Securing Networks with Cisco Routers and Switches (642-637)



Similar documents
Cisco Networking Professional-6Months Project Based Training

Cisco Certified Security Professional (CCSP)

Cisco Certified Network Expert (CCNE)

Implementing Core Cisco ASA Security (SASAC)

COURSE AGENDA. Lessons - CCNA. CCNA & CCNP - Online Course Agenda. Lesson 1: Internetworking. Lesson 2: Fundamentals of Networking

VPN_2: Deploying Cisco ASA VPN Solutions

Implementing Cisco IOS Network Security

Deploying Cisco ASA VPN Solutions

Evaluating the Cisco ASA Adaptive Security Appliance VPN Subsystem Architecture

IINS Implementing Cisco Network Security 3.0 (IINS)

Implementing Secured Converged Wide Area Networks (ISCW) Version 1.0

To participate in the hands-on labs in this class, you need to bring a laptop computer with the following:

Implementing Cisco IOS Network Security v2.0 (IINS)

For Sales Kathy Hall

Both CCNP ROUTE and CCNP SWITCH. Plan and document the most common maintenance functions in complex enterprise networks

Managing Enterprise Security with Cisco Security Manager

Securing Networks with Cisco Routers and Switches 1.0 (SECURE)

The IINS acronym to this exam will remain but the title will change slightly, removing IOS from the title, making the new title

Implementing Cisco Secure AccessSolutions Exam

SSECMGT: CManaging Enterprise Security with Cisco Security Manager v4.x

Cisco Certified Network Professional - Routing & Switching

Course Contents CCNP (CISco certified network professional)

CCNA Security. IINS v2.0 Implementing Cisco IOS Network Security ( )

SNRS. Securing Networks with Cisco Routers and Switches. Length 5 days. Format Lecture/lab

IMPLEMENTING CISCO SWITCHED NETWORKS V2.0 (SWITCH)

Cisco ASA 5500-X Series ASA 5512-X, ASA 5515-X, ASA 5525-X, ASA 5545-X, and ASA 5555-X

Deploying Cisco ASA VPN Solutions Exam.

CISCO IOS NETWORK SECURITY (IINS)

Cisco Certified Network Professional (CCNP Routing & Switching)

(d-5273) CCIE Security v3.0 Written Exam Topics

Securing Networks with PIX and ASA

CCNA Cisco Associate- Level Certifications

How To Set Up A Cisco Safesa Firewall And Security System

Managing Enterprise Security with Cisco Security Manager

Cisco ASA. Administrators

Workspot Configuration Guide for the Cisco Adaptive Security Appliance

Cisco Discovery 3: Introducing Routing and Switching in the Enterprise hours teaching time

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL I. VERSION 2.0

CCIE Security Written Exam ( ) version 4.0

ICANWK613A Develop plans to manage structured troubleshooting process of enterprise networks

Cisco Certified Network Associate (CCNA) 120 Hours / 12 Months / Self-Paced WIA Fee: $

Tim Bovles WILEY. Wiley Publishing, Inc.

TABLE OF CONTENTS NETWORK SECURITY 2...1

Interconnecting Cisco Network Devices 1 Course, Class Outline

Implementing and Administering Security in a Microsoft Windows Server 2003 Network

Cisco AnyConnect Secure Mobility Solution Guide

Cisco ASA 5500 Series Adaptive Security Appliance 8.2 Software Release

Cisco Actualtests Exam Questions & Answers

Security Threats VPNs and IPSec AAA and Security Servers PIX and IOS Router Firewalls. Intrusion Detection Systems

ASM Educational Center (ASM) Est. 1992

How To Learn Cisco Cisco Ios And Cisco Vlan

Interconnecting Cisco Networking Devices Part 2

Sophos Certified Architect Course overview

CCT vs. CCENT Skill Set Comparison

TABLE OF CONTENTS NETWORK SECURITY 1...1

Cisco Adaptive Security Appliance Smart Tunnels Solution Brief

Interconnecting Cisco Networking Devices, Part 1 (ICND1) v3.0

Table of Contents. Introduction

Cisco ASA, PIX, and FWSM Firewall Handbook

Cisco CCNP Implementing Secure Converged Wide Area Networks (ISCW)

"Charting the Course...

CCNP: Implementing Secure Converged Wide-area Networks

Securing Cisco Network Devices (SND)

Cisco Certified Network Associate - Design

Configuring Dynamic Access Policies

: Interconnecting Cisco Networking Devices Part 1 v2.0 (ICND1)

INTERCONNECTING CISCO NETWORK DEVICES PART 1 V2.0 (ICND 1)

Lab Organizing CCENT Objectives by OSI Layer

Implementing Cisco Secure Mobility

CCNP Security SECURE

Cisco EXAM Implementing Cisco Secure Mobility Solutions (SIMOS) Buy Full Product.

Troubleshooting and Maintaining Cisco IP Networks Volume 1

Asheville-Buncombe Technical Community College Department of Networking Technology. Course Outline

Official Cert Guide. CCNP Security IPS Odunayo Adesina, CCIE No Keith Barker, CCIE No Cisco Press.

Designing Cisco Network Service Architectures ARCH v2.1; 5 Days, Instructor-led

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD CCNA SECURITY. VERSION 1.0

Cisco Certified Security Professional (CCSP) 50 Cragwood Rd, Suite 350 South Plainfield, NJ 07080

Configuring the Transparent or Routed Firewall

Interconnecting Cisco Networking Devices: Accelerated (CCNAX) 2.0(80 Hs) 1-Interconnecting Cisco Networking Devices Part 1 (40 Hs)

IMPLEMENTING CISCO IP ROUTING V2.0 (ROUTE)

Interconnecting Cisco Networking Devices, Part 2 Course ICND2 v2.0; 5 Days, Instructor-led

Cisco AnyConnect Secure Mobility Client VPN User Messages, Release 3.1

IPv6 Fundamentals, Design, and Deployment

Description: Objective: Upon completing this course, the learner will be able to meet these overall objectives:

Cisco Certified Network Associate Exam. Operation of IP Data Networks. LAN Switching Technologies. IP addressing (IPv4 / IPv6)

CCNA. Course Fee: 8500 INR (Lab Access, Software s, Books, Tool Kits & Tax Included) Course Duration: 5 Days

Security. AAA Identity Management. Premdeep Banga, CCIE # Cisco Press. Vivek Santuka, CCIE # Brandon J. Carroll, CCIE #23837

"Charting the Course... Implementing Citrix NetScaler 11 for App and Desktop Solutions CNS-207 Course Summary

CISCO TECHNICAL TRAINING

50 Cragwood Rd, Suite 350 South Plainfield, NJ Victoria Commons, 613 Hope Rd Building #5, Eatontown, NJ 07724

Course Syllabus. Fundamentals of Windows Server 2008 Network and Applications Infrastructure. Key Data. Audience. Prerequisites. At Course Completion

CCNA Security 2.0 Scope and Sequence

INTERCONNECTING CISCO NETWORKING DEVICES PART 2 V2.0 (ICND 2)

: Interconnecting Cisco Networking Devices Part 2 v1.1

CURSO DE PREPARACION PARA LA CERTIFICACION CCNA (Cisco Certified Network Associate)

NETASQ MIGRATING FROM V8 TO V9

ASA and Native L2TP IPSec Android Client Configuration Example

CCNP V 6.0 Scope and Sequence

Transcription:

Securing Networks with Cisco Routers and Switches (642-637) Exam Description: The 642-637 Securing Networks with Cisco Routers and Switches exam is the exam associated with the CCSP, CCNP Security, and Secure IOS specialization certification. This 90-minute, 60 70 questions, exam tests a candidate's knowledge of the skills needed to secure Cisco IOS Software router and switch-based networks, and provide security services based on Cisco IOS Software. Candidates can prepare for this exam by taking the SECURE Securing Networks with Cisco Routers and Switches course. The recommended exam pre-requisites for this exam are ICND1, ICND2, and IINS. The exam is closed book and no outside reference materials are allowed. The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice. 42% 1.0 Pre-Production Design 1.1 Choose Cisco IOS technologies to implement HLD 1.2 Choose Cisco products to implement HLD 1.3 Choose Cisco IOS features to implement HLD 2 1.4 Integrate Cisco network security solutions with other security technologies 1.5 Create and test initial Cisco IOS configurations for new devices/services 47% 2.0 Complex Support Operations 2.1 Optimize Cisco IOS security infrastructure device performance 2.2 Create complex network security rules to meet the security policy requirements 2.3 Optimize security functions, rules, and configuration 2.4 Configure and verify NAT to dynamically mitigate identified threats to the network 2.5 Configure and verify IOS Zone Based Firewalls including advanced application inspections and URL filtering 2.6 Configure and verify the IPS features to identify threats and dynamically block them from entering the network 2.7 Maintain, update and tune IPS signatures 2.8 Configure and verify IOS VPN features 2.9 Configure and verify layer 2 and layer 3 security features 11% 3.0 Advanced Troubleshooting 3.1 Advanced Cisco IOS security software configuration fault finding and repairing 3.2 Advanced Cisco routers and switches hardware fault finding and repairing 2013 Cisco Systems, Inc. This document is Cisco Public. Page 1

Implementing Cisco IP Switched Networks (642-813) Exam Description: The 642-813 exam is a two-hour test with 35 45 questions. Implementing Cisco IP Switched Networks (SWITCH 642-813) is a qualifying exam for the Cisco Certified Network Professional CCNP, and Cisco Certified Design Professional CCDP certifications. The SWITCH 642-813 exam will certify that the successful candidate has important knowledge and skills necessary to plan, configure and verify the implementation of complex enterprise switching solutions using Cisco s Campus Enterprise Architecture. The SWITCH exam also covers secure integration of VLANs, WLANs, voice and video into campus networks. The exam is closed book and no outside reference materials are allowed. The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice. 50% 1.0 Implement VLAN Based Solution, Given a Network Design and a Set of Requirements 1.1 Determine network resources needed for implementing a VLAN based solution on a network 1.2 Create a VLAN based implementation plan 1.3 Create a VLAN based verification plan 1.4 Configure switch-to-switch connectivity for the VLAN based solution 1.5 Configure loop prevention for the VLAN based solution 1.6 Verify EIGRP solution was implemented properly using show and debug commands 12% 2.0 Implement a Security Extension of a Layer 2 Solution, Given a Network Design and a Set of Requirements 2.1 Determine network resources needed for implementing a Security solution 2.2 Create a implementation plan for the Security solution 2.3 Create a verification plan for the Security solution 2.4 Configure port security features 2.5 Configure general switch security features 2.6 Configure private VLANs 2.7 Configure VACL and PACL 2.8 Verify the Security based solution was implemented properly using show and debug commands 2.9 Document results of Security implementation and verification 14% 3.0 Implement Switch Based Layer 3 Services, Given a Network Design and a Set of Requirements 3.1 Determine network resources needed for implementing a Switch based Layer 3 solution 3.2 Create an implementation plan for the Switch based Layer 3 solution 3.3 Create a verification plan for the Switch based Layer 3 solution 2013 Cisco Systems, Inc. This document is Cisco Public. Page 1

3.4 Configure routing interfaces 3.5 Configure Layer 3 Security 3.6 Verify the Switch based Layer 3 solution was implemented properly using show and debug commands 3.7 Document results of Switch based Layer 3 implementation and verification 5% 4.0 Prepare Infrastructure to Support Advanced Services 4.1 Implement a wireless extension of a Layer 2 solution 4.2 Implement a VoIP support solution 4.3 Implement video support solution 19% 5.0 Implement High Availability, Given a Network Design and a Set of Requirements 5.1 Determine network resources needed for implementing High Availability on a network 5.2 Create a High Availability implementation plan 5.3 Create a High Availability verification plan 5.4 Implement first hop redundancy protocols 5.5 Implement switch supervisor redundancy 5.6 Verify High Availability solution was implemented properly using show and debug commands 5.7 Document results of High Availability implementation and verification 2013 Cisco Systems, Inc. This document is Cisco Public. Page 2

Troubleshooting and Maintaining Cisco IP Networks (642-832) Exam Description: The 642-832 exam is a 2-¼ hour test with 35 45 questions. Troubleshooting and Maintaining Cisco IP Networks (TSHOOT 642-832) is a qualifying exam for the Cisco Certified Network Professional CCNP certification. The TSHOOT 642-832 exam will certify that the successful candidate has important knowledge and skills necessary to (1) plan and perform regular maintenance on complex enterprise routed and switched networks and (2) use technology-based practices and a systematic ITILcompliant approach to perform network troubleshooting. The exam is closed book and no outside reference materials are allowed. The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice. 6% 1.0 Maintain and Monitor Network Performance 1.1 Develop a plan to monitor and manage a network 1.2 Perform network monitoring using IOS tools 1.3 Perform routine IOS device maintenance 1.4 Isolate sub-optimal internetwork operation at the correctly defined OSI model layer 94% 2.0 Troubleshoot Multi-Protocol Networks and Device Hardening 2.1 Troubleshoot EIGRP 2.2 Troubleshoot OSPF 2.3 Troubleshoot ebgp 2.4 Troubleshoot routing redistribution solution 2.5 Troubleshoot a DHCP client and server solution 2.6 Troubleshoot NAT 2.7 Troubleshoot first hop redundancy protocols 2.8 Troubleshoot IPv6 routing 2.9 Troubleshoot IPv6 and IPv4 interoperability 2.10 Troubleshoot switch-to-switch connectivity for the VLAN based solution 2.11 Troubleshoot loop prevention for the VLAN based solution 2.12 Troubleshoot access ports for the VLAN based solution 2.13 Troubleshoot private VLANS 2.14 Troubleshoot port security 2.15 Troubleshoot general switch security 2.16 Troubleshoot VACL and PACL 2.17 Troubleshoot switch virtual interfaces (SVIs) 2.18 Troubleshoot switch supervisor redundancy 2.19 Troubleshoot switch support of advanced services (i.e., Wireless, VoIP and Video) 2.20 Troubleshoot a VoIP support solution 2.21 Troubleshoot a video support solution 2013 Cisco Systems, Inc. This document is Cisco Public. Page 1

2.22 Troubleshoot Layer 3 Security 2.23 Troubleshoot issues related to ACLs used to secure access to Cisco routers 2.24 Troubleshoot configuration issues related to accessing the AAA server for authentication purposes 2.25 Troubleshoot security issues related to IOS services (i.e. finger, NTP, HTTP, FTP, RCP etc.) 2013 Cisco Systems, Inc. This document is Cisco Public. Page 2

Deploying Cisco ASA VPN Solutions (642-648) Exam Description: The 642-648 Deploying Cisco ASA VPN Solutions (VPN) exam is associated with the CCNP Security and Cisco VPN certifications. This 90-minute, 60 70 questions, exam tests a candidate's knowledge of the skills needed to deploy Cisco ASA-based VPN solutions using ASA version 8.4. Candidates can prepare for this exam by taking the Deploying Cisco ASA VPN Solutions (VPN) course. The recommended pre-requisite exams for this exam are ICND1, ICND2, IINS, and SECURE. The exam is closed book and no outside reference materials are allowed. The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice. 25% 1.0 ASA VPN Configuration Components 1.1 Identify ASA VPN licensing requirements 1.1.a AC essential 1.1.b AC premium 1.1.c AC premium shared license 1.1.d AC mobile 1.1.e Advanced endpoint assessment 1.1.f Flex license 1.1.g WSA license for AC WSA secure mobility 1.2 Identify the components and features of Any Connect 3.0 mobility (VPN, NAM, web Sec (scan safe), Telemetry) 1.2.a VPN 1.2.b NAM 1.2.c Web Sec (scan safe/wsa) 1.2.d Posture module and standalone host scan package 1.2.e Telemetry 1.3 Implement ASA VPN connection profiles, group policies, and user policies 1.3.a Policy hierarchy/inheritance 1.3.b Default policies 1.3.c Connection profiles/group policies/user policies configurations 1.3.d Implement basic access control and split tunneling using ASDM 1.3.e Connection profile lock 1.4 Implement SCEP proxy operations using ASDM 1.4.a SCEP proxy solution components 1.4.b ASA SCEP proxy 2013 Cisco Systems, Inc. This document is Cisco Public. Page 1

1.5 Implement local and external VPN authorization using ASDM 1.5.a Local (ASA) VPN authorization 1.5.b VPN authorization using external policy servers 1.5.c ACL, web ACL, group policy restriction authorization policy 1.6 Implement VPN session accounting using ASDM 1.6.a VPN accounting using external RADIUS and TACACS+ 1.7 Implement CSD and independent host scan operations using ASDM 1.7.a CSD features 1.7.b CSD installation and configurations and customizations 1.7.c Pre-Login policies, vault, cache cleaner, host emulation detection, key logger detection 1.7.d Pre anyconnect 3.0 host scan and post anyconnect 3.0 independent host scan 1.7.e Endpoint assessment 1.7.f Advanced endpoint assessment 1.8 Implement DAP operations using ASDM 1.8.a Policy hierarchy DAP rules over user and group policies 1.8.b DAP features and operations 1.8.c Default DAP access policy 1.8.d DAP configurations (attributes matching and authorization parameters) 1.8.e DAP records aggregation 1.8.f Integration CSD with DAP 1.9 Implement local CA operations for SSL VPNs using ASDM 1.9.a ASA local CA feature and limitations 1.9.b ASA local CA operations and configurations 1.10 Implement certificate maps using ASDM 1.10.a Configure certificate mappings to match users to tunnel groups based on the certificate fields 1.11 Identify the ASA IPv6 VPN capabilities 1.11.a IPv6 VPN support on the ASA (8.3 IPv6 support for IKEv1 S2S VPN) 1.12 Monitor and verify the resulting CLI commands resulting from the various VPN configurations on the ASA 1.12.a Explain various VPN configurations CLI commands and show outputs 12% 2.0 ASA IP SEC S2S VPN 2.1 Implement a security high level design according to policy and environmental requirements by identifying Cisco ASA IPSec S2S VPN features and supporting technologies 2.1.a IKEv1 vs IKEv2 2.1.b Authentication methods 2013 Cisco Systems, Inc. This document is Cisco Public. Page 2

2.2 Implement basic IPSEC S2S VPN operations with PSK and digital certificates using ASDM 2.2.a IPSec S2S VPN configuration using PSK authentication 2.2.b IPSec S2S VPN configuration using certificate based authentication 2.3 Implement basic IKEv2 based IPSEC S2S VPN operations using ASDM 2.3.a IPSec IKEv2 based S2S VPN configuration using PSK authentication 2.4 Troubleshoot the initial provisioning IPSec S2S VPN applications due to misconfiguration 2.4.a Use ASDM, show and debug CLI commands to verify and troubleshoot IPSec S2S VPN operations 13% 3.0 ASA EZ VPN 3.1 Implement a security high level design according to policy and environmental requirements by identifying Cisco ASA VPN client features and supporting technologies 3.1.a IPSec Client 3.1.b AnyConnect 3.0 IPSec support 3.1.c IKEv1 vs IKEv2 3.1.d Authentication methods 3.1.e EZVPN servers hardware 3.1.f EZVPN remote hardware 3.2 Implement basic EZVPN server operations on the ASA using ASDM 3.2.a IKE and IPsec policy 3.2.b Group PSK, certificate based authentication, hybrid authentication 3.2.c Extended user authentication 3.2.d Client network settings 3.2.e Basic access control 3.3 Implement basic EZVPN remote operations on the ASA 5505 using ASDM 3.3.a Client mode vs. network extension Mode 3.3.b Group PSK, certificate based authentication, hybrid authentication 3.3.c User authentication options 3.3.d Remote management 3.3.e Device pass-through 3.3.f IPSec over TCP 3.4 Implement AnyConnect 3.0 IKEv2 RA VPN operations (I would remove the IPSEC client coverage to make room) 3.4.a AnyConnect IKEv2 IPSec RA VPN configurations 3.4.b AnyConnect profile editor (ASDM integrated and standalone) 3.5 Implement client services server (CSS) feature 3.5.a List the features enabled with client services server for AnyConnect IPSec (IKEv2) VPN 3.6 Troubleshoot the initial provisioning IPSec RA VPN applications due to misconfiguration 3.6.a Use ASDM, show and debug CLI commands to verify and troubleshoot IPSec EZVPN operations 2013 Cisco Systems, Inc. This document is Cisco Public. Page 3

13% 4.0 ASA AnyConnect SSL VPNs 4.1 Implement a security high level design according to policy and environmental requirements by identifying Cisco ASA anyconnect client features and supporting technologies 4.1.a Pre and post anyconnect 3.0 SSL VPN features 4.1.b Web launch versus stand-alone 4.2 Implement DTLS operations using ASDM 4.2.a DTLS benefits and configuration 4.3 Implement basic anyconnect 3.0 full tunnel SSL VPN operations 4.3.a Basic anyconnect SSL VPN configurations 4.3.b Web launch configurations 4.4 Troubleshoot anyconnect SSL VPN operations using DART 4.5 Implement anyconnect Profiles using ASDM 4.5.a Anyconnect profile options and parameters for anyconnect SSL VPN operations 4.5.b Anyconnect profile editor (ASDM integrated and standalone) 4.6 Implement advanced authentication in anyconnect Full Tunnel SSL VPNs (certificate/multi authentication) using ASDM 4.6.a External AAA authentication 4.6.b Certificate based authentication 4.6.c Advanced PKI integrations 4.6.d Multi authentications 4.7 Troubleshoot the initial provisioning client-based SSL VPN applications due to misconfiguration 4.7.a Use ASDM, show and debug CLI commands to verify and troubleshoot anyconnect SSL VPN operations 28% 5.0 ASA Clientless SSL VPNs 5.1 Implement a security high level design according to policy and environmental requirements by identifying Cisco ASA clientless SSL VPN features and supporting technologies 5.2 Implement basic clientless SSL VPN operations using ASDM 5.2.a Provision identity cert for ASA 5.2.b Connection profile 5.2.c Group policy 5.2.d Optional DNS settings 5.2.e Local user authentication 5.3 Implement advanced applications access using ASDM 5.3.a Advanced application deployment options 5.3.b Application plugins 5.3.c Smart tunnels 2013 Cisco Systems, Inc. This document is Cisco Public. Page 4

5.4 Implement the SSO features on the ASA in a clientless SSL VPN environment 5.4.a Basic HTTP, NTLM, and FTP SSO authentication 5.4.b Dedicated SSO server 5.5 Implement advanced authentication in clientless SSL VPNs (certificate/multi authentication) using ASDM 5.5.a Certificates issued by external CA 5.5.b External AAA database 5.5.c Multiple sequential authentication 5.6 Manage the clientless SSL VPN user interface and portal using ASDM 5.6.a URL entry, bookmarks, and web-type ACLs 5.6.b File server entries, file server browsing, hidden CIFS share access 5.6.c Custom home page via Smart Tunnel 5.7 Implement basic portal customization 5.7.a Login page 5.7.b Portal page 5.7.c Logout page 5.7.d Assign customization object to a connection profile 5.8 Troubleshoot the initial provisioning of clientless SSL VPN applications due to misconfiguration 5.8.a SSL/TLS session checking 5.8.b User authentication checking 5.8.c Connection and group profile checking 8% 6.0 SSL VPN High Availability 6.1 Implement SSL and IPSEC VPN high availability features 6.1.a Redundant peering 6.1.b Cluster load balancing 6.1.c Active standby failover 2013 Cisco Systems, Inc. This document is Cisco Public. Page 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information