Skip navigation
Cisco Learning Home > Certifications > CCIE Security > Syllabus > Documents

_Communities

Up to Documents in Syllabus
Currently Being Moderated

CCIE Security Lab Exam Checklist v4.0

VERSION 2 
Created on: May 30, 2012 3:24 PM by wiliu - Last Modified:  May 30, 2012 4:29 PM by wiliu

CCIE Security Lab Exam v4.0 Checklist

Expansion of the Security Lab v4.0 Exam Topics
Detailed Checklist of Topics to Be Covered

 

Please be advised that this topic checklist is not an all-inclusive list of Cisco CCIE Security lab exam subjects. Instead, we provide this outline as a supplement to the existing lab blueprint to help candidates prepare for their lab exams. Other relevant or related topics may also appear in the actual lab exam.

 

We  would like to get your feedback please comment and/or rate this  document.

 

1System Hardening and Availability

Implement, Optimize, Troubleshoot, IPv4/IPv6 Content


Understanding Four Types of Traffic Planes on a Cisco Router (Control, Management, Data, and Services)

Understanding Control Plane Security Technologies and Core Concepts Covering Security Features Available to Protect the Control Plane

Understanding Management Plane Security Technologies and Core Concepts Covering Security Features Available to Protect the Management Plane

Configuring Control Plane Policing (CoPP)

Control Plane Rate Limiting

Disabling Unused Control Plane Services (IP Source Routing, Proxy ARP, Gratuitous ARP, etc.)

Disabling Unused Management Plane Services (Finger, BOOTP, DHCP, Cisco Discovery Protocol, etc.)

MPP (Management Plane Protection) and Understanding OOB (Out-of-Band) Management Interfaces

Configuring Routing Protocol Authentication

Route Filtering and Protocol-Specific Filters

ICMP Techniques to Reduce the Risk of ICMP-Related DoS Attacks (IP Unreachable, IP Redirect, IP Mask Reply, etc.)

Selective Packet Discard (SPD)

MQC and FPM Types of Service Policy on the CoPP Interface

Broadcast Control on a Switch

Catalyst Switch Port Security

IPv6 Selective Packet Discard

Cisco IOS Software-Based CPU Protection Mechanisms (Options Drop, Logging Interval, CPU Threshold)

The Generalized TTL Security Mechanism Known as “BGP TTL Security Hack” (BTSH)

Device Access Control (vty ACL, HTTP ACL, SSH Access, Privilege Levels)

SNMP Security

System Banners

Secure Cisco IOS File Systems

Understanding and Enabling Syslog

NTP with Authentication

Role-Based CLI Views and Cisco Secure ACS Setup

Service Authentication on Cisco IOS Software (FTP, Telnet, HTTP)

Network Telemetry Identification and Classification of Security Events (IP Traffic Flow, NetFlow, SNMP, Syslog, RMON)
2Threat Identification and Mitigation

Implement, Optimize, Troubleshoot, IPv4/IPv6 Content


Implementing RFC 1918 Antispoofing Filtering

Implementing RFC 2827 Antispoofing Filtering

Implementing RFC 2401 Antispoofing Filtering

Enabling a TCP Intercept on a Router

Enabling a TCP Intercept on the Cisco ASA Security Appliance

FPM (Flexible Packet Matching) and Protocol Header Definition File (PHDF) Files and Configuration of Nested Policy Maps

Classification Using NBAR

Understanding and Enabling NetFlow on a Router

Port Security on a Switch

Storm Control on a Switch

Private VLAN (PVLAN) on a Switch

Port Blocking on a Switch

Port ACL on a Switch

MAC ACL on a Switch

VLAN ACL on a Switch

Spanning Tree Protocol (STP) Protection Using BPDU Guard and Loop Guard on a Switch

DHCP Snooping on a Switch

IP Source Guard on a Switch

Dynamic ARP Inspection (DAI) on a Switch

SeND for ND Protection

IPv6 First Hop Security

Disabling DTP on All Nontrunking Access Ports

Concept of Proactive vs. Reactive Measures

Knowledge of Protocols: TCP, UDP, HTTP, SMTP, ICMP, FTP

Knowledge of Common Attacks: Network Reconnaissance, IP Spoofing, DHCP Snooping, DNS Spoofing, MAC Spoofing, ARP Snooping, Fragment Attack, Smurf Attack, TCP SYN Attack

Understanding and Interpreting ARP Header Structure

Understanding and Interpreting IP Header Structure

Understanding and Interpreting TCP Header Structure

Understanding and Interpreting UDP Header Structure

Understanding and Interpreting HTTP Header Structure

Understanding and Interpreting ICMP Header structure

Understanding and Interpreting ICMP Type Name and Codes

Understanding and Interpreting Syslog Messages

Understanding and Interpreting Packet Capture Outputs (Sniffer, Ethereal, Wireshark, TCPDump)

Understanding Different Types of Attack Vectors

Interpreting Various show and debug Outputs

Classifying Attack Patterns Using FPM

Memorizing Common Protocol and Port Numbers

Preventing an ICMP Attack Using ACLs

Preventing an ICMP Attack Using NBAR

Preventing an ICMP Attack Using Policing

Preventing an ICMP Attack Using the Modular Policy Framework (MPF) on the Cisco ASA Security Appliance

Preventing a SYN Attack Using ACLs

Preventing a SYN Attack Using NBAR

Preventing a SYN Attack Using Policing

Preventing a SYN Attack Using CBAC

Preventing a SYN Attack Using CAR

Preventing a SYN Attack Using a TCP Intercept

Preventing a SYN Attack Using the Modular Policy Framework (MPF) on the Cisco ASA Security Appliance

Preventing Application Protocol–Specific Attacks Using FPM (e.g., HTTP, SMTP)

Preventing Application Protocol–Specific Attacks Using NBAR (e.g., HTTP, SMTP)

Preventing Application Protocol–Specific Attacks Using the Modular Policy Framework (MPF) on the Cisco ASA Security Appliance (e.g., HTTP, SMTP)

Preventing IP Spoofing Attacks Using Antispoofing ACLs

Preventing IP Spoofing Attacks Using uRPF

Preventing IP Spoofing Attacks Using IP Source Guard

Preventing Fragment Attacks Using ACLs

Preventing MAC Spoofing Attacks Using Port Security

Preventing ARP Spoofing Attacks Using DAI

Preventing VLAN Hopping Attacks Using the switchport mode access Command

Preventing STP Attacks Using the Root Guard or BPDU Guard

Preventing DHCP Spoofing Attacks Using Port Security

Preventing DHCP Spoofing Attacks Using DAI

Preventing Port Redirection Attacks Using ACLs
3Intrusion Prevention and Content Security

Implement, Optimize, Troubleshoot, IPv4/IPv6 Content


Understanding Cisco IPS System Architecture (System Design, MainApp, SensorApp, EventStore)

Understanding Cisco IPS User Roles (Administrator, Operator, Viewer, Service)

Understanding Cisco IPS Command Modes (Privileged, Global, Service, Multi-Instance)

Understanding Cisco IPS Interfaces (Command and Control, Sensing, Alternate TCP Reset)

Understanding Promiscuous (IDS) vs. Inline (IPS) Monitoring

Initialization Basic Sensor (IP Address, Mask, Default Route, etc.)

Troubleshooting Basic Connectivity Issues

Managing Sensor ACLs

Allowing Services Ping and Telnet from/to Cisco IPS

Enabling Physical Interfaces

Promiscuous Mode

Inline Interface Mode

Inline VLAN Pair Mode

VLAN Group Mode

Inline Bypass Mode

Interface Notifications

Understanding the Analysis Engine

Creating Multiple Security Policies and Applying Them to Individual Virtual Sensors

Understanding and Configuring Virtual Sensors (vs0, vs1)

Assigning Interfaces to the Virtual Sensor

Understanding and Configuring Event Action Rules (rules0, rules1)

Understanding and Configuring Signatures (sig0, sig1)

Adding Signatures to Multiple Virtual Sensors

Understanding and Configuring Anomaly Detection (ad0, ad1)

Using the Cisco IDM (IPS Device Manager)

Using Cisco IDM Event Monitoring

Displaying Events Triggered Using the Cisco IPS Console

Troubleshooting Events Not Triggering

Displaying and Capturing Live Traffic on the Cisco IPS Console (Packet Display and Packet Capture)

SPAN and RSPAN

Rate Limiting

Configuring Event Action Variables

Target Value Ratings

Event Action Overrides

Event Action Filters

Configuring General Settings

General Signature Parameters

Alert Frequency

Alert Severity

Event Counter

Signature Fidelity Rating

Signature Status

Assigning Actions to Signatures

AIC Signatures

IP Fragment Reassembly

TCP Stream Reassembly

IP Logging

Configuring SNMP

Signature Tuning (Severity Levels, Throttle Parameters, Event Actions)

Creating Custom Signatures (Using the CLI and Cisco IDM)

Understanding Various Types of Signature Engines

Understanding Various Types of Signature Variables

Understanding Various Types of Event Actions

Creating a Custom String TCP Signature

Creating a Custom Flood Engine Signature

Creating a Custom AIC MIME-Type Engine Signature

Creating a Custom Service HTTP Signature

Creating a Custom Service FTP Signature

Creating a Custom ATOMIC.ARP Engine Signature

Creating a Custom ATOMIC.IP Engine Signature

Creating a Custom TCP Sweep Signature

Creating a Custom ICMP Sweep Signature

Creating a Custom Trojan Engine Signature

Enabling Shunning and Blocking (Enabling Blocking Properties)

Enabling the TCP Reset Function

Configure Cisco Ironport WSA

Configuring WCCP

Active Dir Integration

Custom Categories

HTTPS Config

Services Configuration (Web Reputation)

Configuring Proxy By-pass Lists

Web proxy modes

Application visibility and control
4Identity Management

Implement, Optimize, Troubleshoot, IPv4/IPv6 Content


Understanding the AAA Framework

Understanding the RADIUS Protocol

Understanding RADIUS Attributes (Cisco AV-PAIRS)

Understanding the TACACS+ Protocol

Understanding TACACS+ Attributes

Comparison of RADIUS and TACACS+

Configuring Basic LDAP Support

Overview of Cisco Secure ACS

How to Navigate Cisco Secure ACS

Cisco Secure ACS – Network Settings Parameters

Cisco Secure ACS – User Settings Parameters

Cisco Secure ACS – Group Settings Parameters

Cisco Secure ACS – Shared Profiles Components (802.1X, NAF, NAR, Command Author, Downloadable ACL, etc.)

Cisco Secure ACS – Shell Command Authorization Sets Using Both Per-Group Setup and Shared Profiles

Cisco Secure ACS – System Configuration Parameters

Enabling AAA on a Router for vty Lines

Enabling AAA on a Switch for vty Lines

Enabling AAA on a Router for HTTP

Enabling AAA on the Cisco ASA Security Appliance for Telnet and SSH Protocols

Using Default vs. Named Method Lists

Complex Command Authorization and Privilege Levels, and Relevant Cisco Secure ACS Profiles

Proxy Service Authentication and Authorization on the Cisco ASA Security Appliance for Pass-Through Traffic (FTP, Telnet, and HTTP), and Relevant Cisco ISE Profiles\

Using Virtual Telnet on the Cisco ASA Security Appliance

Using Virtual HTTP on the Cisco ASA Security Appliance

Downloadable ACLs

AAA 802.1X Authentication Using RADIUS on a Switch

NAC-L2-802.1X on a Switch

NAC-L2-IP on a Switch

Troubleshooting Failed AAA Authentication or Authorization

Troubleshooting Using Cisco Secure ACS Logs

Cisco Identity Services Engine Configuration and initialization

ISE authZ result handling

ISE Profiling Configuration (Probes)

ISE Guest Services

ISE Posture Assessment

ISE Client Provisioning (CPP)

ISE Configuring AD Integration/Identity Sources

ISE support for 802.1x

ISE MAB support

ISE Web Auth support

ISE definition and support for VSAs

Support for MAB in Cisco IOS

Support for Web Auth in Cisco IOS

Using the test aaa Command on the Router, Switch, or Cisco ASA Security Appliance

Understanding and Interpreting the debug radius Command

Understanding and Interpreting the debug tacacs+ Command

Understanding and Interpreting the debug aaa authentication Command

Understanding and Interpreting the debug aaa authorization Command

Understanding and Interpreting the debug aaa accounting Command
5Perimeter Security and Services

Implement, Optimize, Troubleshoot, IPv4/IPv6 Content


Initializing the Basic Cisco ASA Firewall (IP Address, Mask, Default Route, etc.)

Understanding Security Levels (Same Security Interface)

Understanding Single vs. Multimode

Understanding Firewall vs. Transparent Mode

Understanding Multiple Security Contexts

Understanding Shared Resources for Multiple Contexts

Understanding Packet Classification in Multiple-Contexts Mode

VLAN Subinterfaces Using 802.1Q Trunking

Multiple-Mode Firewall with Outside Access

Single-Mode Firewall Using the Same Security Level

Multiple-Mode, Transparent Firewall

Single-Mode, Transparent Firewall with NAT

ACLs in Transparent Firewall (for Pass-Through Traffic)

Understanding How Routing Behaves on the Adaptive Security Appliance (Egress and Next-Hop Selection Process)

Understanding Static vs. Dynamic Routing

Static Routes

RIP with Authentication

OSPF with Authentication

EIGRP with Authentication

Managing Multiple Routing Instances

Redistribution Between Protocols

Route Summarization

Route Filtering

Static Route Tracking Using an SLA

Dual ISP Support Using Static Route Tracking

Redundant Interface Pair

LAN-Based Active/Standby Failover (Routed Mode)

LAN-Based Active/Active Failover (Routed Mode)

LAN-Based Active/Standby Failover (Transparent Mode)

LAN-Based Active/Active Failover (Transparent Mode)

Stateful Failover Link

Device Access Management

Enabling Telnet

Enabling SSH

The nat-control Command vs. no nat-control Command

Enabling Address Translation (NAT, Global, and Static) Pre & Post 8.4

NAT Objects

Context-Aware firewall

Identity Firewall

Using ASDM and Cisco Prime

Policy NAT

Destination NAT

Bypassing NAT When NAT Control Is Enabled Using Identity NAT

Bypassing NAT When NAT Control Is Enabled Using NAT Exemption

Port Redirection Using NAT

Tuning Default Connection Limits and Timeouts

Basic Interface Access Lists and Access Group (Inbound and Outbound)

Time-Based Access Lists

ICMP Commands

Enabling Syslog and Parameters

NTP with Authentication

Object Groups (Network, Protocol, ICMP, and Services)

Nested Object Groups

URL Filtering

Java Filtering

ActiveX Filtering

ARP Inspection

Modular Policy Framework (MPF)

Application-Aware Inspection

Identifying Injected Errors in Troubleshooting Scenarios

Understanding and Interpreting Adaptive Security Appliance show and debug Outputs

Understanding and Interpreting the packet-tracer and capture Commands

Cisco IOS Firewalls

Zone-Based Policy Firewall Using Multiple-Zone Scenarios

User-Based Firewall

Secure-Group Firewall

Transparent Cisco IOS Firewall (Layer 2)

Context-Based Access Control (CBAC)

Proxy Authentication (Auth Proxy)

Port-to-Application Mapping (PAM) Usage with ACLs

Use of PAM to Change System Default Ports

PAM Custom Ports for Specific Applications

Mapping Nonstandard Ports to Standard Applications

Performance Tuning

Tuning Half-Open Connections

Understanding and Interpreting the show ip port-map Commands

Understanding and Interpreting the show ip inspect Commands

Understanding and Interpreting the debug ip inspect Commands

Understanding and Interpreting the show zone|zone-pair Commands

Understanding and Interpreting the debug zone Commands

Cisco IOS Services

Marking Packets Using DSCP and IP Precedence and Other Values

Unicast RPF (uRPF) With or Without an ACL (Strict and Loose Mode)

RTBH Filtering (Remote Triggered Black Hole)

Basic Traffic Filtering Using Access Lists: SYN Flags, Established, etc. (Named vs. Numbered ACLs)

Managing Time-Based Access Lists

Enabling NAT and PAT on a Router

Conditional NAT on a Router

Multihome NAT on a Router

CAR Rate Limiting with Traffic Classification Using ACLs

PBR (Policy-Based Routing) and Use of Route Maps

Traffic Policing on a Router

Traffic Characterization

Packet Classification

Packet-Marking Techniques
6Confidentiality and Secure Access

Implement, Optimize, Troubleshoot, IPv4/IPv6 Content


Understanding Cryptographic Protocols (ISAKMP, IKEv1 and IKEv2, ESP, Authentication Header, CA)

IPsec VPN Architecture on Cisco IOS Software and Cisco ASA Security Appliance

Configuring VPNs Using ISAKMP Profiles

Configuring VPNs Using IPsec Profiles

GRE over IPsec Using IPsec Profiles

Router-to-Router Site-to-Site IPsec Using the Classical Command Set (Using Preshared Keys and Certificates)

Router-to-Router Site-to-Site IPsec Using the New VTI Command Set (Using Preshared Keys and Certificates)

Router-to-ASA Site-to-Site IPsec (Using Preshared Keys and Certificates)

Understanding DMVPN architecture (NHRP, mGRE, IPsec, Routing)

DMVPN Using NHRP and mGRE (Hub-and-Spoke)

DMVPN Using NHRP and mGRE (Full-Mesh)

DMVPN Through Firewalls and NAT Devices

Understanding GETVPN Architecture (GDOI, Key Server, Group Member, Header Preservation, Policy, Rekey, KEK, TEK, and COOP)

Implementing GETVPN (Using Preshared Keys and Certificates)

GETVPN Unicast Rekey

GETVPN Multicast Rekey

GETVPN Group Member Authorization List

GETVPN Key Server Redundancy

GETVPN Through Firewalls and NAT Devices

Integrating GET VPN with a DMVPN Solution

Basic VRF-Aware IPsec

Enabling the CA (PKI) Server (on the Router and Cisco ASA Security Appliance)

CA Enrollment Process on a Router Client

CA Enrollment Process on a Cisco ASA Security Appliance Client

CA Enrollment Process on a PC Client

Clientless SSL VPN (Cisco IOS WebVPN) on the Cisco ASA Security Appliance (URLs)

AnyConnect VPN Client on Cisco IOS Software

AnyConnect VPN Client on the Cisco ASA Security Appliance

Remote Access Using a Traditional Cisco VPN Client – on a Cisco IOS Router

Remote Access Using a Traditional Cisco VPN Client – on a Cisco ASA Security Appliance

Cisco Easy VPN – Router Server and Router Client (Using DVTI)

Cisco Easy VPN – Router Server and Router Client (Using Classical Style)

Cisco Easy VPN – Cisco ASA Server and Router Client

Cisco Easy VPN Remote Connection Modes (Client, Network, Network+)

Enabling Extended Authentication (XAUTH) on Cisco IOS Software and the Cisco ASA Security Appliance

Enabling Split Tunneling on Cisco IOS Software and the Cisco ASA Security Appliance

Enabling Reverse Route Injection (RRI) on Cisco IOS Software and the Cisco ASA Security Appliance

Enabling NAT-T on Cisco IOS Software and the Cisco ASA Security Appliance

High-Availability Stateful Failover for IPsec with Stateful Switchover (SSO) and Hot Standby Router Protocol (HSRP)

High Availability Using Link Resiliency (with Loopback Interface for Peering)

High Availability Using HSRP and RRI

High Availability Using IPsec Backup Peers

High Availability Using GRE over IPsec (Dynamic Routing)

Basic QoS Features for VPN Traffic on Cisco IOS Software and the Cisco ASA Security Appliance

Identifying Injected Errors in Troubleshooting Scenarios (for Site-to-Site, DMVPN, GET VPN, and Cisco Easy VPN)

Understanding and Interpreting the show crypto Commands

Understanding and Interpreting the debug crypto Commands

Anyconnect VPN including DAP support

MacSec (switch-switch, Host-switch)

Wireless Security on AP and WLC

EAP methods

WPA/WPA-2

WIPS
Comments (5)