Cisco recently released a Exam Preparation Checklist which is kinda like a extended blueprint. It´s an extensive and detailed list of topics that you should know before taking the CCIE lab exam.
I made a copy of that Checklist and graded my current knowledge of each topic on a scale from 1 to 5 where 1 is “I´ve no idea what this is” and 5 is “I know it completely!”.
My idea is to do a new grading of my knowledges again every now and then to get a feeling on my progress.
At the bottom I´ve summarized the grades and displays it as a percentage. Simply “how close am I to having a 5 on all tasks?”.
. |
No | Subject | Confidentiality 2010-03-28 |
. |
Configuring and Troubleshooting Cisco ASA Firewalls | ||
. |
1.01. | Initializing the Basic Cisco ASA Firewall (IP Address, Mask, Default Route, etc.) | 5 |
. |
1.02. | Understanding Security Levels (Same Security Interface) | 5 |
. |
1.03. | Understanding Single vs. Multimode | 5 |
. |
1.04. | Understanding Firewall vs. Transparent Mode | 5 |
. |
1.05. | Understanding Multiple Security Contexts | 5 |
. |
1.06. | Understanding Shared Resources for Multiple Contexts | 4 |
. |
1.07. | Understanding Packet Classification in Multiple-Contexts Mode | 3 |
. |
1.08. | VLAN Subinterfaces Using 802.1Q Trunking | 5 |
. |
1.09. | Multiple-Mode Firewall with Outside Access | 5 |
. |
1.10. | Single-Mode Firewall Using the Same Security Level | 5 |
. |
1.11. | Multiple-Mode, Transparent Firewall | 3 |
. |
1.12. | Single-Mode, Transparent Firewall with NAT | 3 |
. |
1.13. | ACLs in Transparent Firewall (for Pass-Through Traffic) | 3 |
. |
1.14. | Understanding How Routing Behaves on the Adaptive Security Appliance (Egress and Next-Hop Selection Process) | 5 |
. |
1.15. | Understanding Static vs. Dynamic Routing | 5 |
. |
1.16. | Static Routes | 5 |
. |
1.17. | RIP with Authentication | 4 |
. |
1.18. | OSPF with Authentication | 4 |
. |
1.19. | EIGRP with Authentication | 4 |
. |
1.20. | Managing Multiple Routing Instances | 4 |
. |
1.21. | Redistribution Between Protocols | 3 |
. |
1.22. | Route Summarization | 3 |
. |
1.23. | Route Filtering | 3 |
. |
1.24. | Static Route Tracking Using an SLA | 4 |
. |
1.25. | Dual ISP Support Using Static Route Tracking | 4 |
. |
1.26. | Redundant Interface Pair | 3 |
. |
1.27. | LAN-Based Active/Standby Failover (Routed Mode) | 4 |
. |
1.28. | LAN-Based Active/Active Failover (Routed Mode) | 4 |
. |
1.29. | LAN-Based Active/Standby Failover (Transparent Mode) | 3 |
. |
1.30. | LAN-Based Active/Active Failover (Transparent Mode) | 3 |
. |
1.31. | Stateful Failover Link | 4 |
. |
1.32. | Device Access Management | 5 |
. |
1.33. | Enabling Telnet | 5 |
. |
1.34. | Enabling SSH | 5 |
. |
1.35. | The nat-control Command vs. no nat-control Command | 4 |
. |
1.36. | Enabling Address Translation (NAT, Global, and Static) | 4 |
. |
1.37. | Dynamic NAT | 4 |
. |
1.38. | Dynamic PAT | 4 |
. |
1.39. | Static NAT | 4 |
. |
1.40. | Static PAT | 4 |
. |
1.41. | Policy NAT | 4 |
. |
1.42. | Destination NAT | 4 |
. |
1.43. | Bypassing NAT When NAT Control Is Enabled Using Identity NAT | 5 |
. |
1.44. | Bypassing NAT When NAT Control Is Enabled Using NAT Exemption | 5 |
. |
1.45. | Port Redirection Using NAT | 3 |
. |
1.46. | Tuning Default Connection Limits and Timeouts | 5 |
. |
1.47. | Basic Interface Access Lists and Access Group (Inbound and Outbound) | 4 |
. |
1.48. | Time-Based Access Lists | 4 |
. |
1.49. | ICMP Commands | 3 |
. |
1.50. | Enabling Syslog and Parameters | 3 |
. |
1.51. | NTP with Authentication | 3 |
. |
1.52. | Object Groups (Network, Protocol, ICMP, and Services) | 4 |
. |
1.53. | Nested Object Groups | 4 |
. |
1.54. | URL Filtering | 2 |
. |
1.55. | Java Filtering | 2 |
. |
1.56. | ActiveX Filtering | 2 |
. |
1.57. | ARP Inspection | 2 |
. |
1.58. | Modular Policy Framework (MPF) | 3 |
. |
1.59. | Application-Aware Inspection | 2 |
. |
1.60. | Identifying Injected Errors in Troubleshooting Scenarios | 3 |
. |
1.61. | Understanding and Interpreting Adaptive Security Appliance show and debug Outputs | 4 |
. |
1.62. | Understanding and Interpreting the packet-tracer and capture Commands | 5 |
. |
|||
. |
Configuring and Troubleshooting Cisco IOS Firewalls | ||
. |
2.01. | Zone-Based Policy Firewall Using Multiple-Zone Scenarios | 3 |
. |
2.02. | Transparent Cisco IOS Firewall (Layer 2) | 2 |
. |
2.03. | Context-Based Access Control (CBAC) | 2 |
. |
2.04. | Proxy Authentication (Auth Proxy) | 2 |
. |
2.05. | Port-to-Application Mapping (PAM) Usage with ACLs | 2 |
. |
2.06. | Use of PAM to Change System Default Ports | 3 |
. |
2.07. | PAM Custom Ports for Specific Applications | 3 |
. |
2.08. | Mapping Nonstandard Ports to Standard Applications | 3 |
. |
2.09. | Performance Tuning | 3 |
. |
2.10. | Tuning Half-Open Connections | 2 |
. |
2.11. | Understanding and Interpreting the show ip port-map Commands | 4 |
. |
2.12. | Understanding and Interpreting the show ip inspect Commands | 4 |
. |
2.13. | Understanding and Interpreting the debug ip inspect Commands | 4 |
. |
2.14. | Understanding and Interpreting the show zone|zone-pair Commands | 4 |
. |
2.15. | Understanding and Interpreting the debug zone Commands | 4 |
. |
|||
. |
|||
. |
Configuring and Troubleshooting Cisco VPN Solutions | ||
. |
3.01. | Understanding Cryptographic Protocols (ISAKMP, IKE, ESP, Authentication Header, CA) | 5 |
. |
3.02. | IPsec VPN Architecture on Cisco IOS Software and Cisco ASA Security Appliance | 4 |
. |
3.03. | Configuring VPNs Using ISAKMP Profiles | 2 |
. |
3.04. | Configuring VPNs Using IPsec Profiles | 2 |
. |
3.05. | GRE over IPsec Using IPsec Profiles | 3 |
. |
3.06. | Router-to-Router Site-to-Site IPsec Using the Classical Command Set (Using Preshared Keys and Certificates) | 4 |
. |
3.07. | Router-to-Router Site-to-Site IPsec Using the New VTI Command Set (Using Preshared Keys and Certificates) | 4 |
. |
3.08. | Router-to-ASA Site-to-Site IPsec (Using Preshared Keys and Certificates) | 3 |
. |
3.09. | Understanding DMVPN architecture (NHRP, mGRE, IPsec, Routing) | 5 |
. |
3.10. | DMVPN Using NHRP and mGRE (Hub-and-Spoke) | 3 |
. |
3.11. | DMVPN Using NHRP and mGRE (Full-Mesh) | 3 |
. |
3.12. | DMVPN Through Firewalls and NAT Devices | 2 |
. |
3.13. | Understanding GET VPN Architecture (GDOI, Key Server, Group Member, Header Preservation, Policy, Rekey, KEK, TEK, and COOP) | 1 |
. |
3.14. | Implementing GET VPN (Using Preshared Keys and Certificates) | 1 |
. |
3.15. | GET VPN Unicast Rekey | 1 |
. |
3.16. | GET VPN Multicast Rekey | 1 |
. |
3.17. | GET VPN Group Member Authorization List | 1 |
. |
3.18. | GET VPN Key Server Redundancy | 1 |
. |
3.19. | GET VPN Through Firewalls and NAT Devices | 1 |
. |
3.20. | Integrating GET VPN with a DMVPN Solution | 1 |
. |
3.21. | Basic VRF-Aware IPsec | 2 |
. |
3.22. | Enabling the CA (PKI) Server (on the Router and Cisco ASA Security Appliance) | 3 |
. |
3.23. | CA Enrollment Process on a Router Client | 2 |
. |
3.24. | CA Enrollment Process on a Cisco ASA Security Appliance Client | 2 |
. |
3.25. | CA Enrollment Process on a PC Client | 3 |
. |
3.26. | Clientless SSL VPN (Cisco IOS WebVPN) on the Cisco ASA Security Appliance (URLs) | 3 |
. |
3.27. | AnyConnect VPN Client on Cisco IOS Software | 2 |
. |
3.28. | AnyConnect VPN Client on the Cisco ASA Security Appliance | 4 |
. |
3.29. | Remote Access Using a Traditional Cisco VPN Client – on a Cisco IOS Router | 3 |
. |
3.30. | Remote Access Using a Traditional Cisco VPN Client – on a Cisco ASA Security Appliance | 4 |
. |
3.31. | Cisco Easy VPN – Router Server and Router Client (Using DVTI) | 2 |
. |
3.32. | Cisco Easy VPN – Router Server and Router Client (Using Classical Style) | 3 |
. |
3.33. | Cisco Easy VPN – Cisco ASA Server and Router Client | 3 |
. |
3.34. | Cisco Easy VPN Remote Connection Modes (Client, Network, Network+) | 2 |
. |
3.35. | Enabling Extended Authentication (XAUTH) on Cisco IOS Software and the Cisco ASA Security Appliance | 4 |
. |
3.36. | Enabling Split Tunneling on Cisco IOS Software and the Cisco ASA Security Appliance | 4 |
. |
3.37. | Enabling Reverse Route Injection (RRI) on Cisco IOS Software and the Cisco ASA Security Appliance | 3 |
. |
3.38. | Enabling NAT-T on Cisco IOS Software and the Cisco ASA Security Appliance | 2 |
. |
3.39. | High-Availability Stateful Failover for IPsec with Stateful Switchover (SSO) and Hot Standby Router Protocol (HSRP) | 2 |
. |
3.40. | High Availability Using Link Resiliency (with Loopback Interface for Peering) | 1 |
. |
3.41. | High Availability Using HSRP and RRI | 2 |
. |
3.42. | High Availability Using IPsec Backup Peers | 3 |
. |
3.43. | High Availability Using GRE over IPsec (Dynamic Routing) | 4 |
. |
3.44. | Basic QoS Features for VPN Traffic on Cisco IOS Software and the Cisco ASA Security Appliance | 3 |
. |
3.45. | Identifying Injected Errors in Troubleshooting Scenarios (for Site-to-Site, DMVPN, GET VPN, and Cisco Easy VPN) | 3 |
. |
3.46. | Understanding and Interpreting the show crypto Commands | 4 |
. |
3.47. | Understanding and Interpreting the debug crypto Commands | 4 |
. |
|||
. |
|||
. |
Configuring and Troubleshooting Cisco IPS | ||
. |
4.01. | Understanding Cisco IPS System Architecture (System Design, MainApp, SensorApp, EventStore) | 4 |
. |
4.02. | Understanding Cisco IPS User Roles (Administrator, Operator, Viewer, Service) | 2 |
. |
4.03. | Understanding Cisco IPS Command Modes (Privileged, Global, Service, Multi-Instance) | 2 |
. |
4.04. | Understanding Cisco IPS Interfaces (Command and Control, Sensing, Alternate TCP Reset) | 3 |
. |
4.05. | Understanding Promiscuous (IDS) vs. Inline (IPS) Monitoring | 5 |
. |
4.06. | Initialization Basic Sensor (IP Address, Mask, Default Route, etc.) | 5 |
. |
4.07. | Troubleshooting Basic Connectivity Issues | 4 |
. |
4.08. | Managing Sensor ACLs | 3 |
. |
4.09. | Allowing Services Ping and Telnet from/to Cisco IPS | 2 |
. |
4.10. | Enabling Physical Interfaces | 3 |
. |
4.11. | Promiscuous Mode | 4 |
. |
4.12. | Inline Interface Mode | 4 |
. |
4.13. | Inline VLAN Pair Mode | 4 |
. |
4.14. | VLAN Group Mode | 4 |
. |
4.15. | Inline Bypass Mode | 4 |
. |
4.16. | Interface Notifications | 3 |
. |
4.17. | Understanding the Analysis Engine | 4 |
. |
4.18. | Creating Multiple Security Policies and Applying Them to Individual Virtual Sensors | 3 |
. |
4.19. | Understanding and Configuring Virtual Sensors (vs0, vs1) | 3 |
. |
4.20. | Assigning Interfaces to the Virtual Sensor | 4 |
. |
4.21. | Understanding and Configuring Event Action Rules (rules0, rules1) | 2 |
. |
4.22. | Understanding and Configuring Signatures (sig0, sig1) | 3 |
. |
4.23. | Adding Signatures to Multiple Virtual Sensors | 3 |
. |
4.24. | Understanding and Configuring Anomaly Detection (ad0, ad1) | 2 |
. |
4.25. | Using the Cisco IDM (IPS Device Manager) | 3 |
. |
4.26. | Using Cisco IDM Event Monitoring | 3 |
. |
4.27. | Displaying Events Triggered Using the Cisco IPS Console | 2 |
. |
4.28. | Troubleshooting Events Not Triggering | 2 |
. |
4.29. | Displaying and Capturing Live Traffic on the Cisco IPS Console (Packet Display and Packet Capture) | 1 |
. |
4.30. | SPAN and RSPAN | 3 |
. |
4.31. | Rate Limiting | 3 |
. |
4.32. | Configuring Event Action Variables | 2 |
. |
4.33. | Target Value Ratings | 4 |
. |
4.34. | Event Action Overrides | 3 |
. |
4.35. | Event Action Filters | 3 |
. |
4.36. | Configuring General Settings | 4 |
. |
4.37. | General Signature Parameters | 3 |
. |
4.38. | Alert Frequency | 3 |
. |
4.39. | Alert Severity | 3 |
. |
4.40. | Event Counter | 3 |
. |
4.41. | Signature Fidelity Rating | 3 |
. |
4.42. | Signature Status | 3 |
. |
4.43. | Assigning Actions to Signatures | 3 |
. |
4.44. | AIC Signatures | 3 |
. |
4.45. | IP Fragment Reassembly | 3 |
. |
4.46. | TCP Stream Reassembly | 3 |
. |
4.47. | IP Logging | 3 |
. |
4.48. | Configuring SNMP | 3 |
. |
4.49. | Signature Tuning (Severity Levels, Throttle Parameters, Event Actions) | 3 |
. |
4.50. | Creating Custom Signatures (Using the CLI and Cisco IDM) | 3 |
. |
4.51. | Understanding Various Types of Signature Engines | 3 |
. |
4.52. | Understanding Various Types of Signature Variables | 3 |
. |
4.53. | Understanding Various Types of Event Actions | 3 |
. |
4.54. | Understanding New Cisco IPS 6.0 Features (e.g., Deny Packets for High-Risk Events by Default) | 3 |
. |
4.55. | Creating a Custom String TCP Signature | 3 |
. |
4.56. | Creating a Custom Flood Engine Signature | 3 |
. |
4.57. | Creating a Custom AIC MIME-Type Engine Signature | 3 |
. |
4.58. | Creating a Custom Service HTTP Signature | 3 |
. |
4.59. | Creating a Custom Service FTP Signature | 3 |
. |
4.60. | Creating a Custom ATOMIC.ARP Engine Signature | 3 |
. |
4.61. | Creating a Custom ATOMIC.IP Engine Signature | 3 |
. |
4.62. | Creating a Custom TCP Sweep Signature | 3 |
. |
4.63. | Creating a Custom ICMP Sweep Signature | 3 |
. |
4.64. | Creating a Custom Trojan Engine Signature | 3 |
. |
4.65. | Enabling Shunning and Blocking (Enabling Blocking Properties) | 3 |
. |
4.66. | Shunning on a Router | 2 |
. |
4.67. | Shunning on the Cisco ASA Security Appliance | 4 |
. |
4.68. | Enabling the TCP Reset Function | 2 |
. |
4.69. | Cisco IOS IPS on a Router Using Version 5.x Format Signatures | 2 |
. |
4.70. | Loading a Version 5.x Signature File onto the Router | 1 |
. |
4.71. | Understanding the Signature Engines for Cisco IOS IPS | 1 |
. |
4.72. | Transparent Cisco IOS IPS | 1 |
. |
|||
. |
Configuring and Troubleshooting Identity Management | ||
. |
5.01 | Understanding the AAA Framework | 4 |
. |
5.02 | Understanding the RADIUS Protocol | 4 |
. |
5.03 | Understanding RADIUS Attributes (Cisco AV-PAIRS) | 4 |
. |
5.04 | Understanding the TACACS+ Protocol | 4 |
. |
5.05 | Understanding TACACS+ Attributes | 4 |
. |
5.06 | Comparison of RADIUS and TACACS+ | 4 |
. |
5.07 | Configuring Basic LDAP Support | 2 |
. |
5.08 | Overview of Cisco Secure ACS | 3 |
. |
5.09 | How to Navigate Cisco Secure ACS | 4 |
. |
5.10. | Cisco Secure ACS – Network Settings Parameters | 4 |
. |
5.11. | Cisco Secure ACS – User Settings Parameters | 4 |
. |
5.12. | Cisco Secure ACS – Group Settings Parameters | 4 |
. |
5.13. | Cisco Secure ACS – Shared Profiles Components (802.1X, NAF, NAR, Command Author, Downloadable ACL, etc.) | 4 |
. |
5.14. | Cisco Secure ACS – Shell Command Authorization Sets Using Both Per-Group Setup and Shared Profiles | 3 |
. |
5.15. | Cisco Secure ACS – System Configuration Parameters | 3 |
. |
5.16. | Cisco Secure ACS – Posture Validation Policies for NAC Setup | 2 |
. |
5.17. | Cisco Secure ACS – Using Network Access Profiles (NAPs) | 2 |
. |
5.18. | Cisco Secure ACS – MAC Authentication Bypass (MAB) Using NAP | 2 |
. |
5.19. | Enabling AAA on a Router for vty Lines | 4 |
. |
5.20. | Enabling AAA on a Switch for vty Lines | 4 |
. |
5.21. | Enabling AAA on a Router for HTTP | 4 |
. |
5.22. | Enabling AAA on the Cisco ASA Security Appliance for Telnet and SSH Protocols | 3 |
. |
5.23. | Using Default vs. Named Method Lists | 4 |
. |
5.24. | Complex Command Authorization and Privilege Levels, and Relevant Cisco Secure ACS Profiles | 3 |
. |
5.25. | Proxy Service Authentication and Authorization on the Cisco ASA Security Appliance for Pass-Through Traffic (FTP, Telnet, and HTTP), and Relevant Cisco Secure ACS Profiles | 3 |
. |
5.26. | Using Virtual Telnet on the Cisco ASA Security Appliance | 2 |
. |
5.27. | Using Virtual HTTP on the Cisco ASA Security Appliance | 2 |
. |
5.28. | Downloadable ACLs | 2 |
. |
5.29. | AAA 802.1X Authentication Using RADIUS on a Switch | 1 |
. |
5.30. | NAC-L2-802.1X on a Switch | 1 |
. |
5.31. | NAC-L2-IP on a Switch | 1 |
. |
5.32. | Troubleshooting Failed AAA Authentication or Authorization | 4 |
. |
5.33. | Troubleshooting Using Cisco Secure ACS Logs | 4 |
. |
5.34. | Using the test aaa Command on the Router, Switch, or Cisco ASA Security Appliance | 4 |
. |
5.35. | Understanding and Interpreting the debug radius Command | 3 |
. |
5.36. | Understanding and Interpreting the debug tacacs+ Command | 3 |
. |
5.37. | Understanding and Interpreting the debug aaa authentication Command | 3 |
. |
5.38. | Understanding and Interpreting the debug aaa authorization Command | 4 |
. |
5.39. | Understanding and Interpreting the debug aaa accounting Command | 4 |
. |
|||
. |
|||
. |
Implementing Control Plane and Management Plane Security | ||
. |
6.01 | Understanding Four Types of Traffic Planes on a Cisco Router (Control, Management, Data, and Services) | 4 |
. |
6.02 | Understanding Control Plane Security Technologies and Core Concepts Covering Security Features Available to Protect the Control Plane | 3 |
. |
6.03 | Understanding Management Plane Security Technologies and Core Concepts Covering Security Features Available to Protect the Management Plane | 3 |
. |
6.04 | Configuring Control Plane Policing (CoPP) | 1 |
. |
6.05 | Control Plane Rate Limiting | 2 |
. |
6.06 | Disabling Unused Control Plane Services (IP Source Routing, Proxy ARP, Gratuitous ARP, etc.) | 4 |
. |
6.07 | Disabling Unused Management Plane Services (Finger, BOOTP, DHCP, Cisco Discovery Protocol, etc.) | 4 |
. |
6.08 | MPP (Management Plane Protection) and Understanding OOB (Out-of-Band) Management Interfaces | 4 |
. |
6.09 | Configuring Protocol Authentication | 4 |
. |
6.1 | Route Filtering and Protocol-Specific Filters | 3 |
. |
6.11 | ICMP Techniques to Reduce the Risk of ICMP-Related DoS Attacks (IP Unreachable, IP Redirect, IP Mask Reply, etc.) | 3 |
. |
6.12 | Selective Packet Discard (SPD) | 2 |
. |
6.13 | MQC and FPM Types of Service Policy on the CoPP Interface | 2 |
. |
6.14 | Broadcast Control on a Switch | 2 |
. |
6.15 | Catalyst Switch Port Security | 2 |
. |
6.16 | Cisco IOS Software-Based CPU Protection Mechanisms (Options Drop, Logging Interval, CPU Threshold) | 2 |
. |
6.17 | The Generalized TTL Security Mechanism Known as “BGP TTL Security Hack” (BTSH) | 1 |
. |
6.18 | Device Access Control (vty ACL, HTTP ACL, SSH Access, Privilege Levels) | 4 |
. |
6.19 | SNMP Security | 3 |
. |
6.2 | System Banners | 4 |
. |
6.21 | Secure Cisco IOS File Systems | 2 |
. |
6.22 | Understanding and Enabling Syslog | 4 |
. |
6.23 | NTP with Authentication | 3 |
. |
6.24 | Role-Based CLI Views and Cisco Secure ACS Setup | 2 |
. |
6.25 | Service Authentication on Cisco IOS Software (FTP, Telnet, HTTP) | 3 |
. |
6.26 | Network Telemetry Identification and Classification of Security Events (IP Traffic Flow, NetFlow, SNMP, Syslog, RMON) | 2 |
. |
|||
. |
|||
. |
Configuring and Troubleshooting Advanced Security Features | ||
. |
7.01 | Implementing RFC 1918 Antispoofing Filtering | 2 |
. |
7.02 | Implementing RFC 2827 Antispoofing Filtering | 2 |
. |
7.03 | Implementing RFC 2401 Antispoofing Filtering | 2 |
. |
7.04 | Marking Packets Using DSCP and IP Precedence and Other Values | 3 |
. |
7.05 | Unicast RPF (uRPF) With or Without an ACL (Strict and Loose Mode) | 2 |
. |
7.06 | RTBH Filtering (Remote Triggered Black Hole) | 1 |
. |
7.07 | Basic Traffic Filtering Using Access Lists: SYN Flags, Established, etc. (Named vs. Numbered ACLs) | 4 |
. |
7.08 | Managing Time-Based Access Lists | 4 |
. |
7.09 | Enabling NAT and PAT on a Router | 3 |
. |
7.1 | Conditional NAT on a Router | 4 |
. |
7.11 | Multihome NAT on a Router | 4 |
. |
7.12 | Enabling a TCP Intercept on a Router | 3 |
. |
7.13 | Enabling a TCP Intercept on the Cisco ASA Security Appliance | 3 |
. |
7.14 | FPM (Flexible Packet Matching) and Protocol Header Definition File (PHDF) Files and Configuration of Nested Policy Maps | 1 |
. |
7.15 | CAR Rate Limiting with Traffic Classification Using ACLs | 1 |
. |
7.16 | PBR (Policy-Based Routing) and Use of Route Maps | 3 |
. |
7.17 | Advanced MQC (Modular QoS CLI) on a Router | 3 |
. |
7.18 | Advanced Modular Policy Framework (MPF) on the Cisco ASA Security Appliance | 4 |
. |
7.19. | Classification Using NBAR | 3 |
. |
7.20. | Understanding and Enabling NetFlow on a Router | 2 |
. |
7.21 | Traffic Policing on a Router | 2 |
. |
7.22 | Port Security on a Switch | 4 |
. |
7.23 | Storm Control on a Switch | 4 |
. |
7.24 | Private VLAN (PVLAN) on a Switch | 2 |
. |
7.25 | Port Blocking on a Switch | 2 |
. |
7.26 | Port ACL on a Switch | 2 |
. |
7.27 | MAC ACL on a Switch | 2 |
. |
7.28 | VLAN ACL on a Switch | 2 |
. |
7.29 | Spanning Tree Protocol (STP) Protection Using BPDU Guard and Loop Guard on a Switch | 4 |
. |
7.3 | DHCP Snooping on a Switch | 3 |
. |
7.31 | IP Source Guard on a Switch | 2 |
. |
7.32 | Dynamic ARP Inspection (DAI) on a Switch | 2 |
. |
7.33 | Disabling DTP on All Nontrunking Access Ports | 5 |
. |
|||
. |
|||
. |
|||
. |
Configuring and Troubleshooting Network Attacks | ||
. |
8.01 | Concept of Proactive vs. Reactive Measures | 4 |
. |
8.02 | Knowledge of Protocols: TCP, UDP, HTTP, SMTP, ICMP, FTP | 5 |
. |
8.03 | Knowledge of Common Attacks: Network Reconnaissance, IP Spoofing, DHCP Snooping, DNS Spoofing, MAC Spoofing, ARP Snooping, Fragment Attack, Smurf Attack, TCP SYN Attack | 3 |
. |
8.04 | Understanding and Interpreting ARP Header Structure | 3 |
. |
8.05 | Understanding and Interpreting IP Header Structure | 3 |
. |
8.06 | Understanding and Interpreting TCP Header Structure | 3 |
. |
8.07 | Understanding and Interpreting UDP Header Structure | 3 |
. |
8.08 | Understanding and Interpreting HTTP Header Structure | 3 |
. |
8.09 | Understanding and Interpreting ICMP Header structure | 3 |
. |
8.1 | Understanding and Interpreting ICMP Type Name and Codes | 3 |
. |
8.11 | Understanding and Interpreting Syslog Messages | 3 |
. |
8.12 | Understanding and Interpreting Packet Capture Outputs (Sniffer, Ethereal, Wireshark, TCPDump) | 4 |
. |
8.13 | Understanding Different Types of Attack Vectors | 3 |
. |
8.14 | Interpreting Various show and debug Outputs | 4 |
. |
8.15 | Traffic Characterization | 3 |
. |
8.16 | Packet Classification | 4 |
. |
8.17 | Packet-Marking Techniques | 3 |
. |
8.18 | Classifying Attack Patterns Using FPM | 3 |
. |
8.19 | Memorizing Common Protocol and Port Numbers | 3 |
. |
8.2 | Preventing an ICMP Attack Using ACLs | 4 |
. |
8.21 | Preventing an ICMP Attack Using NBAR | 2 |
. |
8.22 | Preventing an ICMP Attack Using Policing | 3 |
. |
8.23 | Preventing an ICMP Attack Using the Modular Policy Framework (MPF) on the Cisco ASA Security Appliance | 3 |
. |
8.24 | Preventing a SYN Attack Using ACLs | 4 |
. |
8.25 | Preventing a SYN Attack Using NBAR | 2 |
. |
8.26 | Preventing a SYN Attack Using Policing | 2 |
. |
8.27 | Preventing a SYN Attack Using CBAC | 2 |
. |
8.28 | Preventing a SYN Attack Using CAR | 2 |
. |
8.29 | Preventing a SYN Attack Using a TCP Intercept | 2 |
. |
8.3 | Preventing a SYN Attack Using the Modular Policy Framework (MPF) on the Cisco ASA Security Appliance | 3 |
. |
8.31 | Preventing Application Protocol–Specific Attacks Using FPM (e.g., HTTP, SMTP) | 3 |
. |
8.32 | Preventing Application Protocol–Specific Attacks Using NBAR (e.g., HTTP, SMTP) | 3 |
. |
8.33 | Preventing Application Protocol–Specific Attacks Using the Modular Policy Framework (MPF) on the Cisco ASA Security Appliance (e.g., HTTP, SMTP) | 3 |
. |
8.34 | Preventing IP Spoofing Attacks Using Antispoofing ACLs | 3 |
. |
8.35 | Preventing IP Spoofing Attacks Using uRPF | 2 |
. |
8.36 | Preventing IP Spoofing Attacks Using IP Source Guard | 2 |
. |
8.37 | Preventing Fragment Attacks Using ACLs | 4 |
. |
8.38 | Preventing MAC Spoofing Attacks Using Port Security | 4 |
. |
8.39 | Preventing ARP Spoofing Attacks Using DAI | 2 |
. |
8.4 | Preventing VLAN Hopping Attacks Using the switchport mode access Command | 5 |
. |
8.41 | Preventing STP Attacks Using the Root Guard or BPDU Guard | 3 |
. |
8.42 | Preventing DHCP Spoofing Attacks Using Port Security | 2 |
. |
8.43 | Preventing DHCP Spoofing Attacks Using DAI | 2 |
. |
8.44 | Preventing Port Redirection Attacks Using ACLs | 2 |
. |
|||
. |
|||
. |
Overall Confidentiallity (percent): | 61.47% |