思科認證網路工程師CCNA安全認證考試大綱
CCNA安全認證可滿足那些負責網路安全的IT專業人員的'需求。它表示通過認證的專業人士擁有相應的專業技能,能夠勝任網路安全專家、網路安全管理員和網路安全支援工程師等職位。該認證所驗證的技能包括:在保持資料和裝置的完整性、保密性和可用性的條件下安裝、故障排除和監控網路裝置,以及使用思科在安全架構中所採用的技術進行開發的能力。
考試說明
實施思科網路安全210-260 IINS考試時間為90分鐘,考生需要完成60-70到考題。210-260 IINS考試驗證考生是否具備網路安全架構,理解網路安全核心概念,管理安全訪問,VPN加密,防火牆,安全入侵防禦,網頁及郵件內容安全及終端裝置安全等知識。通過210-260 IINS考試證明考生擁有在思科安全網路架構中實施操作的能力。考生可以通過參加實施思科網路安全(IINS)課程來準備參加考試。
考試大綱
1.0 Security Concepts12%
1.1 Common security principles
1.1.a Describe confidentiality, integrity, availability (CIA)
1.1.b Describe SIEM technology
1.1.c Identify common security terms
1.1.d Identify common network security zones
1.2 Common security threats
1.2.a Identify common network attacks
1.2.b Describe social engineering
1.2.c Identify malware
1.2.d Classify the vectors of data loss/exfiltration
1.3 Cryptography concepts
1.3.a Describe key exchange
1.3.b Describe hash algorithm
1.3.c Compare and contrast symmetric and asymmetric encryption
1.3.d Describe digital signatures, certificates, and PKI
1.4 Describe network topologies
1.4.a Campus area network (CAN)
1.4.b Cloud, wide area network (WAN)
1.4.c Data center
1.4.d Small office/home office (SOHO)
1.4.e Network security for a virtual environment
2.0 Secure Access14%
2.1 Secure management
2.1.a Compare in-band and out-of band
2.1.b Configure secure network management
2.1.c Configure and verify secure access through SNMP v3 using an ACL
2.1.d Configure and verify security for NTP
2.1.e Use SCP for file transfer
2.2 AAA concepts
2.2.a Describe RADIUS and TACACS+ technologies
2.2.b Configure administrative access on a Cisco router using TACACS+
2.2.c Verify connectivity on a Cisco router to a TACACS+ server
2.2.d Explain the integration of Active Directory with AAA
2.2.e Describe authentication and authorization using ACS and ISE
2.3 802.1X authentication
2.3.a Identify the functions 802.1X components
2.4 BYOD
2.4.a Describe the BYOD architecture framework
2.4.b Describe the function of mobile device management (MDM)
3.0 VPN17%
3.1 VPN concepts
3.1.a Describe IPsec protocols and delivery modes (IKE, ESP, AH, tunnel mode, transport mode)
3.1.b Describe hairpinning, split tunneling, always-on, NAT traversal
3.2 Remote access VPN
3.2.a Implement basic clientless SSL VPN using ASDM
3.2.b Verify clientless connection
3.2.c Implement basic AnyConnect SSL VPN using ASDM
3.2.d Verify AnyConnect connection
3.2.e Identify endpoint posture assessment
3.3 Site-to-site VPN
3.3.a Implement an IPsec site-to-site VPN with pre-shared key authentication on Cisco routers and ASA firewalls
3.3.b Verify an IPsec site-to-site VPN
4.0 Secure Routing and Switching18%
4.1 Security on Cisco routers
4.1.a Configure multiple privilege levels
4.1.b Configure Cisco IOS role-based CLI access
4.1.c Implement Cisco IOS resilient configuration
4.2 Securing routing protocols
4.2.a Implement routing update authentication on OSPF
4.3 Securing the control plane
4.3.a Explain the function of control plane policing
4.4 Common Layer 2 attacks
4.4.a Describe STP attacks
4.4.b Describe ARP spoofing
4.4.c Describe MAC spoofing
4.4.d Describe CAM table (MAC address table) overflows
4.4.e Describe CDP/LLDP reconnaissance
4.4.f Describe VLAN hopping
4.4.g Describe DHCP spoofing
4.5 Mitigation procedures
4.5.a Implement DHCP snooping
4.5.b Implement Dynamic ARP Inspection
4.5.c Implement port security
4.5.d Describe BPDU guard, root guard, loop guard
4.5.e Verify mitigation procedures
4.6 VLAN security
4.6.a Describe the security implications of a PVLAN
4.6.b Describe the security implications of a native VLAN
5.0 Cisco Firewall Technologies18%
5.1 Describe operational strengths and weaknesses of the different firewall technologies
5.1.a Proxy firewalls
5.1.b Application firewall
5.1.c Personal firewall
5.2 Compare stateful vs. stateless firewalls
5.2.a Operations
5.2.b Function of the state table
5.3 Implement NAT on Cisco ASA 9.x
5.3.a Static
5.3.b Dynamic
5.3.c PAT
5.3.d Policy NAT
5.3 e Verify NAT operations
5.4 Implement zone-based firewall
5.4.a Zone to zone
5.4.b Self zone
5.5 Firewall features on the Cisco Adaptive Security Appliance (ASA) 9.x
5.5.a Configure ASA access management
5.5.b Configure security access policies
5.5.c Configure Cisco ASA interface security levels
5.5.d Configure default Cisco Modular Policy Framework (MPF)
5.5.e Describe modes of deployment (routed firewall, transparent firewall)
5.5.f Describe methods of implementing high availability
5.5.g Describe security contexts
5.5.h Describe firewall services
6.0 IPS9%
6.1 Describe IPS deployment considerations
6.1.a Network-based IPS vs. host-based IPS
6.1.b Modes of deployment (inline, promiscuous - SPAN, tap)
6.1.c Placement (positioning of the IPS within the network)
6.1.d False positives, false negatives, true positives, true negatives
6.2 Describe IPS technologies
6.2.a Rules/signatures
6.2.b Detection/signature engines
6.2.c Trigger actions/responses (drop, reset, block, alert, monitor/log, shun)
6.2.d Blacklist (static and dynamic)
7.0 Content and Endpoint Security12%
7.1 Describe mitigation technology for email-based threats
7.1.a SPAM filtering, anti-malware filtering, DLP, blacklisting, email encryption
7.2 Describe mitigation technology for web-based threats
7.2.a Local and cloud-based web proxies
7.2.b Blacklisting, URL filtering, malware scanning, URL categorization, web application filtering, TLS/SSL decryption
7.3 Describe mitigation technology for endpoint threats
7.3.a Anti-virus/anti-malware
7.3.b Personal firewall/HIPS
7.3.c Hardware/software encryption of local data
相關文章
-
思科認證網路工程師CCNA無線認證考試要點
CCNA無線認證旨在認可工程師在支援無線區域網方面的重要作用,包括網路工程師/管理員、無線支援專家和無線區域網專案經理。 考試說明200-355 WIFUND 實施思科無線網路基礎考試時間為90分鐘,涵蓋與CCNA無線認證相關的 -
思科認證網路設計工程師CCDA認證考試要點
200-310 DESGN思科網際網路絡解決方案考試,考試時間為75分鐘,共有55-65道與思科CCDA®認證相關的'考題。通過200-310 DESGN考試需要具備思科企業網路架構網路設計的基礎知識。獲得CCDA認證的專業人士能夠設計包括涉及 -
思科CCNA認證網路工程師學習指南
思科公司是全球領先的網際網路裝置供應商。提供業界範圍最廣的網路硬體、網際網路作業系統(IOS)、網路設計和實施等專業技術支援,還提供全球最權威的網路解決方案。yjbys小編整理了一些思科CCNA認證網路工程師學習指南分享 -
思科資深網路工程師(CCNP)認證介紹
思科認證的考試內容包括筆試和實驗。筆試在全球認證的考試中心進行,時間為兩個小時。下面是小編整理的關於思科資深網路工程師(CCNP)認證介紹,希望大家認真閱讀! 一、認證簡述:新版的 CCNP課程更新了正在被當前網路界 -
華為認證網路工程師HCNA-CC模擬試卷及答案
(題型:多選)eSpace聯絡中心解決方案中,媒體接入層元件包括( )A. ICS GatewayB. CTI ServerC. 檔案伺服器D. UAP3300(題型:單選)關於集中式組網描述不正確的是:()A. 中繼接入、各個伺服器裝置集中到一個地方B. 媒體適配層C -
思科認證CCNA認證考試簡介
CCNA認證,全稱Cisco Certified Network Associate證書,說了然你擁有必然的收集常識去供給處事給中小企業。作為CCNA專業人才能夠安裝、除錯和運作作區域網(LAN)、廣域網(WAN)及撥號收集(大多都在100個節點或更少)的能力 -
思科認證CCNA認證試題與答案中文版
思科認證的考試內容包括筆試和實驗。筆試在全球認證的考試中心進行,時間為兩個小時。實驗考試只限於思科在全世界範圍內指定的6個考點,分別位於美國、澳大利亞、比利時、日本、北京的新世紀飯店以及香港。實驗室考試分 -
思科認證CCNA認證試題及答案中文版
思科認證有CCNA、CCDA、CCNP、CCDP、CCSP、CCIP、CCVP、CCIE(又分為針對路由和交換;語音;儲存網路;安全;電信運營商)等多種不同級別、不同內容、不同方向的各種認證,比較常用的、社會需求量比較大的是CCNA、CCNP、路由 -
思科認證CCNA認證試題和答案中文版
想要獲得思科認證,首先要參加由思科推薦並授權的培訓中心(Cisco Training Partner,簡稱CTP)所開設的培訓課程。完成學業後再到由全球考試機構Sylvan Prometric授權的.考試中心參加由思科指定的科目的認證考試。通過指定 -
思科認證CCNA認證試題帶答案中文版
凡具有DOS、Windows和一定英語水平的在職人員、各大專院校在校學生及要求獲得網路關鍵裝置技術知識的人員均可報名參加Cisco培訓。通過國際認證考試可獲得Cisco國際認證證書。下面是小編為大家蒐集的相關試題,供大家參