1.1 Demonstrate knowledge of rewall management interfaces
1.1.1 Management interfaces
1.1.2 Methods of access
1.1.3 Access restrictions
1.1.4 Identity-management tra c ow
1.1.5 Management services
1.1.6 Service routes
1.2 Provision local administrators
1.2.1 Authentication pro le
1.2.2 Authentication sequence
1.3 Assign role-based authentication
1.4 Maintain rewall congurations
1.4.1 Running conguration
1.4.2 Candidate conguration
1.4.3 Discern when to use load, save, import, and export
1.4.4 Di erentiate between conguration states
1.4.5 Back up Panorama congurations and rewalls from Panorama
1.5 Push policy updates to Panorama-managed rewalls
1.5.1 Device groups and hierarchy
1.5.2 Where to place policies
1.5.3 Implications of Panorama management
1.5.4 Impact of templates, template stacks, and hierarchy
1.6 Schedule and install dynamic updates
1.6.1 From Panorama
1.6.2 From the rewall
1.6.3 Scheduling and staggering updates on an HA pair
1.7 Create and apply security zones to policies
1.7.1 Identify zone types
1.7.2 External types
1.7.3 Layer 2
1.7.4 Layer 3
1.7.5 TAP
1.7.6 VWire
1.7.7 Tunnel
1.8 Identify and congure rewall interfaces
1.8.1 Di erent types of interfaces
1.8.2 How interface types a ect Security policies
1.9 Maintain and enhance the conguration of a virtual or logical router
1.9.1 Steps to create a static route
1.9.2 How to use the routing table
1.9.3 What interface types can be added to a virtual or logical router
1.9.4 How to congure route monitoring
2.2. Managing Objects
2.1 Create and maintain address and address group objects
2.1.1 How to tag objects
2.1.2 Di erentiate between address objects
2.1.3 Static groups versus dynamic groups
2.2 Create and maintain services and service groups
2.3 Create and maintain external dynamic lists
2.4 Congure and maintain application lters and application groups
2.4.1 When to use lters versus groups
2.4.2 The purpose of application characteristics as de ned in the App-ID database
3.3. Policy Evaluation and Management
3.1 Develop the appropriate application-based Security policy
3.1.1 Create an appropriate App-ID rule
3.1.2 Rule shadowing
3.1.3 Group rules by tag
3.1.4 The potential impact of App-ID updates to existing Security policy rules
3.1.5 Policy usage statistics
3.2 Di erentiate speci c security rule types
3.2.1 Interzone
3.2.2 Intrazone
3.2.3 Universal
3.3 Congure Security policy match conditions, actions, and logging options
3.3.1 Application lters and groups
3.3.2 Logging options
3.3.3 App-ID
3.3.4 User-ID
3.3.5 Device-ID
3.3.6 Application lter in policy
3.3.7 Application group in policy
3.3.8 EDLs
3.4 Identify and implement proper NAT policies
3.4.1 Destination
3.4.2 Source
3.5 Optimize Security policies using appropriate tools
3.5.1 Policy test match tool
3.5.2 Policy Optimizer
4.4. Securing Tra c
4.1 Compare and contrast di erent types of Security pro les
4.1.1 Antivirus
4.1.2 Anti-Spyware
4.1.3 Vulnerability Protection
4.1.4 URL Filtering
4.1.5 WildFire Analysis
4.2 Create, modify, add, and apply the appropriate Security pro les and groups
4.2.1 Antivirus
4.2.2 Anti-Spyware
4.2.3 Vulnerability Protection
4.2.4 URL Filtering
4.2.5 WildFire Analysis
4.2.6 Congure threat prevention policy
4.3 Di erentiate between Security pro le actions
4.4 Use information available in logs
4.4.1 Tra c
4.4.2 Threat
4.4.3 Data
4.4.4 System logs
4.5 Enable DNS Security to control tra c based ons
4.5.1 Congure DNS Security
4.5.2 Apply DNS Security in policy
4.6 Create and deploy URL- ltering-based controls
4.6.1 Apply a URL pro le in a Security policy
4.6.2 Create a URL Filtering pro le
4.6.3 Create a custom URL category
4.6.4 Control tra c based on a URL category
4.6.5 Why a URL was blocked
4.6.6 How to allow a blocked URL
4.6.7 How to request a URL recategorization
4.7 Di erentiate between group mapping and IP-to-user mapping within policies and logs
4.7.1 How to control access to speci c locations
4.7.2 How to apply to speci c policies
4.7.3 Identify users within the ACC and the monitor tab
