642-825 ISCW 安全的远程访问 (Implementing Secure Converged Wide Area Networks)

考试时间:90分钟

考题数目:暂无

及格分数:暂无

考点大纲:

学习实施基本的 Cable, xDSL 网络接入服务
学习实施PPPoE,PPPoA
学习实施基于帧模式的 MPLS
学习实施一个场点到场点的 IPSec/VPN 网络
比较 IPSec 和 GRE 的异同
描述网络攻击的种类和缓解办法
描述如何加强 CISCO 设备的安全性
学习实施基于 IOS 的防火墙
学习实施基于 IOS 的入侵防御系统( IPS )

考试内容:

Implement basic teleworker services.

  • Describe Cable (HFC) technologies.
  • Describe xDSL technologies.
  • Configure ADSL (i.e., PPPoE or PPPoA).
  • Verify basic teleworker configurations.

Implement Frame-Mode MPLS.

  • Describe the components and operation of Frame-Mode MPLS (e.g., packet-based MPLS VPNs).
  • Configure and verify Frame-Mode MPLS.

Implement a site-to-site IPSec VPN

  • Describe the components and operations of IPSec VPNs and GRE Tunnels.
  • Configure a site-to-site IPSec VPN/GRE Tunnel with SDM (i.e., preshared key).
  • Verify IPSec/GRE Tunnel configurations (i.e., IOS CLI configurations).
  • Describe, configure, and verify VPN backup interfaces.
  • Describe and configure Cisco Easy VPN solutions using SDM.

Describe network security strategies.

  • Describe and mitigate common network attacks (i.e., Reconnaissance, Access, and Denial of Service).
  • Describe and mitigate Worm, Virus, and Trojan Horse attacks.
  • Describe and mitigate application-layer attacks (e.g., management protocols).

Implement Cisco Device Hardening

  • Describe, Configure, and verify AutoSecure/One-Step Lockdown implementations (i.e., CLI and SDM).
  • Describe, configure, and verify AAA for Cisco Routers.
  • Describe and configure threat and attack mitigation using ACLs.
  • Describe and configure IOS secure management features (e.g., SSH, SNMP, SYSLOG, NTP, Role-Based CLI, etc.)

Implement Cisco IOS firewall.

  • Describe the functions and operations of Cisco IOS Firewall (e.g., Stateful Firewall, CBAC, etc.).
  • Configure Cisco IOS Firewall with SDM.
  • Verify Cisco IOS Firewall configurations (i.e., IOS CLI configurations, SDM Monitor).

Describe and configure Cisco IOS IPS.

  • Describe the functions and operations of IDS and IPS systems (e.g., IDS/IPS signatures, IPS Alarms, etc.)
  • Configure Cisco IOS IPS using SDM.