how to become ccie

CCIE security Lab Exam syllabus

June 23, 2009 6:30 am · 0 comments

by Black

in Tutorials

CCIE Lab Exam syllabus Blueprint v3.0

Last post was on written exam and this is about lab exam for security professionals.The topics listed are guidelines and other relevant or related topics may also appear. Candidates for lab exams scheduled in mid April 09 or later should prepare using the v3.0 blueprints .

Implement secure networks using Cisco ASA Firewalls
Perform basic firewall Initialization
Configure device management
Configure address translation (nat, global, static)
Configure ACLs
Configure IP routing
Configure object groups
Configure VLANs
Configure filtering
Configure failover
Configure Layer 2 Transparent Firewall
Configure security contexts (virtual firewall)
Configure Modular Policy Framework
Configure Application-Aware Inspection
Configure high availability solutions
Configure QoS policies
Implement secure networks using Cisco IOS Firewalls
Configure CBAC
Configure Zone-Based Firewall
Configure Audit
Configure Auth Proxy
Configure PAM
Configure access control
Configure performance tuning
Configure advanced IOS Firewall features
Implement secure networks using Cisco VPN solutions
Configure IPsec LAN-to-LAN (IOS/ASA)
Configure SSL VPN (IOS/ASA)
Configure Dynamic Multipoint VPN (DMVPN)
Configure Group Encrypted Transport (GET) VPN
Configure Easy VPN (IOS/ASA)
Configure CA (PKI)
Configure Remote Access VPN
Configure Cisco Unity Client
Configure Clientless WebVPN
Configure AnyConnect VPN
Configure XAuth, Split-Tunnel, RRI, NAT-T
Configure High Availability
Configure QoS for VPN
Configure GRE, mGRE
Configure L2TP
Configure advanced Cisco VPN features
Configure Cisco IPS to mitigate network threats
Configure IPS 4200 Series Sensor Appliance
Initialize the Sensor Appliance
Configure Sensor Appliance management
Configure virtual Sensors on the Sensor Appliance
Configure security policies
Configure promiscuous and inline monitoring on the Sensor Appliance
Configure and tune signatures on the Sensor Appliance
Configure custom signatures on the Sensor Appliance
Configure blocking on the Sensor Appliance
Configure TCP resets on the Sensor Appliance
Configure rate limiting on the Sensor Appliance
Configure signature engines on the Sensor Appliance
Use IDM to configure the Sensor Appliance
Configure event action on the Sensor Appliance
Configure event monitoring on the Sensor Appliance
Configure advanced features on the Sensor Appliance
Configure and tune Cisco IOS IPS
Configure SPAN & RSPAN on Cisco switches
Implement Identity Management
Configure RADIUS and TACACS+ security protocols
Configure LDAP
Configure Cisco Secure ACS
Configure certificate-based authentication
Configure proxy authentication
Configure 802.1x
Configure advanced identity management features
Configure Cisco NAC Framework
Implement Control Plane and Management Plane Security
Implement routing plane security features (protocol authentication, route filtering)
Configure Control Plane Policing
Configure CP protection and management protection
Configure broadcast control and switchport security
Configure additional CPU protection mechanisms (options drop, logging interval)
Disable unnecessary services
Control device access (Telnet, HTTP, SSH, Privilege levels)
Configure SNMP, Syslog, AAA, NTP
Configure service authentication (FTP, Telnet, HTTP, other)
Configure RADIUS and TACACS+ security protocols
Configure device management and security
Configure Advanced Security
Configure mitigation techniques to respond to network attacks
Configure packet marking techniques
Implement security RFCs (RFC1918/3330, RFC2827/3704)
Configure Black Hole and Sink Hole solutions
Configure RTBH filtering (Remote Triggered Black Hole)
Configure Traffic Filtering using Access-Lists
Configure IOS NAT
Configure TCP Intercept
Configure uRPF
Configure CAR
Configure NBAR
Configure NetFlow
Configure Anti-Spoofing solutions
Configure Policing
Capture and utilize packet captures
Configure Transit Traffic Control and Congestion Management
Configure Cisco Catalyst advanced security features
Identify and Mitigate Network Attacks
Identify and protect against fragmentation attacks
Identify and protect against malicious IP option usage
Identify and protect against network reconnaissance attacks
Identify and protect against IP spoofing attacks
Identify and protect against MAC spoofing attacks
Identify and protect against ARP spoofing attacks
Identify and protect against Denial of Service (DoS) attacks
Identify and protect against Distributed Denial of Service (DDoS) attacks
Identify and protect against Man-in-the-Middle (MiM) attacks
Identify and protect against port redirection attacks
Identify and protect against DHCP attacks
Identify and protect against DNS attacks
Identify and protect against Smurf attacks
Identify and protect against SYN attacks
Identify and protect against MAC Flooding attacks
Identify and protect against VLAN hopping attacks
Identify and protect against various Layer2 and Layer3 attacks

Have Fun !!!

Related External Links

  • eScan Internet Security Suite | Cheap Software Program
    Searches leading to this post:
    ccie written exam syllabus, syllabus of ccie

    Tagged as:

    Be the first to comment!

    CCIE Security – written syllabus

    June 22, 2009 22:55 pm · 0 comments

    by Black

    in Tutorials

    CCIE Security Written Exam (syllabus) Blueprint v2.x

    I thaught this would be intresting for people preparing for CCIE

    Exam code 350-018 has 100 multiple-choice questions and is two hours in duration. The topic areas listed are general guidelines for the type of content that is likely to appear on the exam.

    General Networking
    Networking Basics
    OSI Layers
    TCP/IP Protocols
    Switching (VTP, VLANs, Spanning Tree, Trunking, etc.)
    Routing Protocols (RIP, EIGRP, OSPF, and BGP)
    IP Multicast
    Security Protocols, Ciphers and Hash Algorithms
    RADIUS
    TACACS+
    Ciphers RSA, DSS, RC4
    Message Digest 5 (MD5)
    Secure Hash Algorithm (SHA)
    EAP PEAP TKIP TLS
    Data Encryption Standard (DES)
    Triple DES (3DES)
    Advanced Encryption Standard (AES)
    IP Security (IPSec)
    Authentication Header (AH)
    Encapsulating Security Payload (ESP)
    Internet Key Exchange (IKE)
    Certificate Enrollment Protocol (CEP)
    Transport Layer Security (TLS)
    Secure Socket Layer (SSL)
    Point to Point Tunneling Protocol (PPTP)
    Layer 2 Tunneling Protocol (L2TP)
    Generic Route Encapsulation (GRE)
    Secure Shell (SSH)
    Pretty Good Privacy (PGP)
    Application Protocols
    Hypertext Transfer Protocol (HTTP)
    Simple Mail Transfer Protocol (SMTP)
    File Transfer Protocol (FTP)
    Domain Name System (DNS)
    Trivial File Transfer Protocol (TFTP)
    Network Time Protocol (NTP)
    Lightweight Directory Access Protocol (LDAP)
    Syslog
    Security Technologies
    Packet Filtering
    Content Filtering
    URL Filtering
    Authentication Technologies
    Authorization technologies
    Proxy Authentication
    Public Key Infrastructure (PKI)
    IPSec VPN
    SSL VPN
    Network Intrusion Prevention Systems
    Host Intrusion Prevention Systems
    Event Correlation
    Adaptive Threat Defense (ATD)
    Network Admission Control (NAC)
    802.1x
    Endpoint Security
    Network Address Translation
    Cisco Security Appliances and Applications
    Cisco Secure PIX Firewall
    Cisco Intrusion Prevention System (IPS)
    Cisco VPN 3000 Series Concentrators
    Cisco EzVPN Software and Hardware Clients
    Cisco Adaptive Security Appliance (ASA) Firewall
    Cisco Security Monitoring, Analysis and Response System (MARS)
    Cisco IOS Firewall
    Cisco IOS Intrusion Prevention System
    Cisco IOS IPSec VPN
    Cisco IOS Trust and Identity
    Cisco Secure ACS for Windows
    Cisco Secure ACS Solution Engine
    Cisco Traffic Anomaly Detectors
    Cisco Guard DDoS Mitigation Appliance
    Cisco Catalyst 6500 Series Security Modules (FWSM, IDSM, VPNSM, WebVPN, SSL modules)
    Cisco Traffic Anomaly Detector Module & Cisco Guard Service Module
    Cisco Security Management
    Cisco Adaptive Security Device Manager (ASDM)
    Cisco Router & Security Device Manager (SDM)
    Cisco Security Manager (CSM)
    Cisco Security General
    IOS Specifics
    Routing and Switching Security Features: IP & MAC Spoofing, MAC Address Controls, Port Security, DHCP Snoop, DNS Spoof.
    NetFlow
    Layer 2 Security Features
    Layer 3 Security Features
    Wireless Security
    IPv6 Security
    Security Solutions
    Network Attack Mitigation
    Virus and Worms Outbreaks
    Theft of Information
    DoS/DDoS Attacks
    Web Server & Web Application Security
    Security General
    Policies – Security Policy Best Practices
    Information Security Standards (ISO 17799, ISO 27001, BS7799)
    Standards Bodies
    Common RFCs (e.g. RFC1918, RFC2827, RFC2401)
    BCP 38
    Attacks, Vulnerabilities and Common Exploits – recon, scan, priv escalation, penetration, cleanup, backdoor
    Security Audit & Validation
    Risk Assessment
    Change Management Process
    Incident Response Framework
    Computer Security Forensics

    Have Fun !!!

    Related External Links

    • PC Tools Internet Security 2009 rapidshare megaupload free full

      Related External Links

      • PC Tools Internet Security 2009 rapidshare megaupload free full
        Searches leading to this post:
        ccie security syllabus, CCIE Security and Written and syllabus, ccie security syllabus by cisco

        Tagged as:

        Be the first to comment!