• Define the “Identify” SecOps function.
• Define the “Investigate” SecOps function.
• Define the “Mitigate” SecOps function.
• Define the “Improve” SecOps function.

• Define SIEM.
• Define SOAR.
• Define incident and response procedures in a digital workflow format.
• Define the purpose of security orchestration, automation, and response.

• Define the analysis tools used to detect evidence of a security compromise.
• Understand how to collect data that will be analyzed.
• Understand why we use analysis tools within a Security operationsenvironment.
• Define the responsibilities of a security operations engineering team.

- Describe features of Cortex XDR endpoint protection technology

• Understand the Cortex platform in a Security Operations environment.
• Define the purpose of Cortex XDR for various endpoints.

• Understand how Cortex XSOAR improves Security Operations efficiency.
• Understand how Cortex Data Lake improves Security Operations visibility.

• Understand how AutoFocus gains threat intelligence for security analysis and response.
• Describe how AutoFocus can reduce the time required to investigate threats by leveraging third party services.

• Differentiate between hubs, switches and routers.
• Define the role of hubs, switches and routers.
• Given a network diagram, Identify the icons for hubs, switches and routers.
• Understand the use of VLANs.

- Classify routed and routing protocols

• Identify routed protocols.
• Identify routing protocols
• Differentiate between static and dynamic routing protocols.
• Differentiate between link state and distance vector.

- Summarize area networks and topologies

• Identify the borders of collision domains.
• Identify the borders of broadcast domains.
• Identify different types of networks.
• Identify WAN technologies.
• Understand the advantages of SD-WAN.
• Understand LAN technologies.

- Explain the purpose of the Domain Name System (DNS)

• Understand the DNS hierarchy.
• Understand the DNS record types.
• Understand how DNS record types are used.
• Identify a fully qualified domain name (FQDN).

- Identify categories of Internet of Things (IoT)

• Identify IoT connectivity technologies.
• Identify the known security risks associated with IoT.
• Identify the security solutions for IoT devices.
• Differentiate between categories of IoT devices.

- Illustrate the structure of an IPV4/IPV6 address

• Identify dotted decimal notation.
• Identify the structure of IPV6.
• Understand the purpose of IPV4 and IPV6 addressing.
• Understand the purpose of a default gateway.
• Understand the role of NAT
• Understand the role of ARP.

- Describe the purpose of IPV4 subnetting.

• Understand binary to decimal conversion.
• Understand CIDR notation.
• Define classful subnetting.
• Given a scenario, identify the proper subnet mask.
• Understand the purpose of subnetting.

- Illustrate the OSI and TCP/IP models

• Identify the order of the layers of both OSI and TCP/IP models.
• Compare the similarities of some OSI and TCP/IP models.
• Identify the function of each of the layers.
• Understand the advantages of using a layered model.
• Identify protocols at each layer.

- Explain the data encapsulation process

• Understand the data encapsulation process.
• Understand the PDU format used at different layers.

- Classify the various types of network firewalls

• Identify the characteristics of various types of network firewalls
• Understand the applications of the different types of network firewalls.

- Compare intrusion detection and intrusion prevention systems

• Understand the concept of intrusion detection systems.
• Understand the concept of intrusion prevention systems.
• Differentiate between intrusion detection systems and intrusion prevention systems.
• Differentiate between knowledge-based and behavior-based systems.

- Define virtual private networks

• Define virtual private networks.
• Differentiate between IPSec and SSL.
• Differentiate between the different tunneling protocols.
• Understand when to use a VPN.
• Understand the benefits of tunneling protocols.

- Explain data loss prevention

• Define the purpose of data loss prevention.
• Understand what would be considered sensitive data.
• Understand what would be considered inappropriate data.

- Describe unified threat management

• Differentiate between UTM and other portals logged into to do work.
• Understand how UTM integrates different aspects of content.
• Understand how the different content within the OSIs are being examined with UTM.
• Identify the security functions that are integrated with UTM.

- Define endpoint security basics

• Understand what is an endpoint.
• Understand the advantages of endpoint security.
• Understand what endpoints can be supported.
• Given an environment, identify what security methods could be deployed.
• Understand the concept of a personal firewall.
• Understand what traffic flows through a personal firewall.
• Define host-based intrusion prevention systems.
• Understand the disadvantages of host-based intrusion prevention systems.

- Compare signature and container-based malware protection

• Define signature-based malware protection.
• Define container-based malware protection.
• Differentiate between signature-based and container-based malware protection.
• Understand application whitelisting.
• Understand the concepts of false-positive and false-negative alerts.
• Define the purpose of anti-spyware software.

- Recognize types of mobile device management

• Identify the capabilities of mobile device management.
• Identify the vulnerabilities of mobile devices.
• Identify different types of mobile devices.
• Understand how to secure devices using the MDM controls.

- Explain the purpose of identity and access management

• Identify the As in the AAA model.
• Understand the purpose of identity and access management.
• Understand the risk of not using identity and access management.
• Understand the concept of least privilege.
• Understand the separation of duties.
• Understand RBAC and ABAC and Discretionary Access Control and Mandatory Access Control.
• Understand the user profile.
• Understand the impact of onboarding and offboarding from systems.
• Understand directory services.

- Describe configuration management

• Understand configuration management.
• Identify how configuration management interacts with different development methodologies.
• Understand system services required for configuration Management.

- Identify next-generation firewall features and capabilities

• Differentiate between NGFWs and FWs.
• Understand the integration of NGFWs with the cloud, networks and endpoints.
• Define App-ID.
• Define Content-ID.
• Define User-ID.

- Compare the NGFW four core subscription services

• Differentiate between the four core NGFW subscription services.
• Define WildFire.
• Define URL Filtering.
• Define Threat Prevention.
• Define DNS security.

• Define Panorama services and controls.
• Understand network security management.
• Identify the deployment modes of Panorama.

• List common Web 2.0/3.0 applications.
• Differentiate between SaaS, PaaS and IaaS.
• Distinguish between Web 2.0 and 3.0 applications and services.

- Recognize applications used to circumvent port-based firewalls

• Identify applications by their port number.
• Understand port scanning.
• Understand how to use port scanning tools.
• Understand different risk levels of applications.
• Understand the impact of using non standard ports.

- Summarize cloud computing challenges and best practices

• Define DevOps.
• Understand the impact of Service Level Agreements (SLA) with cloud contracts.
• Differentiate between cloud types.
• Understand the application of the security within the different types of clouds.
• Understand the impact of change management.
• Understand the roles within a cloud environment.

- Identify SaaS application risks

• Understand the nature of data being stored in the SaaS application.
• Understand roles within a SaaS environment.
• Understand who has access to what within a system.
• Understand security controls for SaaS applications.

- Recognize cybersecurity laws and regulations

• Understand the impact of governance regulation and compliance.
• Differentiate between major cybersecurity laws and implications.
• Understand governance versus regulations.
• Understand the code of professional conduct.

- List recent high-profile cyberattack examples

• List recent high-profile cyberattack examples.
• Understand how to use CVE.
• Understand how to use CVS.
• Given a cyberattack example, identify what key vulnerability exists.
• Identify a leading indicator of a compromise.

- Discover attacker profiles and motivations.

• Identify the different attacker profiles.
• Understand the different value levels of the information that needs to be protected.
• Identify motivations of different types of actors.

- Describe the modern cyberattack life-cycle

• Understand the different phases of the modern cyber life-cycle.
• Understand events at each level of the cyber life-cycle.

- Classify malware types

• Classify the different types of malware.
• Understand appropriate actions for the different types of malware.
• Identify the characteristics and capabilities for different types of malware.

- List the differences between vulnerabilities and exploits

• Order the steps on the vulnerability/exploit timeline.
• Differentiate between vulnerabilities and exploits.

- Categorize spamming and phishing attacks

• Differentiate between spamming and phishing attacks.
• Given specific examples, define the type of attack.
• Identify what the chain of events are as a result of an attack.

- Social Engineering

• Identify different methodologies for social engineering.
• Identify what the chain events are as a result of social engineering.

- Cybersecurity Attacks

• Differentiate between DoS and DDoS
• Define the functionality of bots and botnets.
• Differentiate between the use of a bot or botnets.
• Understand the type of IoT devices that are part of a botnet attack.
• Understand the purpose for Command and Control (C2).
• Differentiate the TCP/IP roles in DDoS attacks.

- Define the characteristics of advanced persistent threats

• Understand advanced persistent threats.
• Understand the purpose for Command and Control (C2).
• Identify where the indicators are located.

- Recognize common Wi-Fi attacks

• Differentiate between different types of Wi-Fi attacks.
• Identify common attack areas for Wi-Fi attacks.
• Understand how to monitor your Wi-Fi network.

- Define perimeter-based network security

• Define perimeter-based network security.
• Define DMZ.
• Define where the perimeter is located.
• Differentiate between North and South and East and West Zones.
• Identify the types of devices used in perimeter defense.
• Understand the transition from a trusted network to an untrusted network.

- Explain Zero Trust design principles and architecture configuration

• Define Zero Trust.
• Differentiate between Trust and Untrust zones.
• Identify the benefits of the Zero Trust model.
• Identify the design principles for Zero Trust.
• Understand microsegmentation.

- Define the capabilities of an effective Security Operating Platform

• Understand the integration of services for Network, Endpoint, and Cloud services.
• Identify the capabilities of an effective Security Operating Platform.
• Understand the components of the Security Operating Platform.

- Recognize Palo Alto Networks Strata, Prisma, and Cortex Technologies

• Identify examples of Palo Alto Networks technologies associated with securing the enterprise.
• Describe Palo Alto Networks approach to securing the cloud through the most comprehensive threat protection, governance, and compliance offering in the industry.
• Understand how Palo Alto Networks technology natively integrates network, endpoint, and cloud to stop sophisticated attacks.

• Define the NIST cloud service models.
• Define the NIST cloud deployment models.

- Recognize and list cloud security challenges

• Understand where vulnerabilities are in a shared community environment.
• Understand security responsibilities.
• Understand multi-tenancy.
• Differentiate between security tools in different environments.
• Define identity and access management controls for cloud resources.
• Understand different types of alerts and notifications.
• Identify the 4 Cs of cloud native security.

• Define the types of hypervisors.
• Describe popular cloud providers.
• Define economic benefits of cloud computing and virtualization.
• Understand the security implications of virtualization.

- Explain the purpose of containers in application deployment

• Understand the purpose of containers.
• Differentiate containers versus virtual machines.
• Define Container as a Service.
• Differentiate hypervisor from a Docker.

- Discuss the purpose of serverless computing

• Understand the purpose of serverless computing.
• Understand how serverless computing is used.

- Compare the differences between DevOps and DevSecOps

• Define DevOps.
• Define DevSecOps.
• Illustrate the CI/CD pipeline.

• Understand security compliance to protect data.
• Understand privacy regulations globally.
• Understand security compliance between local policies and SaaS applications.

• Understand the cost of maintaining a physical data center.
• Differentiate between data center security weakness of traditional solution to cloud solution.
• Differentiate between data center security weakness of traditional solution to perimeter localization solution.

• Define east-west traffic patterns.
• Define north-south traffic patterns.
• Differentiate between east-west and north-south traffic patterns.

- Recognize the four phases of hybrid data center security

• Define the four phases of hybrid data center security.
• Differentiate between traditional three-tier architectures and evolving virtual data centers.

- List the four pillars of cloud application security (Prisma Cloud)

• Define cloud native security platform.
• Identify the four pillars of Prisma cloud application security.

- Illustrate the Prisma Access SASE architecture

• Understand the concept of SASE.
• Define the SASE layer.
• Define the Network as a Service layer.
• Define how Prisma Access provides traffic protection.

• Define application use and behavior.
• List how to control sanctioned SaaS usage.