思科认证CCIE安全考试大纲.docx
《思科认证CCIE安全考试大纲.docx》由会员分享,可在线阅读,更多相关《思科认证CCIE安全考试大纲.docx(8页珍藏版)》请在冰豆网上搜索。
思科认证CCIE安全考试大纲
思科认证CCIE平安考试大纲
CCIE平安v5.0将笔试及实验考试考纲合二为一,并明确指出了每项考试主题的权重。
思科CCIE平安笔试考试(400-251)v5.0,考试时间为2小时,考试题目90-110道,验证专业人士是否具备阐释,设计,实施,操作和故障排除的复合网络平安技能及解决方案。
考生必须理解网络平安所需,以及网络平安部件之间如何互相操作,并将其翻译成设备配置语言。
闭卷考试,考场中不允许带任何参考资料。
思科CCIE平安实验考试v5.0,考试时间为8个小时,需要考生在给定的场景中方案,设计,执行,操作并故障排除复合网络平安完成动手实验考试。
故障排除的知识是一项重要的技能,在实验考试生需要诊断并解决网络问题。
以下考纲列出了CCIE平安考试中可能出现的考试内容。
但是,其他相关要点也可能会出现在考试中。
下面的大纲可能会在未提前通知的情况下发生改变,这是为了更好地反映考试内容及更加透明化。
1.1Describe,implement,andtroubleshootHAfeaturesonCiscoASAandCiscoFirePOWERThreatDefense(FTD)
1.2Describe,implement,andtroubleshootclusteringonCiscoASAandCiscoFTD
1.3Describe,implement,troubleshoot,andsecureroutingprotocolsonCiscoASAandCiscoFTD
1.4Describe,implement,andtroubleshootdifferentdeploymentmodessuchasrouted,transparent,single,andmulticontextonCiscoASAandCiscoFTD
1.5Describe,implement,andtroubleshootfirewallfeaturessuchasNAT(v4,v6),PAT,applicationinspection,trafficzones,policy-basedrouting,trafficredirectiontoservicemodules,andidentityfirewallonCiscoASAandCiscoFTD
1.6Describe,implement,andtroubleshootIOSsecurityfeaturessuchasZone-BasedFirewall(ZBF),applicationlayerinspection,NAT(v4,v6),PATandTCPinterceptonCiscoIOS/IOS-XE
1.7Describe,implement,optimize,andtroubleshootpoliciesandrulesfortrafficcontrolonCiscoASA,CiscoFirePOWERandCiscoFTD
1.8Describe,implement,andtroubleshootCiscoFirepowerManagementCenter(FMC)featuressuchasalerting,logging,andreporting
1.9Describe,implement,andtroubleshootcorrelationandremediationrulesonCiscoFMC
1.10Describe,implement,andtroubleshootCiscoFirePOWERandCiscoFTDdeploymentsuchasin-line,passive,andTAPmodes
1.11Describe,implement,andtroubleshootNextGenerationFirewall(NGFW)featuressuchasSSLinspection,useridentity,geolocation,andAVC(Firepowerappliance)
1.12Describe,detect,andmitigatemontypesofattackssuchasDoS/DDoS,evasiontechniques,spoofing,man-in-the-middle,andbot
2.1CompareandcontrastdifferentAMPsolutionsincludingpublicandprivateclouddeploymentmodels
2.2Describe,implement,andtroubleshootAMPforworks,AMPforendpoints,andAMPforcontentsecurity(CWS,ESA,andWSA)
2.3Detect,analyze,andmitigatemalwareincidents
2.4DescribethebenefitofthreatintelligenceprovidedbyAMPThreatGRID
2.5PerformpacketcaptureandanalysisusingWireshark,tcpdump,SPAN,andRSPAN
2.6Describe,implement,andtroubleshootwebfiltering,useridentification,andApplicationVisibilityandControl(AVC)
2.7Describe,implement,andtroubleshootmailpolicies,DLP,emailquarantines,andSenderBaseonESA
2.8Describe,implement,andtroubleshootSMTPauthenticationsuchasSPFandDKIMonESA
2.9Describe,implement,andtroubleshootSMTPencryptiononESA
2.10CompareandcontrastdifferentLDAPquerytypesonESA
2.11Describe,implement,andtroubleshootWCCPredirection
2.12CompareandcontrastdifferentproxymethodssuchasSOCKS,Autoproxy/WPAD,andtransparent
2.13Describe,implement,andtroubleshootSdecryptionandDLP
2.14Describe,implement,andtroubleshootCWSconnectorsonCiscoIOSrouters,CiscoASA,CiscoAnyConnect,andWSA
2.15DescribethesecuritybenefitsofleveragingtheOpenDNSsolution.
2.16Describe,implement,andtroubleshootSMAforcentralizedcontentsecuritymanagement
2.17DescribethesecuritybenefitsofleveragingLancope
3.1CompareandcontrastcryptographicandhashalgorithmssuchasAES,DES,3DES,ECC,SHA,andMD5
3.2CompareandcontrastsecurityprotocolssuchasISAKMP/IKEv1,IKEv2,SSL,TLS/DTLS,ESP,AH,SAP,andMKA
3.3Describe,implementcandtroubleshootremoteaessusingtechnologiessuchasFLEX,SSL-betweenCiscofirewalls,routers,andendhosts
3.4Describe,implement,andtroubleshoottheCiscoIOSCAforauthentication
3.5Describe,implement,andtroubleshootclientlessSSLtechnologieswithDAPandsmarttunnelsonCiscoASAandCiscoFTD
3.6Describe,implement,andtroubleshootsite-to-sitessuchasGET,DMandIPsec
3.7Describe,implement,andtroubleshootuplinkanddownlinkMACsec(802.1AE)
3.8Describe,implement,andtroubleshoothighavailabilityusingCiscoASAclusteringanddual-hubDMdeployments
3.9DescribethefunctionsandsecurityimplicationsofcryptographicprotocolssuchasAES,DES,3DES,ECC,SHA,MD5,ISAKMP/IKEv1,IKEv2,SSL,TLS/DTLS,ESP,AH,SAP,MKA,RSA,SCEP/EST,GDOI,X.509,WPA,WPA2,WEP,andTKIP
3.10Describethesecuritybenefitsofworksegmentationandisolation
3.11Describe,implement,andtroubleshootVRF-LiteandVRF-Aware
3.12Describe,implement,andtroubleshootmicrosegmentationwithTrustSecusingSGTandSXP
3.13Describe,implement,andtroubleshootinfrastructuresegmentationmethodssuchasVLAN,PVLAN,andGRE
3.14DescribethefunctionalityofCiscoVSGusedtosecurevirtualenvironments
3.15DescribethesecuritybenefitsofdatacentersegmentationusingACI,E,VXLAN,andNVGRE
4.1Describe,implement,andtroubleshootvariouspersonasofISEinamultinodedeployment
4.2Describe,implement,andtroubleshootworkaessdevice(NAD),ISE,andACSconfigurationforAAA
4.3Describe,implement,andtroubleshootAAAforadministrativeaesstoCiscoworkdevicesusingISEandACS
4.4Describe,implement,verify,andtroubleshootAAAforworkaesswith802.1XandMABusingISE.
4.5Describe,implement,verify,andtroubleshootcut-throughproxy/auth-proxyusingISEastheAAAserver
4.6Describe,implement,verify,andtroubleshootguestlifecyclemanagementusingISEandCiscoworkinfrastructure
4.7Describe,implement,verify,andtroubleshootBYODon-boardingandworkaessflowswithaninternalorexternalCA
4.8Describe,implement,verify,andtroubleshootISEandACSintegrationwithexternalidentitysourcessuchasLDAP,AD,andexternalRADIUS
4.9DescribeISEandACSintegrationwithexternalidentitysourcessuchasRADIUSToken,RSASecurID,andSAML
4.10Describe,implement,verify,andtroubleshootprovisioningofAnyConnectwithISEandASA
4.11Describe,implement,verify,andtroubleshootpostureassessmentwithISE
4.12Describe,implement,verify,andtroubleshootendpointprofilingusingISEandCiscoworkinfrastructureincludingdevicesensor
4.13Describe,implement,verify,andtroubleshootintegrationofMDMwithISE
4.14Describe,implement,verify,andtroubleshootcertificatebasedauthenticationusingISE
4.15Describe,implement,verify,andtroubleshootauthenticationmethodssuchasEAPChainingandMachineAessRestriction(MAR)
4.16DescribethefunctionsandsecurityimplicationsofAAAprotocolssuchasRADIUS,TACACS+,LDAP/LDAPS,EAP(EAP-PEAP,EAP-TLS,EAP-TTLS,EAP-FAST,EAP-TEAP,EAP-MD5,EAP-GTC),PAP,CHAP,andMS-CHAPv2
4.17Describe,implement,andtroubleshootidentitymappingonASA,ISE,WSAandFirePOWER
4.18Describe,implement,andtroubleshootpxGridbetweensecuritydevicessuchasWSA,ISE,andCiscoFMC
5.1IdentifymonattackssuchasSmurf,VLANhopping,andSYNfulknock,andtheirmitigationtechniques
5.2Describe,implement,andtroubleshootdevicehardeningtechniquesandcontrolplaneprotectionmethods,suchasCoPPandIPSourcerouting.
5.3Describe,implement,andtroubleshootmanagementplaneprotectiontechniquessuchasCPUandmemorythresholdingandsecuringdeviceaess
5.4Describe,implement,andtroubleshootdataplaneprotectiontechniquessuchasiACLs,uRPF,QoS,andRTBH
5.5Describe,implement,andtroubleshootIPv4/v6routingprotocolssecurity
5.6Describe,implement,andtroubleshootLayer2securitytechniquessuchasDAI,IPDT,STPsecurity,portsecurity,DHCPsnooping,andVACL
5.7Describe,implement,andtroubleshootwirelesssecuritytechnologiessuchasWPA,WPA2,TKIP,andAES
5.8DescribewirelesssecurityconceptssuchasFLEXConnect,wIPS,ANCHOR,RogueAP,andManagementFrameProtection(MFP)
5.9Describe,implement,andtroubleshootmonitoringprotocolssuchasNETFLOW/IPFIX,SNMP,SYSLOG,RMON,NSEL,andeSTREAMER
5.10DescribethefunctionsandsecurityimplicationsofapplicationprotocolssuchasSSH,TELNET,TFTP,/S,SCP,SFTP/FTP,PGP,DNS/DNSSEC,NTP,andDHCP
5.11DescribethefunctionsandsecurityimplicationsofworkprotocolssuchasVTP,802.1Q,TCP/UDP,CDP,LACP/PAgP,BGP,EIGRP,OSPF/OSPFv3,RIP/RIPng,IGMP/CGMP,PIM,IPv6,andWCCP
5.12DescribethebenefitsofvirtualizingsecurityfunctionsinthedatacenterusingASAv,WSAv,ESAv,andNGIPSv
5.13DescribethesecurityprinciplesofACIsuchasobjectmodels,endpointgroups,policyenforcement,applicationworkprofiles,andcontracts
5.14DescribethenorthboundandsouthboundAPIsofSDNcontrollerssuchasAPIC-EM
5.15Identifyandimplementsecurityfeaturestoplywithorganizationalsecuritypolicies,procedures,andstandardssuchasBCP38,ISO27001,RFC2827,andPCI-DSS
5.16Describeandidentifykeythreatstodifferentplacesinthework(campus,datacenter,core,edge)asdescribedinCiscoSAFE
5.17ValidateworksecuritydesignforadherencetoCiscoSAFEremendedpractices
5.18InterpretbasicscriptsthatcanretrieveandsenddatausingRESTfulAPIcallsinscriptinglanguagessuchasPython
5.19DescribeCiscoDigitalNetworkArchitecture(DNA)principlesandponents.
6.1Cloud
6.1.aCompareandcontrastClouddeploymentmodels
6.1.a[i]Infrastructure,platform,andsoftwareservices(XaaS)
6.1.a[ii]Performanceandreliability
6.1.a[iii]Securityandprivacy
6.1.a[iv]Scala
升级会员 