640-554 Implementing Cisco IOS Network Security (IINSv2) Exam Objectives

zrockstarzrockstar Member Posts: 378
Hey guys, just wanted to post the exam objectives for the new 640-554 just for those who haven't seen them and for future references.

640-554 Implementing Cisco IOS Network Security (IINSv2) Exam

• Cisco routers and switches
• Common threats, including blended threats, and how to mitigate them.
• The lifecycle approach for a security policy
• Understanding and implementing network foundation protection for the control, data, and management planes
• Understanding, implementing, and verifying AAA (authentication, authorization, and accounting), including the details of TACACS + and RADIUS
• Understanding and implementing basic rules inside of Cisco Access Control Server (ACS) Version 5. x, including configuration of both ACS and a router for communications with each other
• Standard, extended, and named access control lists used for packet filtering and for the classification of traffic
• Understanding and implementing protection against Layer 2 attacks, including CAM table overflow attacks, and VLAN hopping
• Cisco firewall technologies
• Understanding and describing the various methods for filtering implemented by firewalls, including stateful filtering. Compare and contrast the strengths and weaknesses of the various firewall technologies.
• Understanding the methods that a firewall may use to implement Network Address Translation (NAT) and Port Address Translation (PAT).
• Understanding, implementing, and interpreting a Zone-Based Firewall policy through Cisco Configuration Professional (CCP).
• Understanding and describing the characteristics and defaults for interfaces, security levels, and traffic flows on the Adaptive Security Appliance (ASA).
• Implementing and interpreting a firewall policy on an ASA through the GUI tool named the ASA Security Device Manager (ASDM).
• Intrusion prevention systems
• Comparing and contrasting intrusion prevention systems (IPS) versus intrusion detection systems (IDS), including the pros and cons of each and the methods used by these systems for identifying malicious traffic
• Describing the concepts involved with IPS included true/ false positives/ negatives
• Configuring and verifying IOS-based IPS using CCP
• VPN technologies
• Understanding and describing the building blocks used for virtual private networks (VPN) today, including the concepts of symmetrical, asymmetrical, encryption, hashing, Internet Key Exchange (IKE), public key infrastructure (PKI), authentication, Diffie-Hellman, certificate authorities, and so on
• Implementing and verifying IPsec VPNs on IOS using CCP and the command-line interface (CLI)
• Implementing and verifying Secure Sockets Layer (SSL) VPNs on the ASA firewall using ASDM

Comments

Sign In or Register to comment.