642-552 SND 思科网络设备安全考试

考试代号： 642-552
涉及认证： CCSP、思科防火墙专业化认证、思科IPS专业化认证、思科VPN专业化认证
时间考试：提供语言: 英文
考试中心： Prometric考试中心、VUE考试中心

考试说明

思科网络设备实现了642-552原来是考核安全与专业公司、思科防火墙专家、专业投资公司、思科VPN专家认证. 筹备这次考试的考生可以获得思科网络设备中又一(新区). 这一考试检验考生的知识获得思科交换机、路由器及相关网络. 主题包括: 安全面临威胁现代网络基础设施,实现思科路由器、实施基本能力,ACLs以减轻路由器和网络威胁实施安全管理和报告,共同减少2层的攻击,实现思科IOS防火墙特性、思科初步投资特点,IPSecVPN的特点利用思科安全设备管理

考点大纲

介绍现代网络基础设施面临的安全威胁

Describe and mitigate the common threats to the physical installation
Describe and list mitigation methods for common network attacks
Describe and list mitigation methods for Worm, Virus, and Trojan Horse attacks www.itexamprep.com
Describe the main activities in each phase of a secure network lifecycle
Explain how to meet the security needs of a typical enterprise with a comprehensive security policy
Describe the Cisco Self Defending Network architecture

思科路由器安全

Secure Cisco routers using the SDM Security Audit feature
Use the One-Step Lockdown feature in SDM to secure a Cisco router
Secure administrative access to Cisco routers by setting strong encrypted passwords, exec timeout, login failure rate and using IOS login enhancements
Secure administrative access to Cisco routers by configuring multiple privilege levels
Secure administrative access to Cisco routers by configuring role based CLI
Secure the Cisco IOS image and configuration file

思科路由器AAA安全特性

Explain the functions and importance of AAA
Describe the features of TACACS+ and RADIUS AAA protocols www.itexamprep.com
Describe the methods of authentication that are used to provide access through a router (packet mode) and to provide access to the router (character mode)

使用ACLs减少威胁思科路由器和网络

Explain the functionality of standard, extended, and named IP ACLs used by routers to filter packets
Configure and verify IP ACLs to mitigate given threats (filter IP traffic destined for Telnet, SNMP, and DDoS attacks) in a network using CLI
Configure IP ACLs to prevent IP address spoofing using CLI
Discuss the caveats to be considered when building ACLs

实施网络安全管理和报告

Describe the factors to be considered when planning for secure management and reporting of network devices
Use CLI to configure SSH on Cisco routers to enable secured management access
Use CLI to configure Cisco routers to send Syslog messages to a Syslog server www.itexamprep.com
Describe SNMPv3 and NTPv3

减少2层攻击

Describe the common Layer 2 attacks and how to mitigate them (VLAN hopping, STP attacks, ARP spoofing, MAC spoofing, CAM overflow)
Describe the function and benefit of the security features in Cisco Catalyst switches (IBNS, PVLAN, SPAN port)
Describe common threats to WLANs www.itexamprep.com
Describe the security features of the 802.11 protocol

使用SDM实施思科IOS防火墙特性

Describe the operational strengths and weaknesses of the different firewall technologies
Explain stateful firewall operations and the function of the state table
Explain the types of NAT that can be implemented in a firewall
Configure and verify basic and advanced firewall on a Cisco router using SDM

使用SDM实施思科IOS IPS特性

Define network based vs. host based intrusion detection and prevention
Explain IPS technologies, attack responses, and monitoring options
Enable and verify Cisco IOS IPS operations using SDM

使用SDM实施思科路由器IPSecVPN

Explain IKE protocol functionality and phases
Describe the building blocks of IPsec and the security functions it provides www.itexamprep.com
Explain hash-based message authentication code (HMAC) operations
Explain the different methods of encryption
Explain the purpose of the Diffie-Hellman key agreement protocol
Describe how IPsec establishes origin authentication
Describe the PKI environment at a high level
Describe the different types of IPsec VPN implementations
Configure and verify an IPsec site-to-site VPN with pre-shared key authentication using SDM
Explain Cisco Easy VPN Server and Cisco Easy VPN Remote
Configure and verify remote access VPNs using the Cisco Easy VPN Server feature of Cisco SDM