| Required Exam(s) | Recommended Training |
| 642-637 SECURE | Securing Networks with Cisco Routers & Switches Tentative: 25 Oct 2013 |
| 642-618 FIREWALL | Deploying Cisco ASA Firewall Solutions Passed: 25 May 2012 |
| 642-648 VPN | Deploying Cisco ASA VPN Solution Tentative: 25 Dec 2013 |
| 642-627 IPS | Implementing Cisco Intrusion Prevention System Tentative: 25 Feb 2014 |
A] SECURE v1 (642-637)
Pre-Production Design
- Choose Cisco IOS technologies to implement HLD
- Choose Cisco products to implement HLD
- Choose Cisco IOS features to implement HLD 2
- Integrate Cisco network security solutions with other security technologies
- Create and test initial Cisco IOS configurations for new devices/services
Complex Operations Support
- Optimize Cisco IOS security infrastructure device performance
- Create complex network security rules to meet the security policy requirements
- Optimize security functions, rules, and configuration
- Configure and verify NAT to dynamically mitigate identified threats to the network
- Configure and verify IOS Zone Based Firewalls including advanced application inspections and URL filtering
- Configure and verify the IPS features to identify threats and dynamically block them from entering the network
- Maintain, update and tune IPS signatures
- Configure and verify IOS VPN features
- Configure amd verify Layer 2 and Layer 3 security features
B] FIREWALL v2 (642-618)
Cisco ASA adaptive security appliance Basic Configurations
- Identify the ASA product family
- Implement ASA licensing
- Manage the ASA boot process
- Implement ASA interface settings
- Implement ASA management features
- Implement ASA access control features
- Implement Network Address Translation (NAT) on the ASA
- Implement ASDM public server feature
- Implement ASA quality of service (QoS) settings
- Implement ASA transparent firewall
ASA Routing Features
- Implement ASA static routing
- Implement ASA dynamic routing
ASA Inspection Policy
- Implement ASA inspections features
ASA Advanced Network Protections
- Implement ASA Botnet traffic filter
ASA High Availability
- Implement ASA Interface redundancy and load sharing features
- Implement ASA virtualization feature
- Implement ASA stateful failover
C] VPN v2 (642-648)
Common Cisco ASA adaptive security appliance VPN Configurations Components
- Identify ASA VPN licensing requirements
- Identify the components and features of AnyConnect 3.0 Mobility (VPN, NAM, Web Sec (ScanSafe), an Telemetry)
- Implement ASA VPN connection profiles, group policies, and user policies
- Implement Simple Certificate Enrollment Protocol (SCEP) proxy operations using Cisco Adaptive Security Device Manager (ASDM)
- Implement local and external VPN authorization using ASDM
- Implement VPN session accounting using ASDM
- Implement Cisco Secure Desktop and Independent Host Scan operations using ASDM
- Implement DAP operations using ASDM
- Implement LOCAL CA operations for Secure Sockets Layer (SSL) VPNs using ASDM
- Implement certificate maps using ASDM
- Identify the ASA IPv6 VPN capabilities
- Monitor and verify the resulting CLI commands resulting from the various VPN configurations on the ASA
ASA IP SEC S2S VPN
- Implement a security high-level design according to policy and environmental requirements by identifying Cisco ASA IPSec S2S VPN features and supporting technologies
- Implement basic IPSEC S2S VPN operations with PSK and digital certificates using ASDM
- Implement basic IKEv2 based IPSEC S2S VPN operations using ASDM
- Troubleshoot the initial provisioning IPSec S2S VPN applications due to misconfiguration
ASA EZVPN
- Implement a security high level design according to policy and environmental requirements by identifying Cisco ASA VPN client features and supporting technologies
- Implement basic EZVPN server operations on the ASA using ASDM
Basic EZVPN remote operations on the ASA 5505 using ASDM
- Implement AnyConnect 3.0 IKEv2 RA VPN operations
- Implement Client Services Server (CSS) feature
- Troubleshoot the initial provisioning IPSec RA VPN applications due to misconfiguration
ASA AnyConnect SSL VPNs
- Implement a security high-level design according to policy and environmental requirements by identifying Cisco ASA AnyConnect client features and supporting technologies
- Implement DTLS operations using ASDM
- Implement basic AnyConnect 3.0 full tunnel SSL VPN operations
- Troubleshoot AnyConnect SSL VPN operations using DART
- Implement AnyConnect Profiles using ASDM
- Implement advanced authentication in AnyConnect Full Tunnel SSL VPNs (certificate and multi-authentication) using ASDM
- Troubleshoot the initial provisioning client-based SSL VPN applications due to misconfiguration
ASA Clientless SSL VPNs
- Implement a security high level design according to policy and environmental requirements by identifying Cisco ASA clientless SSL VPN features and supporting technologies
- Implement basic Clientless SSL VPN operations using ASDM
- Implement advanced applications access using ASDM
- Implement the SSO features on the ASA in a clientless SSL VPN environment
- Implement advanced authentication in clientless SSL VPNs (certificate and multi-authentication) using ASDM
- Manage the clientless SSL VPN user interface and portal using ASDM
- Implement basic portal customization
- Troubleshoot the initial provisioning of Clientless SSL VPN applications due to misconfiguration
SSL VPN High Availability
- Implement SSL and IPSEC VPN high availability features
D] IPS v7 (642-627)
Pre-Production Design
- Choose Cisco IPS technologies to implement HLD
- Choose Cisco products to implement HLD
- Choose Cisco IPS features to implement HLD
- Integrate Cisco network security solutions with other security technologies
- Create and test initial Cisco IPS configurations for new devices/services
Complex Support Operations
- Optimize Cisco IPS security infrastructure device performance
- Create complex network security rules, to meet the security policy requirements
- Configure and verify the IPS features to identify threats and dynamically block them from entering the network
- Maintain, update and tune IPS signatures
- Use CSM and MARS for IPS management, deployment, and advanced event correlation
- Optimize security functions, rules, and configuration
Advanced Troubleshooting
- Advanced Cisco IPS security software configuraiton fault finding and repairing
- Advanced Cisco IPS sensor and module hardware fault finding and repairing
No comments:
Post a Comment