PCNSE Exam Experience Using Free(ish!) Resources

I recently passed the Palo Alto Certified Network Security Engineer exam (PCNSE) while trying to keep costs as low as possible, so thought I’d share my experience, resources used, and a few tips for the exam.

Experience and Total Study Time

For reference, I have about 3 years hands on work experience with Palo Alto firewalls, but limited exposure to their other offerings, such as Panorama, XDR and Prisma Cloud. Panorama is really the only other product that features substantially alongside the NGFW on the PCNSE exam, and that was certainly one of the bigger challenges for me. According to the exam blueprint, 17% of the exam material is focused on Panorama, and that feels about right from my experience.

Having an unexpected 2 weeks off with a decent amount of downtime, I spent those 2 weeks studying for the exam, approx. 4-6 hours a day. It’s worth noting that on top of my work experience using Palo Alto firewalls, I’ve also used Palo Alto VMs in my home lab for about a year. So the amount of study you’ll need to pass the PCNSE – as with the majority of these vendor exams – will vary depending on your prior hands-on experience. I think due to how the Palo Alto management interface is quite deeply layered – and in some cases a little unintuitive – coupled with how much you will be quizzed on nuances in relation to the GUI interface, hands on experience is essential for this exam.

Study Materials

To keep costs down, I decided against using any of the EDU training courses – I believe Palo Alto recommend EDU-110, EDU-120 and EDU-130 before taking the PCNSE. The costs for those courses are eye-watering! They’re aimed at businesses training their employees of course, so if you can get an employer to pay for them, I’m sure they’re well worth doing. As an individual, I think there’s plenty of free material online for you to prepare sufficiently for the exam. Below is what I used.

CBT Nuggets: PCNSA and PCNSE Courses – Free (7-day trial)

CBT Nuggets have a 7-day full-access trial. I quickly went through the PCNSA course first to make sure there was nothing foundational I was missing (though Keith Barker is hard work to keep up with at 2x speed regardless of how familiar you are with the material!). I’m glad I watched this course first, as the PCNSE series references back the PCNSA videos quite often.

I followed that with the PCNSE course, following along more closely and labbing any sections that I felt I was weak in. It’s nice to start study for an exam with a video series like this, as it gives you a broad overview of the exam, but you can also dip back in again when you need more detail or clarification. I highly recommend CBT Nuggets, and if you can afford a subscription, I’m sure it’s well worth it!

EMEA PCNSE 2021 YouTube Series – Free

Next up was the EMEA PCNSE 2021 YouTube Series, which is video series consisting of 5 presentations, roughly one on each of the exam domains. This series is a very broad overview of the exam content. There are a few good exam hints dropped here and there, but it doesn’t offer much more than what’s contained in the CBT Nuggets series, and to a much shallower depth. It’s also spread across three different presenters, which made it a feel a bit disjointed. I’d probably give this a miss in hindsight, or watch it before the CBT Nuggets series if I was to do it again.

Palo Alto PCNSE Study Guide – Free

The Palo Alto PCNSE Study Guide is available for free from their website. This undoubtedly gives you guidance on all exam topics, as it matches the blueprint domain by domain, but much of the information you’ll need to answer exam questions is contained in links to KB articles within this document. So unfortunately not a completely self-contained study guide. But if you’re willing to follow all references and read/understand those links, this is an excellent resource. Just don’t mistake it as all you need to pass the exam; it’s a guide, nothing more.

Beacon – Free (though you will need a customer account)

Beacon is Palo Alto’s digital learning platform, and I was pleasantly surprised by how good their collection of PCNSE training modules are. I have a few small gripes with it; I appreciate a slick and interactive website, but if I have to keep clicking elements to reveal information it can quickly get frustrating. And the small video snippets badly need a 1.5x/2x speed option. The guy narrating these is clear, concise, and drops some really important nuggets of information for the exam, but he delivers it way too slowly. Other than that, the information is excellent, it covers all exam topics, and the end-of-module tests and final exam are well worth doing to give you a flavour of the actual exam’s style and presentation.

Lab – Free (maybe!)

Probably the most important study resource, and the one I spent most time with, was my home lab. The above resources, in particular the CBT Nuggets PCNSE course and the Beacon modules, when combined with a decent lab environment, is everything you need to pass this exam in my opinion. I would recommend that your lab includes a second NGFW VM for practicing VPNs, access to the internet for testing security profiles and content updates, and a decent Active Directory environment for learning how AD/LDAP/Certificate Authorities etc. can be integrated. Keith Barker in his PCNSA series goes through the setup of his lab in detail, and it covers a lot of these suggestions, so it’s well worth checking that out.

Depending on your current situation, getting your hands on a licensed Palo Alto firewall to practice with may or may not be free. A basic NGFW VM can be obtained from Palo Alto with a customer account, but of course a standard license and subscriptions to the various licensed features such as Wildfire and Threat Prevention are not. I was lucky enough to get VM credits as a trial, which allowed me to kit out a VM with all licensed features, so approach your Palo Alto partner or reseller to enquire, preferably from a business address suggesting you’re running a POF! Practicing on NHFW without licensing or subscriptions really isn’t going to cut it for this exam in my opinion.

Exam Experience

As for the actual exam experience, it’s a very straightforward multiple choice format. No lab or case study elements, just multiple choice with a few drag & drop questions. I felt like all the questions were very fair, and unlike some other exams, none of the questions felt like they were designed to trick or fool you into selecting the wrong answer.

For me the biggest challenge was questions around Panorama, as I have neither previous work experience with it nor have it set up in my lab. So for this, I purely relied on absorbing details on Panorama from the resources mentioned, which wasn’t ideal. In relation to Panorama, it’s definitely worth knowing what’s available to configure within the Device Groups and Templates tabs, how template stacks works, and the various options around logging.

Overall, I’m very happy to have done this exam, at a final cost of €210 for the exam fee with Pearson Vue. It’s always nice to get certified in a technology you use day to day, as you not only get to leverage the experience you already have in helping you pass, but you also learn so much which you can directly implement at work. I finished the exam with plenty of ideas on how to better implement our Palo Alto devices to secure our network, so it was well worth the effort.