Perimeter Security and Intrusion Prevention
Describe, implement, and troubleshoot HA features on Cisco ASA and Cisco FirePOWER Threat Defense (FTD)
Describe, implement, and troubleshoot clustering on Cisco ASA and Cisco FTD
Describe, implement, troubleshoot, and secure routing protocols on Cisco ASA and Cisco FTD
Describe, implement, and troubleshoot different deployment modes such as routed, transparent, single, and multicontext on Cisco ASA and Cisco FTD
Describe, implement, and troubleshoot firewall features such as NAT (v ,v ), PAT, application inspection, traffic zones, policy-based routing, traffic redirection to service modules, and identity firewall on Cisco ASA and Cisco FTD
Describe, implement, and troubleshoot IOS security features such as Zone-Based Firewall (ZBF), application layer inspection, NAT (v ,v ), PAT and TCP intercept on Cisco IOS/IOS-XE
Describe, implement, optimize, and troubleshoot policies and rules for traffic control on Cisco ASA, Cisco FirePOWER and Cisco FTD
Describe, implement, and troubleshoot Cisco Firepower Management Center (FMC) features such as alerting, logging, and reporting
Describe, implement, and troubleshoot correlation and remediation rules on Cisco FMC
Describe, implement, and troubleshoot Cisco FirePOWER and Cisco FTD deployment such as in-line, passive, and TAP modes
Describe, implement, and troubleshoot Next Generation Firewall (NGFW) features such as SSL inspection, user identity, geolocation, and AVC (Firepower appliance)
Describe, detect, and mitigate common types of attacks such as DoS/DDoS, evasion techniques, spoofing, man-in-the-middle, and botnet
Advanced Threat Protection and Content Security
Compare and contrast different AMP solutions including public and private cloud deployment models
Describe, implement, and troubleshoot AMP for networks, AMP for endpoints, and AMP for content security (CWS, ESA, and WSA)
Detect, analyze, and mitigate malware incidents
Describe the benefit of threat intelligence provided by AMP Threat GRID
Perform packet capture and analysis using Wireshark, tcpdump, SPAN, and RSPAN
Describe, implement, and troubleshoot web filtering, user identification, and Application Visibility and Control (AVC)
Describe, implement, and troubleshoot mail policies, DLP, email quarantines, and SenderBase on ESA
Describe, implement, and troubleshoot SMTP authentication such as SPF and DKIM on ESA
Describe, implement, and troubleshoot SMTP encryption on ESA
Compare and contrast different LDAP query types on ESA
Describe, implement, and troubleshoot WCCP redirection
Compare and contrast different proxy methods such as SOCKS, Auto proxy/WPAD, and transparent
Describe, implement, and troubleshoot HTTPS decryption and DLP
Describe, implement, and troubleshoot CWS connectors on Cisco IOS routers, Cisco ASA, Cisco AnyConnect, and WSA
Describe the security benefits of leveraging the OpenDNS solution
Describe, implement, and troubleshoot SMA for centralized content security management
Describe the security benefits of leveraging Lancope
Secure Connectivity and Segmentation
Compare and contrast security protocols such as ISAKMP/IKEv , IKEv , SSL, TLS/DTLS, ESP, AH, SAP, and MKA
Describe, implementc and troubleshoot remote access VPN using technologies such as FLEXVPN, SSL-VPN between Cisco firewalls, routers, and end hosts
Describe, implement, and troubleshoot the Cisco IOS CA for VPN authentication
Describe, implement, and troubleshoot clientless SSL VPN technologies with DAP and smart tunnels on Cisco ASA and Cisco FTD
Describe, implement, and troubleshoot site-to-site VPNs such as GETVPN, DMVPN and IPsec
Describe, implement, and troubleshoot uplink and downlink MACsec ( AE)
Describe, implement, and troubleshoot VPN high availability using Cisco ASA VPN clustering and dual-hub DMVPN deployments
Describe the functions and security implications of cryptographic protocols such as AES, DES, DES, ECC, SHA, MD , ISAKMP/IKEv , IKEv , SSL, TLS/DTLS, ESP, AH, SAP, MKA, RSA, SCEP/EST, GDOI, X , WPA, WPA , WEP, and TKIP
Describe the security benefits of network segmentation and isolation
Describe, implement, and troubleshoot VRF-Lite and VRF-Aware VPN
Describe, implement, and troubleshoot microsegmentation with TrustSec using SGT and SXP
Describe, implement, and troubleshoot infrastructure segmentation methods such as VLAN, PVLAN, and GRE
Describe the functionality of Cisco VSG used to secure virtual environments
Describe the security benefits of data center segmentation using ACI, EVPN, VXLAN, and NVGRE
Identity Management, Information Exchange, and Access Control
Describe, implement, and troubleshoot various personas of ISE in a multinode deployment
Describe, implement, and troubleshoot network access device (NAD), ISE, and ACS configuration for AAA
Describe, implement, and troubleshoot AAA for administrative access to Cisco network devices using ISE and ACS
Describe, implement, verify, and troubleshoot AAA for network access with X and MAB using ISE
Describe, implement, verify, and troubleshoot cut-through proxy/auth-proxy using ISE as the AAA server
Describe, implement, verify, and troubleshoot guest life cycle management using ISE and Cisco network infrastructure
Describe, implement, verify, and troubleshoot BYOD on-boarding and network access flows with an internal or external CA
Describe, implement, verify, and troubleshoot ISE and ACS integration with external identity sources such as LDAP, AD, and external RADIUS
Describe ISE and ACS integration with external identity sources such as RADIUS Token, RSA SecurID, and SAML
Describe, implement, verify, and troubleshoot provisioning of AnyConnect with ISE and ASA
Describe, implement, verify, and troubleshoot posture assessment with ISE
Describe, implement, verify, and troubleshoot endpoint profiling using ISE and Cisco network infrastructure including device sensor
Describe, implement, verify, and troubleshoot integration of MDM with ISE
Describe, implement, verify, and troubleshoot certificate based authentication using ISE
Describe, implement, verify, and troubleshoot authentication methods such as EAP Chaining and Machine Access Restriction (MAR)
Describe the functions and security implications of AAA protocols such as RADIUS, TACACS+, LDAP/LDAPS, EAP (EAP-PEAP, EAP-TLS, EAP-TTLS, EAP-FAST, EAP-TEAP, EAP- MD , EAP-GTC), PAP, CHAP, and MS-CHAPv
Describe, implement, and troubleshoot identity mapping on ASA, ISE, WSA and FirePOWER
Describe, implement, and troubleshoot pxGrid between security devices such as WSA, ISE, and Cisco FMC
Infrastructure Security, Virtualization, and Automation
Identify common attacks such as Smurf, VLAN hopping, and SYNful knock, and their mitigation techniques
Describe, implement, and troubleshoot device hardening techniques and control plane protection methods, such as CoPP and IP Source routing
Describe, implement, and troubleshoot management plane protection techniques such as CPU and memory thresholding and securing device access
Describe, implement, and troubleshoot data plane protection techniques such as iACLs, uRPF, QoS, and RTBH
Describe, implement, and troubleshoot IPv /v routing protocols security
Describe, implement, and troubleshoot Layer security techniques such as DAI, IPDT, STP security, port security, DHCP snooping, and VACL
Describe, implement, and troubleshoot wireless security technologies such as WPA, WPA , TKIP, and AES
Describe wireless security concepts such as FLEX Connect, wIPS, ANCHOR, Rogue AP, and Management Frame Protection (MFP)
Describe, implement, and troubleshoot monitoring protocols such as NETFLOW/IPFIX, SNMP, SYSLOG, RMON, NSEL, and eSTREAMER
Describe the functions and security implications of application protocols such as SSH, TELNET, TFTP, HTTP/HTTPS, SCP, SFTP/FTP, PGP, DNS/DNSSEC, NTP, and DHCP
Describe the functions and security implications of network protocols such as VTP, Q, TCP/UDP, CDP, LACP/PAgP, BGP, EIGRP, OSPF/OSPFv , RIP/RIPng, IGMP/CGMP, PIM, IPv , and WCCP
Describe the benefits of virtualizing security functions in the data center using ASAv, WSAv, ESAv, and NGIPSv
Describe the security principles of ACI such as object models, endpoint groups, policy enforcement, application network profiles, and contracts
Describe the northbound and southbound APIs of SDN controllers such as APIC-EM
Identify and implement security features to comply with organizational security policies, procedures, and standards such as BCP , ISO , RFC , and PCI-DSS
Describe and identify key threats to different places in the network (campus, data center, core, edge) as described in Cisco SAFE
Validate network security design for adherence to Cisco SAFE recommended practices
Interpret basic scripts that can retrieve and send data using RESTful API calls in scripting languages such as Python
Describe Cisco Digital Network Architecture (DNA) principles and components
