KERALA STATE TECHNICAL EDUCATION DEVELOPMENT SOCIETY ( REG NO: K 604/2000 )

(An accredited vocational institute of NIOS under Ministry of Human Resource Development Government of India) NIOS study center code :590048

CCNP Security

Course Overview

Cisco Certified Network Professional Security (CCNP Security) certification program is aligned specifically to the job role of the Cisco Network Security Engineer responsible for Security in Routers, Switches, Networking devices and appliances, as well as choosing, deploying, supporting and troubleshooting Firewalls, VPNS, and IDS/IPS solutions for their networking environments.

Exam Description

642-637 Securing Networks with Cisco Routers and Switches (SECURE)

Exam Topics

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam.ss

Pre-Production Design

  • Choose Cisco IOS technologies to implement HLD
  • Choose Cisco products to implement HLD
  • Choose Cisco IOS features to implement HLD 2
  • Integrate Cisco network security solutions with other security technologies
  • Create and test initial Cisco IOS configurations for new devices/services

Complex Operations Support

  • Optimize Cisco IOS security infrastructure device performance
  • Create complex network security rules to meet the security policy requirements
  • Optimize security functions, rules, and configuration
  • Configure and verify NAT to dynamically mitigate identified threats to the network
  • Configure and verify IOS Zone Based Firewalls including advanced application inspections and URL filtering
  • Configure and verify the IPS features to identify threats and dynamically block them from entering the network
  • Maintain, update and tune IPS signatures
  • Configure and verify IOS VPN features
  • Configure amd verify Layer 2 and Layer 3 security features

Advanced Troubleshooting

  • Advanced Cisco IOS security software configuraiton fault finding and repairing
  • Advanced Cisco routers and switches hardware fault finding and repairing

642-618 Deploying Cisco ASA Firewall Solutions (FIREWALL)

Exam Topics

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam.

Cisco ASA adaptive security appliance Basic Configurations

  • Identify the ASA product family
  • Implement ASA licensing
  • Manage the ASA boot process
  • Implement ASA interface settings
  • Implement ASA management features
  • Implement ASA access control features
  • Implement Network Address Translation (NAT) on the ASA
  • Implement ASDM public server feature
  • Implement ASA quality of service (QoS) settings
  • Implement ASA transparent firewall

ASA Routing Features

  • Implement ASA static routing
  • Implement ASA dynamic routing

ASA Routing Features

  • Implement ASA inspections features

ASA Inspection Policy

  • Implement ASA inspections features

ASA Advanced Network Protections

  • Implement ASA Botnet traffic filter

ASA High Availability

  • Implement ASA Interface redundancy and load sharing features
  • Implement ASA virtualization feature
  • Implement ASA stateful failover

642-648 Deploying Cisco ASA VPN Solutions (VPN)

Exam Topics

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam

Common Cisco ASA adaptive security appliance VPN Configurations Components

  • Identify ASA VPN licensing requirements
  • Identify the components and features of AnyConnect 3.0 Mobility (VPN, NAM, Web Sec (ScanSafe), an Telemetry)
  • Implement ASA VPN connection profiles, group policies, and user policies
  • Implement Simple Certificate Enrollment Protocol (SCEP) proxy operations using Cisco Adaptive Security Device Manager (ASDM)
  • Implement local and external VPN authorization using ASDM
  • Implement VPN session accounting using ASDM
  • Implement Cisco Secure Desktop and Independent Host Scan operations using ASDM
  • Implement DAP operations using ASDM
  • Implement LOCAL CA operations for Secure Sockets Layer (SSL) VPNs using ASDM
  • Implement certificate maps using ASDM
  • Identify the ASA IPv6 VPN capabilities
  • Monitor and verify the resulting CLI commands resulting from the various VPN configurations on the ASA

ASA IP SEC S2S VPN

  • Implement a security high-level design according to policy and environmental requirements by identifying Cisco ASA IPSec S2S VPN features and supporting technologies
  • Implement basic IPSEC S2S VPN operations with PSK and digital certificates using ASDM
  • Implement basic IKEv2 based IPSEC S2S VPN operations using ASDM
  • Troubleshoot the initial provisioning IPSec S2S VPN applications due to misconfiguration

ASA EZVPN

  • Implement a security high level design according to policy and environmental requirements by identifying Cisco ASA VPN client features and supporting technologies
  • Implement basic EZVPN server operations on the ASA using ASDM

Basic EZVPN remote operations on the ASA 5505 using ASDM

  • Implement AnyConnect 3.0 IKEv2 RA VPN operations
  • Implement Client Services Server (CSS) feature
  • Troubleshoot the initial provisioning IPSec RA VPN applications due to misconfiguration

ASA AnyConnect SSL VPNs

  • Implement a security high-level design according to policy and environmental requirements by identifying Cisco ASA AnyConnect client features and supporting technologies
  • Implement DTLS operations using ASDM
  • Implement basic AnyConnect 3.0 full tunnel SSL VPN operations
  • Troubleshoot AnyConnect SSL VPN operations using DART
  • Implement AnyConnect Profiles using ASDM
  • Implement advanced authentication in AnyConnect Full Tunnel SSL VPNs (certificate and multi-authentication) using ASDM
  • Troubleshoot the initial provisioning client-based SSL VPN applications due to misconfiguration

ASA Clientless SSL VPNs

  • Implement a security high level design according to policy and environmental requirements by identifying Cisco ASA clientless SSL VPN features and supporting technologies
  • Implement basic Clientless SSL VPN operations using ASDM
  • Implement advanced applications access using ASDM
  • Implement the SSO features on the ASA in a clientless SSL VPN environment
  • Implement advanced authentication in clientless SSL VPNs (certificate and multi-authentication) using ASDM
  • Manage the clientless SSL VPN user interface and portal using ASDM
  • Implement basic portal customization
  • Troubleshoot the initial provisioning of Clientless SSL VPN applications due to misconfiguration

SSL VPN High Availability

  • Implement SSL and IPSEC VPN high availability features

642-627 Implementing Cisco Intrusion Prevention System

Exam Topics

  • The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam.

Pre-Production Design

  • Choose Cisco IPS technologies to implement HLD
  • Choose Cisco products to implement HLD
  • Choose Cisco IPS features to implement HLD
  • Integrate Cisco network security solutions with other security technologies
  • Create and test initial Cisco IPS configurations for new devices/services

Complex Support Operations

  • Optimize Cisco IPS security infrastructure device performance
  • Create complex network security rules, to meet the security policy requirements
  • Configure and verify the IPS features to identify threats and dynamically block them from entering the network
  • Maintain, update and tune IPS signatures
  • Use CSM and MARS for IPS management, deployment, and advanced event correlation
  • Optimize security functions, rules, and configuration

Advanced Troubleshooting

  • Advanced Cisco IPS security software configuraiton fault finding and repairing
  • Advanced Cisco IPS sensor and module hardware fault finding and repairing