CCNA Security

CCNA

۱٫۰ Security Concepts

۱٫۱  Common security principles

• ۱٫۱٫a Describe confidentiality, integrity, availability (CIA)
• ۱٫۱٫b Describe SIEM technology
• ۱٫۱٫c Identify common security terms
• ۱٫۱٫d Identify common network security zones

۱٫۲ Common security threats

• ۱٫۲٫a Identify common network attacks
• ۱٫۲٫b Describe social engineering
• ۱٫۲٫c Identify malware
• ۱٫۲٫d Classify the vectors of data loss/exfiltration

۱٫۳ Cryptography concepts

• ۱٫۳٫a Describe key exchange
• ۱٫۳٫b Describe hash algorithm
• ۱٫۳٫c Compare and contrast symmetric and asymmetric encryption
• ۱٫۳٫d Describe digital signatures, certificates, and PKI

۱٫۴ Describe network topologies

• ۱٫۴٫a Campus area network (CAN)
• ۱٫۴٫b Cloud, wide area network (WAN)
• ۱٫۴٫c Data center
• ۱٫۴٫d Small office/home office (SOHO)
• ۱٫۴٫e Network security for a virtual environment

۱٫۵ Kali Linux fundamental

۲٫۰ Secure Access

۲٫۱  Secure management

• ۲٫۱٫a Compare in-band and out-of band
• ۲٫۱٫b Configure secure network management
• ۲٫۱٫c Configure and verify secure access through SNMP v3 using an ACL
• ۲٫۱٫d Configure and verify security for NTP
• ۲٫۱٫e Use SCP for file transfer

۲٫۲ AAA concepts

• ۲٫۲٫a Describe RADIUS and TACACS+ technologies
• ۲٫۲٫b Configure administrative access on a Cisco router using TACACS+
• ۲٫۲٫c Verify connectivity on a Cisco router to a TACACS+ server
• ۲٫۲٫d Explain the integration of Active Directory with AAA
• ۲٫۲٫e Describe authentication and authorization using ACS and ISE

۲٫۳ ۸۰۲٫۱X authentication

• ۲٫۳٫a  Identify the functions 802.1X components

۲٫۴ BYOD

• ۴٫a Describe the BYOD architecture framework
• ۴٫b Describe the function of mobile device management (MDM)

۳٫۰ VPN

۳٫۱  VPN concepts

• ۳٫۱٫a Describe IPsec protocols and delivery modes (IKE, ESP, AH, tunnel mode, transport mode)
• ۳٫۱٫b Describe hairpinning, split tunneling, always-on, NAT traversal

۳٫۲ Remote access VPN

• ۳٫۲٫a Implement basic clientless SSL VPN using ASDM
• ۳٫۲٫b Verify clientless connection
• ۳٫۲٫c Implement basic AnyConnect SSL VPN using ASDM
• ۳٫۲٫d Verify AnyConnect connection
• ۳٫۲٫e Identify endpoint posture assessment

۳٫۳ Site-to-site VPN

• ۳٫۳٫a Implement an IPsec site-to-site VPN with pre-shared key authentication on Cisco routers and ASA firewalls
• ۳٫۳٫b Verify an IPsec site-to-site VPN

۴٫۰ Secure Routing and Switching

۴٫۱ Security on Cisco routers

• ۴٫۱٫a Configure multiple privilege levels
• ۴٫۱٫b Configure Cisco IOS role-based CLI access
• ۴٫۱٫c Implement Cisco IOS resilient configuration

۴٫۲ Securing routing protocols

• ۴٫۲٫a Implement routing update authentication on OSPF

۴٫۳ Securing the control plane

• ۴٫۳٫a Explain the function of control plane policing

۴٫۴ Common Layer 2 attacks

• ۴٫۴٫a Describe STP attacks
• ۴٫۴٫b Describe ARP spoofing
• ۴٫۴٫c Describe MAC spoofing
• ۴٫۴٫d Describe CAM table (MAC address table) overflows
• ۴٫۴٫e Describe CDP/LLDP reconnaissance
• ۴٫۴٫f Describe VLAN hopping
• ۴٫۴٫g Describe DHCP spoofing

۴٫۵ Mitigation procedures

• ۴٫۵٫a Implement DHCP snooping
• ۴٫۵٫b Implement Dynamic ARP Inspection
• ۴٫۵٫c Implement port security
• ۴٫۵٫d Describe BPDU guard, root guard, loop guard
• ۴٫۵٫e Verify mitigation procedures

۴٫۶ VLAN security

• ۴٫۶٫a Describe the security implications of a PVLAN

۴٫۶٫b Describe the security implications of a native VLAN

 ۵٫۰ Cisco Firewall Technologies

۵٫۱  Describe operational strengths and weaknesses of the different firewall technologies

• ۵٫۱٫a Proxy firewalls
• ۵٫۱٫b Application firewall
• ۵٫۱٫c Personal firewall

۵٫۲ Compare stateful vs. stateless firewalls

• ۵٫۲٫a Operations
• ۵٫۲٫b Function of the state table

۵٫۳ Implement NAT on Cisco ASA 9.x

• ۵٫۳٫a Static
• ۵٫۳٫b Dynamic
• ۵٫۳٫c PAT
• ۵٫۳٫d Policy NAT
• ۵٫۳ e Verify NAT operations

۵٫۴ Implement zone-based firewall

• ۵٫۴٫a Zone to zone
• ۵٫۴٫b Self zone

۵٫۵ Firewall features on the Cisco Adaptive Security Appliance (ASA) 9.x

• • ۵٫۵٫a Configure ASA access management
  • ۵٫۵٫b Configure security access policies
  • ۵٫۵٫c Configure Cisco ASA interface security levels
  • ۵٫۵٫d Configure default Cisco Modular Policy Framework (MPF)
  • ۵٫۵٫e Describe modes of deployment (routed firewall, transparent firewall)
  • ۵٫۵٫f Describe methods of implementing high availability
  • ۵٫۵٫g Describe security contexts

• ۵٫۵٫h Describe firewall services

۶٫۰ firepower and ASA

۶٫۱ Describe IPS deployment considerations

• ۶٫۱٫a Network-based IPS vs. host-based IPS
• ۶٫۱٫b Modes of deployment (inline, promiscuous – SPAN, tap)
• ۶٫۱٫c Placement (positioning of the IPS within the network)
• ۶٫۱٫d False positives, false negatives, true positives, true negatives

۶٫۲ Describe IPS technologies

• ۶٫۲٫a Rules/signatures
• ۶٫۲٫b Detection/signature engines
• ۶٫۲٫c Trigger actions/responses (drop, reset, block, alert, monitor/log, shun)

• ۲٫d Blacklist (static and dynamic)

۷٫۰ Content and Endpoint Security

۷٫۱  Describe mitigation technology for email-based threats

• ۷٫۱٫a SPAM filtering, anti-malware filtering, DLP, blacklisting, email encryption

۷٫۲ Describe mitigation technology for web-based threats

• ۷٫۲٫a Local and cloud-based web proxies
• ۷٫۲٫b Blacklisting, URL filtering, malware scanning, URL categorization, web application filtering, TLS/SSL decryption

۷٫۳  Describe mitigation technology for endpoint threats

• ۷٫۳٫a Anti-virus/anti-malware
• ۷٫۳٫b Personal firewall/HIPS

۷٫۳٫c Hardware/software encryption of local data