CCNA Security Prep

So after looking at the CCNP SWITCH, I figured I would look at the certification I am studying for: CCNA Security. It is known that this exam is a bit tougher than in the past.  Knowing this, I am focusing on doing more lab work for all topics.

Like the SWITCH exam, I reviewed the CCNA Security exam blueprint and the official lab book.  This research is to find out what is not covered in the Cisco lab book and my plan of attack to create or find other labs to help solidify knowledge on the topic areas in question. Sure enough, there is gap in covered exam objectives in the lab book.

Like the SWITCH exam, some topics may not have a lab as the topic may be only testing on your understanding of the topic (highlighted green). Some topics are ones where you need to understand how to configure, test, and troubleshoot (highlighted red). See below:

1.0 Security Concepts 12% 
1.1  Common security principles
1.1.a Describe confidentiality, integrity, availability (CIA)
1.1.b Describe SIEM technology
1.1.c Identify common security terms
1.1.d Identify common network security zones
1.4 Describe network topologies
1.4.a Campus area network (CAN)
1.4.b Cloud, wide area network (WAN)
1.4.c Data center
1.4.d Small office/home office (SOHO)
1.4.e Network security for a virtual environment

2.0 Secure Access 14%
2.1   Secure management
2.1.a Compare in-band and out-of band
2.1.b Configure secure network management
2.1.c Configure and verify secure access through SNMP v3 using an ACL
2.1.d Configure and verify security for NTP
2.1.e Use SCP for file transfer
2.2.d Explain the integration of Active Directory with AAA
2.2.e Describe authentication and authorization using ACS and ISE
2.3 802.1X authentication
2.3.a   Identify the functions 802.1X components
2.4 BYOD
2.4.a Describe the BYOD architecture framework
2.4.b Describe the function of mobile device management (MDM)

3.0 VPN 17%
3.1  VPN concepts
3.1.a Describe IPsec protocols and delivery modes (IKE, ESP, AH, tunnel mode, transport mode)
3.1.b Describe hairpinning, split tunneling, always-on, NAT traversal
3.2 Remote access VPN
3.2.e Identify endpoint posture assessment

4.0 Secure Routing and Switching 18% 
4.1 Security on Cisco routers
4.1.a Configure multiple privilege levels
4.1.b Configure Cisco IOS role-based CLI access
4.1.c Implement Cisco IOS resilient configuration
4.2 Securing routing protocols
4.2.a Implement routing update authentication on OSPF
4.3 Securing the control plane
4.3.a Explain the function of control plane policing
4.4 Common Layer 2 attacks
4.4.a Describe STP attacks
4.4.b Describe ARP spoofing
4.4.c Describe MAC spoofing
4.4.d Describe CAM table (MAC address table) overflows
4.4.e Describe CDP/LLDP reconnaissance
4.4.f Describe VLAN hopping
4.4.g Describe DHCP spoofing
4.6 VLAN security
4.6.a Describe the security implications of a PVLAN
4.6.b Describe the security implications of a native VLAN

5.0 Cisco Firewall Technologies 18%
5.1  Describe operational strengths and weaknesses of the different firewall technologies
5.1.a Proxy firewalls
5.1.b Application firewall
5.1.c Personal firewall
5.2 Compare stateful vs. stateless firewalls
5.2.a Operations
5.2.b Function of the state table
5.3 Implement NAT on Cisco ASA 9.x
5.3.a Static
5.3.b Dynamic
5.3.c PAT
5.3.d Policy NAT
5.3 e Verify NAT operations
5.4 Implement zone-based firewall
5.4.b Self zone
5.5 Firewall features on the Cisco Adaptive Security Appliance (ASA) 9.x
5.5.g Describe security contexts
5.5.h Describe firewall services

7.0 Content and Endpoint Security 12% 
7.1  Describe mitigation technology for email-based threats
7.1.a SPAM filtering, anti-malware filtering, DLP, blacklisting, email encryption
7.2 Describe mitigation technology for web-based threats
7.2.a Local and cloud-based web proxies
7.2.b Blacklisting, URL filtering, malware scanning, URL categorization, web application filtering, TLS/SSL decryption
7.3  Describe mitigation technology for endpoint threats
7.3.a Anti-virus/anti-malware
7.3.b Personal firewall/HIPS
7.3.c Hardware/software encryption of local data
This list is not 100% accurate as I am using the table of contents as a reference. However, seeing a lot of exam objectives that need to you to know the commands and output leads me to believe that supplementation is needed.

Posted in Certification

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


Enter your email address to follow this blog and receive notifications of new posts by email.

Join 3 other followers

Mr Bart

Cisco certification and other topics

TTy BroadCast

A network engineer blog


Cisco Certified Design Expert Study Guide


My CCIE Wireless Journey & More..... Blog

The path to becoming a fully realized network architect

%d bloggers like this: