CCIE Security Written Exam (350-018) Version 4 - Cisco

2y ago
11 Views
2 Downloads
244.50 KB
6 Pages
Last View : 2m ago
Last Download : 2m ago
Upload by : Hayden Brunner
Transcription

CCIE Security Written Exam (350-018) version 4.0Exam Description: The Cisco CCIE Security Written Exam (350-018) version 4.0 is a 2-hour test with90–110 questions. This exam tests the skills and competencies of security professionals in terms ofdescribing, implementing, deploying, configuring, maintaining, and troubleshooting Cisco networksecurity solutions and products, as well as current industry best practices and internetworkingfundamentals.Topics include networking fundamentals and security-related concepts and best practices, as well asCisco network security products and solutions in areas such as VPNs, intrusion prevention, firewalls,identity services, policy management, and device hardening. Content includes both IPv4 and IPv6concepts and solutions.The exam is closed book, and no outside reference materials are allowed.The following topics are general guidelines for the content likely to be included on the exam. However,other related topics may also appear on any specific delivery of the exam. In order to better reflect thecontents of the exam and for clarity purposes, the guidelines below may change at any time withoutnotice.20%1.01.1Infrastructure, Connectivity, Communications, and Network SecurityNetwork addressing basics1.2OSI layers1.3TCP/UDP/IP protocols1.4LAN switching (for example, VTP, VLANs, spanning tree, and trunking)1.5Routing protocols (for example, RIP, EIGRP, OSPF, and BGP).5.aBasic functions and characteristics1.5.b Security features1.6Tunneling protocols1.6.a GRE1.6.b NHRP1.6.cIPv6 tunnel types1.7IP multicast1.7.a PIM1.7.b MSDP1.7.c IGMP and CGMP1.7.d Multicast Listener Discovery2013 Cisco Systems, Inc. This document is Cisco Public.Page 1

15%1.8Wireless1.8.a SSID1.8.b Authentication and authorization1.8.c Rogue APs1.8.d Session establishment1.9Authentication and authorization technologies1.9.a Single sign-on1.9.b OTPs1.9.c LDAP and AD1.9.d RBAC1.10VPNs1.10.a L2 vs L31.10.b MPLS, VRFs, and tag switching1.11Mobile IP 252.262.272.28Security ProtocolsRSARC4MD5SHADES3DESAESIPsecISAKMPIKE and IKEv2GDOIAHESPCEPTLS and DTLSSSLSSHRADIUSTACACS LDAPEAP methods (for example, EAP-MD5, EAP-TLS, EAP-TTLS, EAP-FAST, PEAP, and LEAP)PKI, PKIX, and PKCSIEEE 802.1XWEP, WPA, and WPA2WCCPSXPMACsecDNSSEC2013 Cisco Systems, Inc. This document is Cisco Public.Page 2

.143.153.16Application and Infrastructure SecurityHTTPHTTPSSMTPDHCPDNSFTP and SFTPTFTPNTPSNMPsyslogNetlogon, NetBIOS, and SMBRPCsRDP and VNCPCoIPOWASPManage unnecessary services10%4.04.1Threats, Vulnerability Analysis, and MitigationRecognize and mitigate common attacks4.1.a ICMP attacks and PING floods4.1.b MITM4.1.c Replay4.1.d Spoofing4.1.e Backdoor4.1.f Botnets4.1.g Wireless attacks4.1.h DoS and DDoS attacks4.1.iVirus and worm outbreaks4.1.jHeader attacks4.1.k Tunneling attacks4.2Software and OS exploits4.3Security and attack tools4.4Generic network intrusion prevention concepts4.5Packet filtering4.6Content filtering and packet inspection4.7Endpoint and posture assessment4.8QoS marking attacks5.0Cisco Security Products, Features, and Management20%2013 Cisco Systems, Inc. This document is Cisco Public.Page 3

5.1Cisco Adaptive Security Appliance (ASA)5.1.a Firewall functionality5.1.b Routing and multicast capabilities5.1.c Firewall modes5.1.d NAT (before and after version 8.4)5.1.e Object definition and ACLs5.1.f MPF functionality (IPS, QoS, and application awareness)5.1.g Context-aware firewall5.1.h Identity-based services5.1.iFailover options5.2Cisco IOS firewalls and NAT5.2.a CBAC5.2.b Zone-based firewall5.2.c Port-to-application mapping5.2.d Identity-based firewalling5.3Cisco Intrusion Prevention Systems (IPS)5.4Cisco IOS IPS5.5Cisco AAA protocols and application5.5.a RADIUS5.5.b TACACS 5.5.c Device administration5.5.d Network access5.5.e IEEE 802.1X5.5.f VSAs5.6Cisco Identity Services Engine (ISE)5.7Cisco Secure ACS Solution Engine5.8Cisco Network Admission Control (NAC) Appliance Server5.9Endpoint and client5.9.a Cisco AnyConnect VPN Client5.9.b Cisco VPN Client5.9.c Cisco Secure Desktop5.9.d Cisco NAC Agent5.10Secure access gateways (Cisco IOS router or ASA)5.10.a IPsec5.10.b SSL VPN5.10.c PKI5.11Virtual security gateway2013 Cisco Systems, Inc. This document is Cisco Public.Page 4

17%8%5.12Cisco Catalyst 6500 Series ASA Services Modules5.13ScanSafe functionality and components5.14Cisco Web Security Appliance and Cisco Email Security Appliance5.15Security management5.15.a Cisco Security Manager5.15.b Cisco Adaptive Security Device Manager (ASDM)5.15.c Cisco IPS Device Manager (IDM)5.15.d Cisco IPS Manager Express (IME)5.15.e Cisco Configuration Professional5.15.f Cisco Prime6.06.1Cisco Security Technologies and SolutionsRouter hardening features (for example, CoPP, MPP, uRPF, and PBR)6.2Switch security features (for example, anti-spoofing, port, STP, MACSEC, NDAC, andNEAT)6.3NetFlow6.4Wireless security6.5Network segregation6.5.a VRF-aware technologies6.5.b VXLAN6.6VPN solutions6.6.a FlexVPN6.6.b DMVPN6.6.c GET VPN6.6.d Cisco EasyVPN6.7Content and packet filtering6.8QoS application for security6.9Load balancing and failover7.07.17.27.37.47.57.67.7Security Policies and Procedures, Best Practices, and StandardsSecurity policy elementsInformation security standards (for example, ISO/IEC 27001 and ISO/IEC 27002)Standards bodies (for example, ISO, IEC, ITU, ISOC, IETF, IAB, IANA, and ICANN)Industry best practices (for example, SOX and PCI DSS)Common RFC and BCP (for example, RFC2827/BCP38, RFC3704/BCP84, and RFC5735)Security audit and validationRisk assessment2013 Cisco Systems, Inc. This document is Cisco Public.Page 5

7.87.97.107.11Change management processIncident response frameworkComputer security forensicsDesktop security risk assessment and desktop security risk management2013 Cisco Systems, Inc. This document is Cisco Public.Page 6

CCIE Security Written Exam (350-018) version 4.0 Exam Description: The Cisco CCIE Security Written Exam (350 -018) version 4.0 is a 2 hour test with 90–110 questions. This exam tests the skills and competencies of security professionals in terms of describing, implementing, deploying, configuring, maintaining, and troubleshooting Cisco network

Related Documents:

Section 1 CCIE Program Overview Section 2 CCIE Data Centre Overview - Written Exam Section 3 CCIE Data Centre Overview - Lab Exam Section 4 CCIE DC Topic 1 - Cisco DC Infrastructure (NXOS) Section 5 CCIE DC Topic 2 - Storage Networking Section 6 CCIE DC Topic 3 - Unified Computing Section 7 CCIE DC Topic 4 - Nexus 1000v

Routing & Switching [CCNA, CCNP] CCIE Security [CCNA, CCNP] CCIE Data Center [CCNA, CCNP] CCIE Service Provider [CCNA, CCNP] CCIE Wireless [CCNA, CCNP] CCIE Collaboration [CCNA, CCNP] CCIE Network Design [CCNA, CCNP] CCIE Cyber Ops CCNA

Cisco Notecards CCNP / CCIE CCNP flash cards CCIE flash cards Hands on cisco training Study guides CCIE study plan Cisco TSHOOT 642-813 preparation Cisco SWITCH 642-832 preparation Cisco ROUTE 642-902 preparation Cisco CCIE study summary CCIE mobile app CCNP mobile app ANKI CCIE APP ANKI CCNP APP CCNP Ankidroid CCIE Ankidroid TCP / IP training .

CCIE 400-101 Routing and Switching Written Bootcamp - The CCIE Routing and Switching Written (CCIE Written) Bootcamp is a five-day course that prepares students for the CCIE R&S Written exam. The exam assesses technical knowledge on topics such as IP, IP routing, bridging and switch-rel

needed to pass the CCIE lab exam. I recommend anyone pursuing a CCIE to read it before beginning lab exam preparation and closely follow the do's, don'ts, and the timeline." Tahir Awan, CCIE#12680 "The book flows perfectly. A great behind the scenes look at the CCIE experience! Dean and Vivek have put forth the CCIE mind-set in an .

CCIE Collaboration CCIE Data Center CCDE CCIE Routing & Switching CCIE Security CCIE SP CCIE Wireless Network Programmability Service Provider Internet of Things CCNP Wireless CCNP SP CCNP Security CCNP Routing & Switching CCDP CCNP Data Center CCNP Collaboration CCNP Cloud Customer Success Security Data Center CCNA Wireless

CCIE Collaboration CCIE Data Center CCDE CCIE R&S CCIE Security CCIE Service Provider CCIE Wireless Entry Associate Professional Expert New CCNA Continues No Certification . Relative Exam Blueprint Comparison by Size Old CCNA 200-125 New CCNA 200-301 About 50% goes

Dr. Barbara Keesling Introduction Daniel and Allison have been making love on a rainy Sunday morning, and they are both totally turned on. It started in the shower with a slow massage and moved to the bedroom, where they have been having intercourse for the past ten minutes. Daniel knows that Allison needs at