Ccie Security Lab Checklist

8/9/2019 Ccie Security Lab Checklist

1/12

CCIE Security Lab Exam v4.0 Checklist

Expansion of the Security Lab v4.0 Exam TopicsDetaile Checklist of Topics to !e Covere

Please be advised that this topic checklist is not an all-inclusive list of Cisco CCIE Security lab exam subjects. Instead, eprovide this outline as a supplement to the existin! lab blueprint to help candidates prepare for their lab exams. "therrelevant or related topics may also appear in the actual lab exam.

#e ould like to !et your feedback please comment and$or rate this document.

1System Hardening and Availability

Implement, Optimize, Troubleshoot, IPv4/IPv6 Content

Understanding Four Types o Trai! Planes on a Cis!o "outer #Control, $anagement, %ata, and

&ervi!es'

Understanding Control Plane &e!urity Te!hnologies and Core Con!epts Covering &e!urityFeatures (vailable to Prote!t the Control Plane

Understanding $anagement Plane &e!urity Te!hnologies and Core Con!epts Covering &e!urityFeatures (vailable to Prote!t the $anagement Plane

Coniguring Control Plane Poli!ing #CoPP'

Control Plane "ate )imiting

%isabling Unused Control Plane &ervi!es #IP &our!e "outing, Pro*y ("P, +ratuitous ("P, et!'

%isabling Unused $anagement Plane &ervi!es #Finger, -OOTP, %.CP, Cis!o %is!overy Proto!ol,et!'

$PP #$anagement Plane Prote!tion' and Understanding OO- #Outo-and' $anagement

Intera!es

Coniguring "outing Proto!ol (uthenti!ation

"oute Filtering and Proto!ol&pe!ii! Filters

IC$P Te!hni0ues to "edu!e the "is1 o IC$P"elated %o& (tta!1s #IP Unrea!hable, IP "edire!t,

IP $as1 "eply, et!'

&ele!tive Pa!1et %is!ard #&P%'

$2C and FP$ Types o &ervi!e Poli!y on the CoPP Intera!e

-road!ast Control on a &3it!h

Catalyst &3it!h Port &e!urity

IPv6 &ele!tive Pa!1et %is!ard

Cis!o IO& &ot3are-ased CPU Prote!tion $e!hanisms #Options %rop, )ogging Interval, CPUThreshold'

The +eneralized TT) &e!urity $e!hanism no3n as 5-+P TT) &e!urity .a!1 #-T&.'

%evi!e (!!ess Control #vty (C), .TTP (C), &&. (!!ess, Privilege )evels'

&7$P &e!urity

&ystem -anners


2/12

&e!ure Cis!o IO& File &ystems

Understanding and 8nabling &yslog

7TP 3ith (uthenti!ation

"ole-ased C)I 9ie3s and Cis!o &e!ure (C& &etup

&ervi!e (uthenti!ation on Cis!o IO& &ot3are #FTP, Telnet, .TTP' 7et3or1 Telemetry Identii!ation and Classii!ation o &e!urity 8vents #IP Trai! Flo3, 7etFlo3,

&7$P, &yslog, "$O7'

2Threat Identification and Mitigation


Implementing "FC :;:< (ntispooing Filtering

Implementing "FC = (ntispooing Filtering

Implementing "FC =4?: (ntispooing Filtering

8nabling a TCP Inter!ept on a "outer

8nabling a TCP Inter!ept on the Cis!o (&( &e!urity (pplian!e

FP$ #Fle*ible Pa!1et $at!hing' and Proto!ol .eader %einition File #P.%F' Files and

Coniguration o 7ested Poli!y $aps

Classii!ation Using 7-("

Understanding and 8nabling 7etFlo3 on a "outer

Port &e!urity on a &3it!h

&torm Control on a &3it!h

Private 9)(7 #P9)(7' on a &3it!h

Port -lo!1ing on a &3it!h

Port (C) on a &3it!h

$(C (C) on a &3it!h

9)(7 (C) on a &3it!h

&panning Tree Proto!ol #&TP' Prote!tion Using -P%U +uard and )oop +uard on a &3it!h

%.CP &nooping on a &3it!h

IP &our!e +uard on a &3it!h

%ynami! ("P Inspe!tion #%(I' on a &3it!h

&e7% or 7% Prote!tion

IPv6 First .op &e!urity

%isabling %TP on (ll 7ontrun1ing (!!ess Ports

Con!ept o Proa!tive vs "ea!tive $easures

no3ledge o Proto!ols@ TCP, U%P, .TTP, &$TP, IC$P, FTP

no3ledge o Common (tta!1s@ 7et3or1 "e!onnaissan!e, IP &pooing, %.CP &nooping, %7&


3/12

&pooing, $(C &pooing, ("P &nooping, Fragment (tta!1, &mur (tta!1, TCP &A7 (tta!1

Understanding and Interpreting ("P .eader &tru!ture

Understanding and Interpreting IP .eader &tru!ture

Understanding and Interpreting TCP .eader &tru!ture

Understanding and Interpreting U%P .eader &tru!tureUnderstanding and Interpreting .TTP .eader &tru!ture

Understanding and Interpreting IC$P .eader stru!ture

Understanding and Interpreting IC$P Type 7ame and Codes

Understanding and Interpreting &yslog $essages

Understanding and Interpreting Pa!1et Capture Outputs #&nier, 8thereal, Bireshar1, TCP%ump'

Understanding %ierent Types o (tta!1 9e!tors

Interpreting 9arious sho3 and debug Outputs

Classiying (tta!1 Patterns Using FP$

$emorizing Common Proto!ol and Port 7umbers

Preventing an IC$P (tta!1 Using (C)s

Preventing an IC$P (tta!1 Using 7-("

Preventing an IC$P (tta!1 Using Poli!ing

Preventing an IC$P (tta!1 Using the $odular Poli!y Frame3or1 #$PF' on the Cis!o (&(&e!urity (pplian!e

Preventing a &A7 (tta!1 Using (C)s

Preventing a &A7 (tta!1 Using 7-("

Preventing a &A7 (tta!1 Using Poli!ing

Preventing a &A7 (tta!1 Using C-(C

Preventing a &A7 (tta!1 Using C("

Preventing a &A7 (tta!1 Using a TCP Inter!ept

Preventing a &A7 (tta!1 Using the $odular Poli!y Frame3or1 #$PF' on the Cis!o (&( &e!urity(pplian!e

Preventing (ppli!ation Proto!ol&pe!ii! (tta!1s Using FP$ #eg, .TTP, &$TP'

Preventing (ppli!ation Proto!ol&pe!ii! (tta!1s Using 7-(" #eg, .TTP, &$TP'

Preventing (ppli!ation Proto!ol&pe!ii! (tta!1s Using the $odular Poli!y Frame3or1 #$PF' on

the Cis!o (&( &e!urity (pplian!e #eg, .TTP, &$TP'

Preventing IP &pooing (tta!1s Using (ntispooing (C)s

Preventing IP &pooing (tta!1s Using u"PF

Preventing IP &pooing (tta!1s Using IP &our!e +uard

Preventing Fragment (tta!1s Using (C)s


4/12

Preventing $(C &pooing (tta!1s Using Port &e!urity

Preventing ("P &pooing (tta!1s Using %(I

Preventing 9)(7 .opping (tta!1s Using the s3it!hport mode a!!ess Command

Preventing &TP (tta!1s Using the "oot +uard or -P%U +uard

Preventing %.CP &pooing (tta!1s Using Port &e!urityPreventing %.CP &pooing (tta!1s Using %(I

Preventing Port "edire!tion (tta!1s Using (C)s

3Intrusion Prevention and Content Security


Understanding Cis!o IP& &ystem (r!hite!ture #&ystem %esign, $ain(pp, &ensor(pp, 8vent&tore'

Understanding Cis!o IP& User "oles #(dministrator, Operator, 9ie3er, &ervi!e'

Understanding Cis!o IP& Command $odes #Privileged, +lobal, &ervi!e, $ultiInstan!e'

Understanding Cis!o IP& Intera!es #Command and Control, &ensing, (lternate TCP "eset'

Understanding Promis!uous #I%&' vs Inline #IP&' $onitoring

Initialization -asi! &ensor #IP (ddress, $as1, %eault "oute, et!'

Troubleshooting -asi! Conne!tivity Issues

$anaging &ensor (C)s

(llo3ing &ervi!es Ping and Telnet rom/to Cis!o IP&

8nabling Physi!al Intera!es

Promis!uous $ode

Inline Intera!e $ode

Inline 9)(7 Pair $ode

9)(7 +roup $ode

Inline -ypass $ode

Intera!e 7otii!ations

Understanding the (nalysis 8ngine

Creating $ultiple &e!urity Poli!ies and (pplying Them to Individual 9irtual &ensors

Understanding and Coniguring 9irtual &ensors #vs?, vs:'

(ssigning Intera!es to the 9irtual &ensor

Understanding and Coniguring 8vent (!tion "ules #rules?, rules:'

Understanding and Coniguring &ignatures #sig?, sig:'

(dding &ignatures to $ultiple 9irtual &ensors

Understanding and Coniguring (nomaly %ete!tion #ad?, ad:'

Using the Cis!o I%$ #IP& %evi!e $anager'


5/12

Using Cis!o I%$ 8vent $onitoring

%isplaying 8vents Triggered Using the Cis!o IP& Console

Troubleshooting 8vents 7ot Triggering

%isplaying and Capturing )ive Trai! on the Cis!o IP& Console #Pa!1et %isplay and Pa!1etCapture'

&P(7 and "&P(7

"ate )imiting

Coniguring 8vent (!tion 9ariables

Target 9alue "atings

8vent (!tion Overrides

8vent (!tion Filters

Coniguring +eneral &ettings

+eneral &ignature Parameters(lert Fre0uen!y

(lert &everity

8vent Counter

&ignature Fidelity "ating

&ignature &tatus

(ssigning (!tions to &ignatures

(IC &ignatures

IP Fragment "eassembly

TCP &tream "eassembly

IP )ogging

Coniguring &7$P

&ignature Tuning #&everity )evels, Throttle Parameters, 8vent (!tions'

Creating Custom &ignatures #Using the C)I and Cis!o I%$'

Understanding 9arious Types o &ignature 8ngines

Understanding 9arious Types o &ignature 9ariables

Understanding 9arious Types o 8vent (!tions

Creating a Custom &tring TCP &ignature

Creating a Custom Flood 8ngine &ignature

Creating a Custom (IC $I$8Type 8ngine &ignature

Creating a Custom &ervi!e .TTP &ignature

Creating a Custom &ervi!e FTP &ignature


6/12

Creating a Custom (TO$IC("P 8ngine &ignature

Creating a Custom (TO$ICIP 8ngine &ignature

Creating a Custom TCP &3eep &ignature

Creating a Custom IC$P &3eep &ignature

Creating a Custom TroDan 8ngine &ignature8nabling &hunning and -lo!1ing #8nabling -lo!1ing Properties'

8nabling the TCP "eset Fun!tion

Conigure Cis!o Ironport B&(

Coniguring BCCP

(!tive %ir Integration

Custom Categories

.TTP& Conig

&ervi!es Coniguration #Beb "eputation'

Coniguring Pro*y -ypass )ists

Beb pro*y modes

(ppli!ation visibility and !ontrol

Identity Management


Understanding the ((( Frame3or1

Understanding the "(%IU& Proto!ol

Understanding "(%IU& (ttributes #Cis!o (9P(I"&'

Understanding the T(C(C&E Proto!ol

Understanding T(C(C&E (ttributes

Comparison o "(%IU& and T(C(C&E

Coniguring -asi! )%(P &upport

Overvie3 o Cis!o &e!ure (C&

.o3 to 7avigate Cis!o &e!ure (C&

Cis!o &e!ure (C& 7et3or1 &ettings Parameters

Cis!o &e!ure (C& User &ettings Parameters

Cis!o &e!ure (C& +roup &ettings Parameters

Cis!o &e!ure (C& &hared Proiles Components #


7/12

8nabling ((( on a "outer or vty )ines

8nabling ((( on a &3it!h or vty )ines

8nabling ((( on a "outer or .TTP

8nabling ((( on the Cis!o (&( &e!urity (pplian!e or Telnet and &&. Proto!ols

Using %eault vs 7amed $ethod )istsComple* Command (uthorization and Privilege )evels, and "elevant Cis!o &e!ure (C& Proiles

Pro*y &ervi!e (uthenti!ation and (uthorization on the Cis!o (&( &e!urity (pplian!e or Pass

Through Trai! #FTP, Telnet, and .TTP', and "elevant Cis!o I&8 ProilesG

Using 9irtual Telnet on the Cis!o (&( &e!urity (pplian!e

Using 9irtual .TTP on the Cis!o (&( &e!urity (pplian!e

%o3nloadable (C)s

(((


8/12

Understanding and Interpreting the debug aaa a!!ounting Command

!Perimeter Security and Services


Initializing the -asi! Cis!o (&( Fire3all #IP (ddress, $as1, %eault "oute, et!'

Understanding &e!urity )evels #&ame &e!urity Intera!e'

Understanding &ingle vs $ultimode

Understanding Fire3all vs Transparent $ode

Understanding $ultiple &e!urity Conte*ts

Understanding &hared "esour!es or $ultiple Conte*ts

Understanding Pa!1et Classii!ation in $ultipleConte*ts $ode

9)(7 &ubintera!es Using


9/12

&tateul Failover )in1

%evi!e (!!ess $anagement

8nabling Telnet

8nabling &&.

The nat!ontrol Command vs no nat!ontrol Command8nabling (ddress Translation #7(T, +lobal, and &tati!' Pre Post


10/12

User-ased Fire3all

&e!ure+roup Fire3all

Transparent Cis!o IO& Fire3all #)ayer ='

Conte*t-ased (!!ess Control #C-(C'

Pro*y (uthenti!ation #(uth Pro*y'Portto(ppli!ation $apping #P($' Usage 3ith (C)s

Use o P($ to Change &ystem %eault Ports

P($ Custom Ports or &pe!ii! (ppli!ations

$apping 7onstandard Ports to &tandard (ppli!ations

Perorman!e Tuning

Tuning .alOpen Conne!tions

Understanding and Interpreting the sho3 ip portmap Commands

Understanding and Interpreting the sho3 ip inspe!t Commands

Understanding and Interpreting the debug ip inspe!t Commands

Understanding and Interpreting the sho3 zoneKzonepair Commands

Understanding and Interpreting the debug zone Commands

Cis!o IO& &ervi!es

$ar1ing Pa!1ets Using %&CP and IP Pre!eden!e and Other 9alues

Uni!ast "PF #u"PF' Bith or Bithout an (C) #&tri!t and )oose $ode'

"T-. Filtering #"emote Triggered -la!1 .ole'

-asi! Trai! Filtering Using (!!ess )ists@ &A7 Flags, 8stablished, et! #7amed vs 7umbered

(C)s'

$anaging Time-ased (!!ess )ists

8nabling 7(T and P(T on a "outer

Conditional 7(T on a "outer

$ultihome 7(T on a "outer

C(" "ate )imiting 3ith Trai! Classii!ation Using (C)s

P-" #Poli!y-ased "outing' and Use o "oute $aps

Trai! Poli!ing on a "outer

Trai! Chara!terization

Pa!1et Classii!ation

Pa!1et$ar1ing Te!hni0ues

"Confidentiality and Secure Access



11/12

Understanding Cryptographi! Proto!ols #I&($P, I8v: and I8v=, 8&P, (uthenti!ation .eader,

C('

IPse! 9P7 (r!hite!ture on Cis!o IO& &ot3are and Cis!o (&( &e!urity (pplian!e

Coniguring 9P7s Using I&($P Proiles

Coniguring 9P7s Using IPse! Proiles

+"8 over IPse! Using IPse! Proiles

"outerto"outer &iteto&ite IPse! Using the Classi!al Command &et #Using Preshared eys and

Certii!ates'

"outerto"outer &iteto&ite IPse! Using the 7e3 9TI Command &et #Using Preshared eys and

Certii!ates'

"outerto(&( &iteto&ite IPse! #Using Preshared eys and Certii!ates'

Understanding %$9P7 ar!hite!ture #7."P, m+"8, IPse!, "outing'

%$9P7 Using 7."P and m+"8 #.uband&po1e'

%$9P7 Using 7."P and m+"8 #Full$esh'

%$9P7 Through Fire3alls and 7(T %evi!es

Understanding +8T9P7 (r!hite!ture #+%OI, ey &erver, +roup $ember, .eader Preservation,Poli!y, "e1ey, 8, T8, and COOP'

Implementing +8T9P7 #Using Preshared eys and Certii!ates'

+8T9P7 Uni!ast "e1ey

+8T9P7 $ulti!ast "e1ey

+8T9P7 +roup $ember (uthorization )ist

+8T9P7 ey &erver "edundan!y

+8T9P7 Through Fire3alls and 7(T %evi!es

Integrating +8T 9P7 3ith a %$9P7 &olution

-asi! 9"F(3are IPse!

8nabling the C( #PI' &erver #on the "outer and Cis!o (&( &e!urity (pplian!e'

C( 8nrollment Pro!ess on a "outer Client

C( 8nrollment Pro!ess on a Cis!o (&( &e!urity (pplian!e Client

C( 8nrollment Pro!ess on a PC Client

Clientless &&) 9P7 #Cis!o IO& Beb9P7' on the Cis!o (&( &e!urity (pplian!e #U")s'

(nyConne!t 9P7 Client on Cis!o IO& &ot3are

(nyConne!t 9P7 Client on the Cis!o (&( &e!urity (pplian!e

"emote (!!ess Using a Traditional Cis!o 9P7 Client on a Cis!o IO& "outer

"emote (!!ess Using a Traditional Cis!o 9P7 Client on a Cis!o (&( &e!urity (pplian!e

Cis!o 8asy 9P7 "outer &erver and "outer Client #Using %9TI'


12/12

Cis!o 8asy 9P7 "outer &erver and "outer Client #Using Classi!al &tyle'

Cis!o 8asy 9P7 Cis!o (&( &erver and "outer Client

Cis!o 8asy 9P7 "emote Conne!tion $odes #Client, 7et3or1, 7et3or1E'

8nabling 8*tended (uthenti!ation #(UT.' on Cis!o IO& &ot3are and the Cis!o (&( &e!urity(pplian!e

8nabling &plit Tunneling on Cis!o IO& &ot3are and the Cis!o (&( &e!urity (pplian!e

8nabling "everse "oute InDe!tion #""I' on Cis!o IO& &ot3are and the Cis!o (&( &e!urity

(pplian!e

8nabling 7(TT on Cis!o IO& &ot3are and the Cis!o (&( &e!urity (pplian!e

.igh(vailability &tateul Failover or IPse! 3ith &tateul &3it!hover #&&O' and .ot &tandby

"outer Proto!ol #.&"P'

.igh (vailability Using )in1 "esilien!y #3ith )oopba!1 Intera!e or Peering'

.igh (vailability Using .&"P and ""I

.igh (vailability Using IPse! -a!1up Peers

.igh (vailability Using +"8 over IPse! #%ynami! "outing'

-asi! 2o& Features or 9P7 Trai! on Cis!o IO& &ot3are and the Cis!o (&( &e!urity (pplian!e

Identiying InDe!ted 8rrors in Troubleshooting &!enarios #or &iteto&ite, %$9P7, +8T 9P7,and Cis!o 8asy 9P7'

Understanding and Interpreting the sho3 !rypto Commands

Understanding and Interpreting the debug !rypto Commands

(ny!onne!t 9P7 in!luding %(P support

$a!&e! #s3it!hs3it!h, .osts3it!h'

Bireless &e!urity on (P and B)C

8(P methods

BP(/BP(=

BIP&

Documents

Ccie Security Lab Checklist