Cisco Certified Network Associate : 200-120
1. Describe the purpose and basic operation of protocols in OSI and TCP/IP models and determining the data flow amonest two different hosts within a network.
2. Installing, configuring and troubleshooting basic networking hardware that is Routers (1841, 2611XM, 2801, 2811) and Switches (2950, 2960, 3550, 3750 series). Concepts like IOS installation, password recovery, and hardware up-gradations will be covered.
3. Understanding, configuring and troubleshooting basic concepts of layer 2 switching and predicting the data flow.
4. Understanding, configuring and troubleshooting STP, VLANs, CAM, and Ether channels.
5. Understanding, configuring and troubleshooting layer 3 addressing routing protocols for IPV4 and IPV6 (subnetting and summarization).
6. Understanding, configuring and troubleshooting routing protocols for IPV4 and IPV6. Topics like OSPF (single and multi-area) and EIGRP (load balancing, equal and unequal) are covered.
7. Introduction to WAN: Getting familiar with WAN protocol and devices. Understanding, configuring and troubleshooting layer 3 protocols like Frame relay, HDLC, PPP, NAT, etc. Introduction to MPLS.
8. Understanding IP services like DHCP, SNMP, Netflow, FHRP, and NTP.
9. Understanding, configuring and troubleshooting layer 2 security, layer 3 security that is ACL (standard,extended,named) , SSH and Secret password.
Cisco Certified Network Professional - R&S
Implementing Cisco IP Routing (ROUTE) : 300-101
1. Introduction to CEF, ICMP TCP and UDP operations (MSS, MTU, Windowing, Starvation and Latency).
2. Understanding, configuring and troubleshooting PPP, PPPOE, MPPP, Frame Relay and Layer2 Authentication.
3. Introduction TO VRF Lite, Route-Maps and Policy-Based Routing.
4. Explain EIGRP working, filtering ,summarization, default route origination and redistribution. EIGRP SIA, EIGRP Authentication, Equal and Unequal Load Balancing.
5. Understanding OSPF - OSPF packet types, area types and OSPF LSA like router network and summary LSA. OSPF filtering and summarization, concept of ABR and ASBR.
6. Introduction to Path Vector Protocol i.e. BGP. BGP neighbor relationship EBGP and IBGP, and BGP path attributes. BGP patch selection.
7. Explain the working of VPN technologies like GRE, DMVPN and EVN.
8. Understanding layer 3 security features like ACL (standard, named and timebased), ACS (Radius, Tacacs+) and IPV6 filtering.
9. Understanding, configuring and troubleshooting infrastructure services like NTP, DHCP, NAT (NAT PT, NAT64, NPTV6), IP SLA and Netflow v5, v9.
Implementing Cisco IP Switched Networks (SWITCH) : 300-115
1. Introduction to SDM (switch device manager), CAM and TCAM.
2. Understanding, configuring and troubleshooting VLANs, VTPV1, VTPV2 AND VTPV3. Configuring Swtichport Access, Trunk, and Dynamic.
3. Understanding, configuring and troubleshooting STP, PVST +, MST AND RVPST. Describing STP features like priority, guards like bpduguard, rootguard, and bpdufilter.
4. Introduction to stacking, layer two and three Etherchannels with configuration and troubleshooting examples.
5. Understanding, configuring, troubleshooting switching security with DHCP snooping (IP SOURCE GUARD, DYNAMIC ARP INSPECTION), Private VLAN, and Storm control.
6. Understanding, configuring, and troubleshooting HSRP, GLBP VRP.
Troubleshooting and maintaining Cisco IP Networks (TSHOOT) : 300-135
1. Case study on layer2 and layer 3 technologies for better understanding of some unique scenarios.
2. Troubleshooting IOS up-gradation password recovery.
3. Developing multiprotocol scenarios and understanding protocol specific issues like Floating Static Routes and Discard route availability.
4. Troubleshooting layer2 and layer 3 mixed scenarios in a strategic manner.
5. Understand rapid PST and MST convergence and troubleshooting it.
6. Troubleshooting routing protocol (EIGRP, OSPF, and RIP) redistribution, filtering, configuration and summarization with their respective features like EIGRP Stub, OSPF NSSA etc.
7. Troubleshooting routing protocol convergence with EGP i.e. BGP
8. Troubleshooting IP services like NTP, DHCNP, NAT, and ACL.
9. Troubleshooting router and switch security.
10. Troubleshooting VPN i.e. GRE.
Cisco Certified Network Associate-Security : 640-554
1. Understand common security threats like Email-based and web-based attacks including mitigation methods for Worm, Virus, and Trojan horse attacks.
2. Implement security on Cisco routers secure router access using strong encrypted passwords, IOS login, enhancements, IPV6 security. Understand topics like multiple privilege levels, Role-based CLI and securing of control, data and management plane.
3. Implement (AAA) on router and switches and ASA. Further describe TACACS+ and RADIUS.
4. Describe standard, extended, and named IP IOS ACLs to filter packets and implement IP ACLS to mitigate the threats using Filter IP traffic, SNMP, DDoS attacks, IP ACLs to prevent IP spoofing, VACLs, etc.
5. Implement Secure Network Management using SSH, syslog, SNMP, NTP, SCP, CLI, CCP, and SSL.
6. Describe Layer 2 security using Cisco switches with the help of STP attacks, ARP spoofing, MAC spoofing, CAM overflows. Understand VLAN Security (Voice VLAN, PVLAN, VLAN hopping, and Native VLAN)
7. Understand Cisco Firewall Technologies like Proxy firewalls, Packet and stateful packet firewall. Describe types of NAT used in firewall technologies like Static, Dynamic, and PAT. Configure ASA using NAT, ACL, Default MPF, Cisco ASA sec Level.
8. Understand IPS technologies like Attack responses, Monitoring options, syslog, SDEE, Signature engines, Signatures, Network-based and Host-based.
9. Describe cryptography types (Symmetric, Asymetric, HMAC, Message digest, and PKI) and VPN Technologies (IPsec, SSL, IKE, ESP, AH, Tunnel mode, and Transport mode).
10. Implement an IOS IPSec site-to-site VPN with pre-shared key authentication implementation of SSL VPN using ASA device manager – Clientless and AnyConnect).
Cisco Certified Network Professional : Security
1. Implementing TACACS+ and RADIUS and wired/wireless 802.1X ISE authentication/authorization policies, ISE endpoint identity configuration and Verify MAB Operation).
2. Implement Firewall (ASA or IOS) including ACLS, static/dynamic NAT/PAT, and object groups. Threat detection features and implement botnet traffic filtering. Describe and implement ASA security contexts, Layer 2 Security, dynamic ARP inspection, storm control, common layer 2 attacks and mitigation, and MACSec and configuring DHCP snooping, port security and IP source verification.
3. Troubleshoot, monitor (firewalls using analysis of packet tracer, capture and syslog).
4. Understand Threat Defense Architectures (Design a Firewall Solution, High-availability, Basic concepts of security zoning, Transparent & Routed Modes, Security Contexts, and Layer 2 Security Solutions). Implement defenses against MAC, ARP, VLAN hopping, STP, and DHCP rogue attacks
5. Understand and implement secure communications using VPN on routers and firewalls. Implement and troubleshoot AnyConnect IKEv2 VPN and AnyConnect SSLVPN on ASA and routers. Implement and troubleshoot FlexVPN (hub-Spoke on both IPV4 & IPV6) using local AAA and on routers. Implement and troubleshoot IPsec (with IKEv1 and IKEv2 for both IPV4 & IPV6) and DMVPN (hub-Spoke and spoke-spoke on both IPV4 & IPV6). Implement and troubleshoot clientless SSLVPN on ASA and routers.
6. Design VPN solutions and identify VPN technology considerations based on functional requirements and configuration output, and Identify functional components of GETVPN, FlexVPN, DMVPN, and IPsec.
7. Understand Cisco WSA (features and functionality, implement data security, WSA identity and authentication with transparent User identification). Describe web usage control, decryption policies traffic redirection and capture methods.
8. Understand Cisco ESA (features and functionality) and describe traffic redirection and capture. Implement email encryption, anti-spam policies, virus outbreak filter, DLP policies, anti-malware, inbound and outbound mail policies and authentication.
9. Understand Network IPS and implement traffic redirection and capture methods, network IPS deployment modes, event actions & overrides/filters, anomaly detection, risk ratings, and device hardening per best practices. Describe signatures engines and configure device hardening best practices.
Cisco Certified Internetwork Expert (Security) : 351-018
1. Tunneling protocols like GRE, NHRP, IPV6 tunnel types, IP multicast, PIM, MSDP, IGMP and CGMP, Multicast Listener Directory and wireless (SSID, Authentication and authorization and its technologies, Rogue Aps, session establishment, Single sign-on, OTPs, LDAP and AD, RBAC, VPNs, L2 vs. L3, MPLS, VRFs, and tag switching, and Mobile IP networks.
2. Understand Security Protocols like RSA, MD5, SHA, 3DES, AES, IPSec, ISAKMP, IKE and IKEv2, GDOI, AH, ESP, CEP, TLS and DTLS, SSL, SSH, RADIUS, TACACS+, LDAP, EAP methods, PKI, PKIX, PKCS, IEEE 802.1X, WEP, WPA, WPA2, WCCP, SXP, MACsec, and DNSSE.
3. Understand various concepts of Application and Infrastructure Security like HTTP, HTTPS, SMTP, DHCP, DNS, FTP, STFP, NTP, TFTP, SNMP, syslog, and PCoIP.
4. Be able to recognize and mitigate common attacks like ICMP attacks and PING floods, MITM, Spoofing, Backdoor, Botnets, DoS and DDoS attacks.
5. Understand Cisco ASA and its features (Functionality, routing and multicast capabilities, object definition and ACLs, Context-aware firewall, Identity-based services, and Failover options). Understand Cisco IOS Firewalls and NAT, identify zone based firewall and identity based firewalling. Get familiar with Cisco Intrusion Prevention Systems (IPS) and Cisco IOS IPS, Cisco AAA protocols and application (RADIUS and TACACS+), network access, IEEE 802.1X, ISE, and Cisco Secure ACS Solution engine.
6. Understand Cisco NAC Appliance server, endpoint and client including Cisco AnyConnect VPN Client and Cisco VPN Client. Secure access gateway (Cisco IOS router or ASA) including IPSec, SSL VPN, VPN solutions, FlexVPN, DMVPN, GET VPN, Cisco EasyVPN , load balancing and failover.
|