Lawspet, Puducherry
+91 9952792938
sundar@enlightenclouds.com
Batches | Regular | Weekend | Fast Track |
---|---|---|---|
Duration | 40-45 Days | 8 Weekend | 15 Days |
Hours Per Day | 2 Hours | 6 Hours | 5 Hours |
Demo Class | Yes - 2 Days | Yes - 1 Weekend | Yes - 1 Day |
1.0Identity Management/Secure Access
1.1Implement Device Administration
1.1.a Compare and select AAA options
1.1.b TACACS+
1.1.c RADIUS
1.1.d Describe Native AD and LDAP
1.2 Describe Identity Management
1.2.a Describe features and functionality of authentication and authorization
1.2.b Describe identity store options (i.e., LDAP, AD, PKI, OTP, Smart Card, local)
1.2.c Implement accounting1.3Implement Wired/Wireless 802.1x1.3.aDescribe RADIUS flows
1.3.b AVpairs
1.3.c EAP types
1.3.d Describe supplicant, authenticator, server
1.3.e Supplicant options1.3.f802.1X phasing (monitor mode, low impact, closed mode)
1.3.g AAA server
1.3.h Network access devices
1.4 Implement MAB1.5Implement Network Authorization Enforcement
1.5.a dACL
1.5.b Dynamic VLAN assignment
1.5.c Describe SGA
1.5.d Named ACL
1.5.e CoA
1.6 Implement central web authorization
1.7 Implement profiling
1.8 Implement guest services
1.9 Implement posturing
1.10 Implement BYOD access
1.10.a Describe elements of a BYOD policy
1.10.b Device registration
1.10.c My devices portal
1.10.d Describe supplicant provisioning
2.0 Threat Defense
2.1 Implement firewall
2.1.a Describe SGA ACLs
3.0 Troubleshooting, Monitoring,and Reporting Tools
3.1 Troubleshoot identity management solutions
4.0 Threat Defense Architectures
4.1 Design highly secure wireless solution
5.0 Identity Management Architectures
5.1 Design AAA security solution
5.2 Design profiling security solution
5.3 Design posturing security solution
5.4 Design BYOD security solution
5.5 Design device admin security solution
5.6 Design guest services security solution
1.0 Threat Defense
1.1 Implement firewall (ASA or IOS depending on which supports the implementation)
1.1.a Implement ACLs
1.1.b Implement static/dynamic NAT/PAT
1.1.c Implement object groups
1.1.d Describe threat detection features
1.1.e Implement botnet traffic filtering
1.1.f Configure application filtering and protocol inspection
1.1.g Describe ASA security contexts
1.2 Implement Layer 2 Security
1.2.a Configure DHCP snooping
1.2.b Describe dynamic ARP inspection
1.2.c Describe storm control
1.2.d Configure port security
1.2.e Describe common Layer 2 threats and attacks and mitigation
1.2.f Describe MACSec
1.2.g Configure IP source verification
1.3 Configure device hardening per best practices
1.3.a Routers
1.3.b Switches
1.3.c Firewalls
2.0 Cisco Security Devices GUIs and Secured CLI Management
2.1 Implement SSHv2, HTTPS, and SNMPv3 access on the network devices
2.2 Implement RBAC on the ASA/IOS using CLI and ASDM
2.3 Describe Cisco Prime Infrastructure
2.3.a Functions and use cases of Cisco Prime
2.3.b Device Management
2.4 Describe Cisco Security Manager (CSM)
2.4.a Functions and use cases of CSM
2.4.b Device Management
2.5 Implement Device Managers
2.5.a Implement ASA firewall features using ASDM
3.0 Management Services on Cisco Devices
3.1 Configure NetFlow exporter on Cisco Routers, Switches, and ASA
3.2 Implement SNMPv3
3.2.a Create views, groups, users, authentication, and encryption
3.3 Implement logging on Cisco Routers, Switches, and ASA using Cisco best practices
3.4 Implement NTP with authentication on Cisco Routers, Switches, and ASA
3.5 Describe CDP, DNS, SCP, SFTP, and DHCP
3.5.a Describe security implications of using CDP on routers and switches
3.5.b Need for dnssec
4.0 Troubleshooting, Monitoring and Reporting Tools
4.1 Monitor firewall using analysis of packet tracer, packet capture, and syslog
4.1.a Analyze packet tracer on the firewall using CLI/ASDM
4.1.b Configure and analyze packet capture using CLI/ASDM
4.1.c Analyze syslog events generated from ASA
5.0 Threat Defense Architectures
5.1 Design a Firewall Solution
5.1.a High-availability
5.1.b Basic concepts of security zoning
5.1.c Transparent & Routed Modes
5.1.d Security Contexts
5.2 Layer 2 Security Solutions
5.2.a Implement defenses against MAC, ARP, VLAN hopping, STP, and DHCP rogue attacks
5.2.b Describe best practices for implementation
5.2.c Describe how PVLANs can be used to segregate network traffic at Layer 2
6.0 Security Components and Considerations
6.1 Describe security operations management architectures
6.1.a Single device manager vs. multi-device manager
6.2 Describe Data Center security components and considerations
6.2.a Virtualization and Cloud security
6.3 Describe Collaboration security components and considerations
6.3.a Basic ASA UC Inspection features
6.4 Describe common IPv6 security considerations
6.4.a Unified IPv6/IPv4 ACL on the ASA
1.0 Secure Communications
1.1 Site-to-site VPNs on routers and firewalls
1.1.a Describe GETVPN
1.1.b Implement IPsec (with IKEv1 and IKEv2 for both IPV4 & IPV6)
1.1.c Implement DMVPN (hub-Spoke and spoke-spoke on both IPV4 & IPV6)
1.1.d Implement FlexVPN (hub-Spoke on both IPV4 & IPV6) using local AAA
1.2 Implement remote access VPNs
1.2.a Implement AnyConnect IKEv2 VPNs on ASA and routers
1.2.b Implement AnyConnect SSLVPN on ASA and routers
1.2.c Implement clientless SSLVPN on ASA and routers
1.2.d Implement FLEX VPN on routers
2.0 Troubleshooting, Monitoring, and Reporting Tools
2.1 Troubleshoot VPN using ASDM & CLI
2.1.a Troubleshoot IPsec
2.1.b Troubleshoot DMVPN
2.1.c Troubleshoot FlexVPN
2.1.d Troubleshoot AnyConnect IKEv2 and SSL VPNs on ASA and routers
2.1.e Troubleshoot clientless SSLVPN on ASA and routers
3.0 Secure Communications Architectures
3.1 Design site-to-site VPN solutions
3.1.a Identify functional components of GETVPN, FlexVPN, DMVPN, and IPsec
3.1.b VPN technology considerations based on functional requirements
3.1.c High availability considerations
3.1.d Identify VPN technology based on configuration output
3.2 Design remote access VPN solutions
3.2.a Identify functional components of FlexVPN, IPsec, and Clientless SSL
3.2.b VPN technology considerations based on functional requirements
3.2.c High availability considerations
3.2.d Identify VPN technology based on configuration output
3.2.e Identify AnyConnect client requirements
3.2.f Clientless SSL browser and client considerations/requirements
3.2.g Identify split tunneling requirements
3.3 Describe encryption, hashing, and Next Generation Encryption (NGE)
3.3.a Compare and contrast Symmetric and asymmetric key algorithms
3.3.b Identify and describe the cryptographic process in VPNs – Diffie-Hellman, IPsec – ESP, AH, IKEv1, IKEv2, hashing algorithms MD5 and SHA, and authentication methods
3.3.c Describe PKI components and protection methods
3.3.d Describe Elliptic Curve Cryptography (ECC)
3.3.e Compare and contrast SSL, DTLS, and TLS