay with downloading it, right? So I'm going to read on the file blocking; I'm going to update, I'm going to add a new one, or I'm going to update this to say, "No, I don't want to continue anymore; I want to block it." So click "block" and then "okay." And I'll resubmit it, and then we'll go and test it again. Okay, so they completed the commit successfully. And I'll go to my client machine again. And I'm going to try and download this one now, but this one should say blocked. I haven't got options to continue here, and to check it, go to the monitor data filtering log. And as you can see, there were two; now there are three. Exactly. So we have the one that was blocked.
So if you just go a bit further down here, we see deny continue and block continue. So we have three of them. Okay. Now that it is blocking multi-level encoding files, the firewall is able to decode files with a maximum of four levels of encoding. So for example, if you generate a code, like you zip something and zip it again, and you zip it again and zip it again, and that's the file up to four times, it can decode it. But more than that, no. So if, for example, you can because, usually, attackers will do that, They will just encrypt them like you would zip them and zip the file so many times, it will encode it so many times. And the firewall will be able to decode up to four times. More than that, you can block it. And to do that, you can just go to the firewall, go to the object file blocking the one that I created, and we can add multilevel encoding here. And the file type has to be a multilevel encoder, and we should be blocking those. So add a multi-level encoder. And then this one is not alert, but I should put it on block. Okay.
6. 5.6 Data Filtering Profiles
On this video, we are covering PCN SA 210, and this is our chapter-five content ID. This is the sixth video of Chapter 5, which is Five and Six Data Filtering Profiles. Great video, great demonstration. I will do for this topic data filtering the security profile over. Now, with data filtering profiles, they are used to prevent sensitive, confidential, and proprietary information from leaving your network. A data filtering profile can contain a single data pattern or multiple data patterns. Data patterns are used to define the information types that you want a firewall to filter. So we have two things here.
We have a data pattern that we're going to configure, and then we're going to use data filtering. We'll use a data pattern to prevent sensitive data from leaving your network. We can create three different types of data patterns. So we have three different types of data patterns we can have the file use when scanning. We have a predefined data pattern to scan files for things like social security numbers, credit card numbers, and so on. We have a regular expression. And with regular expression, you can do a lot. You can create a custom data pattern using regular expressions. Now I have a great video on my YouTube channel about regular expressions, and there's so much stuff that you can do with regular expressions. And then the third type of data pattern that we can create is file properties, which will scan for specific file properties and values. I will do a demonstration on how to create the three types of data patterns. And then we're going to use the data filtering to look at those patterns. Okay, this is the laptop that we'll be using. I have imagined that I have an infected PC in an inside zone like this. Windows 7 is infected, and it's trying to send data to the diminutive zone.
And then, from the diminutite zone, it will go to the outside. And we want to prevent data, for example, from going to the DMZ zone. So for example, anything that has a confidential word in it, I don't want to send it outside; I want to stop it. Or maybe if I create a file—say, AstridMe has created a file—anything that I create, I don't want that file to go outside either. So that's the idea. What we're going to do now is I'm going to access my firewall, and if you want to monitor anything from the data filtering profile, it will come up here on the monitor and under the logs, and it will be under the data filtering security profile. And first, we're going to do the data patterns. So anything with the word "confidential" or anything the asteroid has created, we don't want it to go outside. And I already have a couple of files here on my PCA. So if I show you, I've created a file or folder called NewHere, and I have three files here. The document in this document has the word "confidential" on it. I just have a normal plain text file that's okay to be transferred. And I have this top secret that was created by Asterisk by me. And for example, I just want to show you what's inside there. So if I open a document and this is a confidential document, I need to see documents, okay? And I have just a plain text file. It's just a plain document.
And then the top secret—now the top secret has nothing on it; it just means that it's been created by me. So. The author's name is Astrid. So we're going to try and prevent this and this from leaving. But this is okay to stay. This is okay for you to leave. Okay, so the first thing we need to do is create a data pattern. So we have to go to objects, and under the objects, we have to go to custom objects. And we have a data pattern. So there are three different types of data patterns that we can create. So if I click add, we have pattern-type file properties, regular expressions, and predefined patterns. I'm going to show you how to create all three of them. But we're going to be actually testing these regular expressions and file properties. So under the first one's name, I'm just going to call it Astrid. And the first one that we're going to do, we're going to do a predefined pattern predefined. Okay. On the description, you can write your own description. And if I click Add, now there are predefined patterns here, for example, credit card numbers and, for example, Social Security numbers. Social Security numbers without dashes in any of these can be predefined.
So for example, credit card numbers, US credit card numbers, file types, any, I'm not going to be actually using this because I'm not going to be using any US credit card number. But there it is. That's what we can do with the predefined patterns. Okay, I'm going to create another pattern, but this time we're going to create file properties. So I'm going to put in the asterisk file properties. File properties. And in there, I'm going to add the name. There are going to be asterisk files, and the file type can be, for example, anything Adobe, Microsoft, Microsoft PowerPoint, Excel, Word, or Rich Text Format. So I have the word "one." So I'm just going to choose Microsoft Word and the file properties. This is what we're going to use from the file property, and we can classify anything. But I'm going to choose the author, which is me, right? So I created that file. Anything that I create shouldn't be leaving our network. and click OK. And the third data pattern that we can create is our regular expressions. So in there, I'm just going to name it. Okay. And I'm going to add, and in the name, I'm just going to put regex and file type (any file type) and the data pattern.
Now that this is going to be here, we're going to be putting in the regular expression. And like I said to you, I have a great video about the regular expression and how you can populate it. But I'm going to do any file at any location if it has the word "confidential." So I'm going to use the lower case confidential and capital letters, close the brackets and pipes, then open again the brackets and encapsulate letters, and close both brackets. Okay. So that's my regular expression that means anywhere. If the word "confidential" is written in lowercase or capital letters, we want to deny that. Okay, so we have our three data patterns. So we have a predefined pattern that just has the credit card numbers. So it's going to look at the file; we'll look for the credit card numbers in the astrid fileproperties pattern, which will have any file within a Microsoft file with the author name Astrid and then regular expressions, anything with the word confidential. That's great. That's why we created all three patterns. But these are just patterns. So to use them, we need to go to data filtering, where we can call on those patterns, and then we can say what to do with them. Okay, so add it, and here I'm going to just name it Astrid data filtering.
I'm great with the name. Yeah. Okay, so data capture here is to capture data—anything that we actually block. If we select the data capture, it's going to capture those packets, and we're going to add all three patterns. So we're going to add file properties, we're going to add a predefined pattern, and we can add regular expressions and applications to any file type; we can choose different applications if you want. For example, here is the entire application. The Palo Alto Networks database knows file type. We can do the same thing, or we can just do anything and everything. For example, we can stop uploading them, stop downloading them, or we can do both. And then we have an alert threshold and a block threshold. Alert threshold is, for example, if we see patterns appear twice, or whatever we put there, that's going to generate an alert, and then we're going to block it. So, for example, if we see the same thing happening twice, we're going to generate an alert. If we see it happening four times, then we're going to block it. But in our instance, I'm just going to put a one for everything block.
We can set the alert to one, and we're going to block it as soon as we see it. And again, the same thing: we alert, we send an alert as soon as we see one, and we're going to block it as well. And the same thing goes for regular expressions. Okay. And the severity for logs, we can say theseverities well, we can put critical, oh, let's just put high severity and high security for all of them. Okay, so these are our three different patterns being used in our data filtering. Okay, the next thing we're going to do now is, everything that comes up, if we see something like one of these, it will appear on our data trying to leave our network. and we can apply it to this policy. We can apply it to the policy rule inside the diminutite zone. We can pretty much apply it anywhere. And as you can see from the previous section, we did apply different profiles. And this time we're going to add the data filtering profile. And again, the same thing: we go to policy and we go to action. And on the profile settings page, we put profiles, and we're going to put data filtering. So, Astrid data filter, there we go. Now I'm just going to commit it, and then we'll go and test it. Okay, now that it has been committed and completed successfully, we can go and test it. So I'm just going to go to the monitor and do data filtering; we cannot leave it here. And I'm going to access my PC from inside the computer. So PCA here And I'm going to try and send all three documents via FTP.
So I'm trying to remove those documents from our network. So if I go to open the command front and first access that folder, So I'm going to go to C. Okay. And then I'm going to try and open the FTP to my DNS demonstration zone server. And the username is lab user password. Okay, I'm in; I'm on that server. So if I create a directory, I can see the files in that directory. So what I'm going to do is try to put all three of those files in that directory. So I'm sending them outside. So first I'm going to try and put documents. And for this, you're saying failure, right? It's blocking. So there was a failure reading the network stream. Okay. The second, I'm going to try and put the plain text here. So that should work. So put plain text. Okay, but that wasn't a Paider, so that works fine. Says transfer is complete. And then the last one I'm going to put in top secret. And that one is a failure as well. So this one had the word "confidential." This one's just a normal plain-text document. And this one was created by me, right? So if I go to my firewall now and see if there's something there, so data to log, to see the log monitoring logs and data filtering refresh that. Okay, you can see that now we can see the file name, "top secret document," from Astrid file properties in Zone DMZ to Insight. It was like a reply. So source the address from this address to my internal address. It didn't work. So I used FTP, and it was reset both.
And again, another file, for example, a document. And that same thing Demilitarized zone. This is from regular expressions, and it didn't work. Both were reset. Right? So if I go to my PC again and again, I'll look at the FTP, and if I do a directory here, look at the directory, and you will see the files there. They say, "Okay, well, it said they didn't work really." But the file is here, the top secret information is there, the plain text is here, and a normal document is here. So it did transfer. It even just said it didn't work. Right, let's try to transfer them back to us. Yeah, so what I'm going to do is actually move those three documents. I'm going to move them into a new folder, and I'm going to try and transfer them back. Right? So type here to get the document. Okay, I want to get plain text, and I want to get top secret. These are the docs. Okay, so I've got all three of my files here, and I'm going to try and open them. So if I click on the documents, nothing appears; it is just empty. Yeah. So stacking actually didn't work. didn't send it. So okay, that didn't work. What about if I opened this plane? Well, that worked. And what about the top secret? Well, that didn't work. There's nothing in there. Right? Okay, so as you can see, the files do look like they got there, but they just got empty. All the content is just a name. All the content didn't transfer.
Okay, so to delete them, I want to delete the document first, and then I want to do the plain document, and then I want to delete the top ticket. Okay, I do. Alright, so you see here, it didn't transfer for this because they did reset them both and it did match the name of the property, the regular expression, and the file properties. So I'll go back to my slides here, and as I said to you, there are three different types of data patterns. So we have predefined properties that are like social security numbers, credit card numbers, and so on. Social Security numbers without dashes These are predefined properties of regular expressions, and there's no limit to what you can do with regular expressions.so very good. And then we have file properties. This is like an author's name, for example, the date, the category, and so on. Here are predefined patterns, file properties like keywords we could use, and we didn't show you in the window but the regular expressions as well. And we went to the data filtering profile and called for those data patterns, which we added to our security policy rule.
7. 5.7 Attaching Security Profiles to Security policy rules
On this video, we are covering PC NSA 210, and this is our chapter five content ID. This is the 7th video of Chapter 5, which is 5.7, Attaching security profiles to the Security Policy Rule. Now, we've been doing this a lot, but I just want to show you the easy method of doing it. Okay, so I'm going to go to my firewall. We looked at the data filtering on the other video, and it's a great video. If you haven't seen it, you should go back and have a look at the great video. Anyway, if we create this, for example, as profiles, so say I created a security profile, I have an antivirus here, I have antispyware, for example, and I created all these profiles on the other videos as well. For other videos, I have vulnerability protection here. We haven't done URL filtering because it's the next section, the next video, or the next chapter, I should say.
We did the file blocking and we did the data filtering, and then in this chapter we're going to be talking about dust protection as well. Wildfire is chapter eight. OK, so as we write these profiles, we have to go to the policies, and in the security policies, we have to select the security policy rule that we want to use and go to action. And under action, we put the profiles, right? So we've got profiles, and we put in the profiles that we want to use. Now imagine that you do have a lot of policies of security policy rules. Imagine that there are like hundreds of people here. It could be that you have quite a lot of them, and on each one you have to go to the select menu there, go to the action, and then profiles and profiles, and then put whatever profile you want to use. It will take a long time, so you can group those profiles for easier methods. So if you go to objects, and if you go to just underneath the security profiles, we have a security profile group, and we can group all of those profiles into one group, and then we apply them as a group.
So I can create a new group called the Astir security profile group. And in that group I will list my name as "Astros." Okay? So that just tells you who's made it easier, and there we go. all of them. We have an antivirus profile and a spyware vulnerability. All of these that we did in this chapter, we put them in one group, and I clicked okay. And then, instead of going one by one, I added them. If I go to security policy and then select the security policy that I want to use, under action, instead of going to the profiles one by one, I can say group, and on that group, I'll just choose the group, and there you go. I'll apply all the groups and all the profiles in a single group, and it's an easier method if you're applying them now, but that doesn't mean the way I did it is like, "Okay, it works." But in this group, you need to group them properly. Whatever profile you want to add them to because, as you saw them early in the profile, they weren't all in the same group. I didn't have the vulnerability on this profile. I didn't have, for example, data filtering. So you just have to group them correctly according to the way you want to use them. Okay, that's it.
8. 5.8 Telemetry and threat intelligence
In this video we are covering PC NSA210 and this is chapter five content ID. So this is our 8th video of chapter five, five eight, telemetry and Threat Intelligence. Now, telemetry and threat Intelligence is something that you can participate invite is a community driven approach to threat prevention. Telemetry enables you firewall to periodically collect and share information about application threats and device health of with Palo Alto Networks. It is an opt in feature nothing. It is selected by default globally, enhances the threat protection, and can preview data sent to Palo Alto networks. Now, something that we can send to make sure that we actually participate in on threat intelligent with Palo Alto Networks it's not going to collect any sensitive data, so you're fine with that. And you can also see what kind of data you collecting anyway to get to the telemetry and threat intelligence. If I go to the Firewall, you need to access it under device and then set up and then telemetry. Okay, so you can see that there’s nothing ticked by the default.
So you click on the gear icon here to edit them and you need to select what you want to send. For example, application report. This is some setting in a known application by destination port, unknown applications by destination portend an unknown application by IP address. It will send data every 4 hours. And if you want to see what kind of data is sending, you can just click on this sample report and you can see what information you will be actually sending if you do want to participate. So I just want to minimize, I want to cancel this. And if you want to participate, you just need to actually just ticket anything that you want to actually participate in and as well as you can download the report, download the threat prevention data they will be sent. And any of these that you are comfortable with, you can just click them and then say okay, and you’re going to be sending like threat Prevention report. It will be sent something like attackers information, the number of threats, these reports usually around every 4 hours, they will be sent tithe Palo Alto Networks and you can participation that if you're not happy with it. Some people are sensitive, you can just untick them and don't send them. That's it.
Palo Alto Networks PCNSA practice test questions and answers, training course, study guide are uploaded in ETE Files format by real users. Study and Pass PCNSA Palo Alto Networks Certified Network Security Administrator certification exam dumps & practice test questions and answers are to help students.
Exam Comments * The most recent comment are on top
Purchase PCNSA Exam Training Products Individually
Why customers love us?
What do our customers say?
The resources provided for the Palo Alto Networks certification exam were exceptional. The exam dumps and video courses offered clear and concise explanations of each topic. I felt thoroughly prepared for the PCNSA test and passed with ease.
Studying for the Palo Alto Networks certification exam was a breeze with the comprehensive materials from this site. The detailed study guides and accurate exam dumps helped me understand every concept. I aced the PCNSA exam on my first try!
I was impressed with the quality of the PCNSA preparation materials for the Palo Alto Networks certification exam. The video courses were engaging, and the study guides covered all the essential topics. These resources made a significant difference in my study routine and overall performance. I went into the exam feeling confident and well-prepared.
The PCNSA materials for the Palo Alto Networks certification exam were invaluable. They provided detailed, concise explanations for each topic, helping me grasp the entire syllabus. After studying with these resources, I was able to tackle the final test questions confidently and successfully.
Thanks to the comprehensive study guides and video courses, I aced the PCNSA exam. The exam dumps were spot on and helped me understand the types of questions to expect. The certification exam was much less intimidating thanks to their excellent prep materials. So, I highly recommend their services for anyone preparing for this certification exam.
Achieving my Palo Alto Networks certification was a seamless experience. The detailed study guide and practice questions ensured I was fully prepared for PCNSA. The customer support was responsive and helpful throughout my journey. Highly recommend their services for anyone preparing for their certification test.
I couldn't be happier with my certification results! The study materials were comprehensive and easy to understand, making my preparation for the PCNSA stress-free. Using these resources, I was able to pass my exam on the first attempt. They are a must-have for anyone serious about advancing their career.
The practice exams were incredibly helpful in familiarizing me with the actual test format. I felt confident and well-prepared going into my PCNSA certification exam. The support and guidance provided were top-notch. I couldn't have obtained my Palo Alto Networks certification without these amazing tools!
The materials provided for the PCNSA were comprehensive and very well-structured. The practice tests were particularly useful in building my confidence and understanding the exam format. After using these materials, I felt well-prepared and was able to solve all the questions on the final test with ease. Passing the certification exam was a huge relief! I feel much more competent in my role. Thank you!
The certification prep was excellent. The content was up-to-date and aligned perfectly with the exam requirements. I appreciated the clear explanations and real-world examples that made complex topics easier to grasp. I passed PCNSA successfully. It was a game-changer for my career in IT!