Scribd Logo
Upload

Welcome to Scribd!

  • CCIE Security Lab Exam Topics v4.0 System Hardening and Availability

    Uploaded by

    aliahmadqj
    24 views3 pages

    Original Title

    CCIE Sec v4

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    24 views3 pages

    CCIE Security Lab Exam Topics v4.0 System Hardening and Availability

    Uploaded by

    aliahmadqj

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    CCIE Security Lab Exam Topics v4.

    0
     

    The following topics are general guidelines for the content likely to be included on the lab exam.
    However, other related topics may also appear on any specific delivery of the exam. In order to
    reflect better the contents of the exam and for clarity purposes, the exam topics may change at
    any time without notice.

    Candidates may be required to perform implementation, optimization and troubleshooting


    actions in each of the exam topics sections and should also be comfortable with both IPv4 and
    IPv6 concepts and application. 

    CCIE Security Lab Exam Topics v4.0


    System Hardening and Availability
    Routing plane security features (e.g. protocol authentication, route filtering)
    Control Plane Policing
    Control Plane Protection and Management Plane Protection
    Broadcast control and switchport security
    Additional CPU protection mechanisms (e.g. options drop, logging interval)
    Disable unnecessary services
    Control device access (e.g. Telnet, HTTP, SSH, Privilege levels)
    Device services (e.g. SNMP, Syslog, NTP)
    Transit Traffic Control and Congestion Management
    Threat Identification and Mitigation
    Identify and protect against fragmentation attacks
    Identify and protect against malicious IP option usage
    Identify and protect against network reconnaissance attacks
    Identify and protect against IP spoofing attacks
    Identify and protect against MAC spoofing attacks
    Identify and protect against ARP spoofing attacks
    Identify and protect against Denial of Service (DoS) attacks
    Identify and protect against Distributed Denial of Service (DDoS) attacks
    Identify and protect against Man-in-the-Middle (MiM) attacks
    Identify and protect against port redirection attacks
    Identify and protect against DHCP attacks
    Identify and protect against DNS attacks
    Identify and protect against MAC Flooding attacks
    Identify and protect against VLAN hopping attacks
    Identify and protect against various Layer2 and Layer3 attacks
    NBAR
    NetFlow
    Capture and utilize packet captures
    Intrusion Prevention and Content Security
    IPS 4200 Series Sensor Appliance
    (a) Initialize the Sensor Appliance
    (b) Sensor Appliance management
    (c) Virtual Sensors on the Sensor Appliance
    (d) Implementing security policies
    (e) Promiscuous and inline monitoring on the Sensor Appliance
    (f) Tune signatures on the Sensor Appliance
    (g) Custom signatures on the Sensor Appliance
    (h) Actions on the Sensor Appliance
    (i) Signature engines on the Sensor Appliance
    (j) Use IDM/IME to  the Sensor Appliance
    (k) Event action overrides/filters on the Sensor Appliance
    (l) Event monitoring on the Sensor Appliance
    VACL/SPAN & RSPAN on Cisco switches
    WSA
    (a) Implementing WCCP
    (b) Active Dir Integration
    (c)Custom Categories
    (d) HTTPS Config
    (e) Services Configuration (Web Reputation)
    (f) Configuring Proxy By-pass Lists
    (g) Web proxy modes
    (h) App visibility and control
    Identity Management
    Identity Based Authentication/Authorization/Accounting
    (a) Cisco Router/Appliance AAA
    (b) RADIUS
    (c)TACACS+
    Device Admin (Cisco IOS Routers, ASA, ACS5.x)
    Network Access (TrustSec Model)
    (a) Authorization Results for Network Access (ISE)
    (b) 802.1X (ISE)
    (c)VSAs (ASA / Cisco IOS / ISE)
    (d) Proxy-Authentication (ISE/ASA/Cisco IOS)
    Cisco Identity Services Engine (ISE)
    (a) Profiling Configuration (Probes)
    (b) Guest Services
    (c)Posture Assessment
    (d) Client Provisioning (CPP)
    (e) Configuring AD Integration/Identity Sources
    Perimeter Security and Services
    Cisco ASA Firewall
    (a) Basic firewall Initialization
    (b) Device management
    (c ) Address translation (nat, global, static)
    (d) Access Control Lists
    (e) IP routing/Route Tracking
    (f) Object groups
    (g) VLANs
    (h) Configuring Etherchannel
    (i) High Availability and Redundancy
    (j) Layer 2 Transparent Firewall
    (k) Security contexts (virtual firewall)
    (l) Modular Policy Framework
    (j) Identity Firewall Services
    (k) Configuring ASA with ASDM
    (l) Context-aware services
    (m) IPS capabilities
    (n) QoS capabilities
    Cisco IOS Zone Based Firewall
    (a) Network, Secure Group and User Based Policy
    (b) Performance Tuning
    (c) Network, Protocol and Application Inspection
    Perimeter Security Services
    (a) Cisco IOS QoS and Packet marking techniques
    (b) Traffic Filtering using Access-Lists
    (c)Cisco IOS NAT
    (d) uRPF
    (e) PAM - Port to Application Mapping
    (f) Policy Routing and Route Maps
    Confidentiality and Secure Access
    IKE (V1/V2)
    IPsec LAN-to-LAN (Cisco IOS/ASA)
    Dynamic Multipoint VPN (DMVPN)
    FlexVPN
    Group Encrypted Transport (GET) VPN
    Remote Access VPN
    (a) Easy VPN Server (Cisco IOS/ASA)
    (b) VPN Client 5.X
    (c)Clientless WebVPN
    (d)  AnyConnect VPN
    (e) EasyVPN Remote
    (f) SSL VPN Gateway
    VPN High Availability
    QoS for VPN
    VRF-aware VPN
    MacSec
    Digital Certificates (Enrollment and Policy Matching)
    Wireless Access
    (a) EAP methods
    (b) WPA/WPA-2
    (c)WIPS

    You might also like