Project Description

Infrastructure Security, Virtualization, and Automation

  • 5.1          Identify common attacks such as Smurf, VLAN hopping, and SYNful knock, and their mitigation techniques
  • 5.2          Describe, implement, and troubleshoot device hardening techniques and control plane protection methods, such as CoPP and IP Source routing.
  • 5.3          Describe, implement, and troubleshoot management plane protection techniques such as CPU and memory thresholding and securing device access
  • 5.4          Describe, implement, and troubleshoot data plane protection techniques such as iACLs, uRPF, QoS, and RTBH
  • 5.5         Describe, implement, and troubleshoot IPv4/v6 routing protocols security
  • 5.6          Describe, implement, and troubleshoot Layer 2 security techniques such as DAI, IPDT, STP security, port security, DHCP snooping, and VACL
  • 5.7          Describe, implement, and troubleshoot wireless security technologies such as WPA, WPA2, TKIP, and AES
  • 5.8          Describe wireless security concepts such as FLEX Connect, wIPS, ANCHOR, Rogue AP, and Management Frame Protection (MFP)
  • 5.9          Describe, implement, and troubleshoot monitoring protocols such as NETFLOW/IPFIX, SNMP, SYSLOG, RMON, NSEL, and eSTREAMER
  • 5.10        Describe the functions and security implications of application protocols such as SSH, TELNET, TFTP, HTTP/HTTPS, SCP, SFTP/FTP, PGP, DNS/DNSSEC, NTP, and DHCP
  • 5.11      Describe the functions and security implications of network protocols such as VTP, 802.1Q, TCP/UDP, CDP, LACP/PAgP, BGP, EIGRP, OSPF/OSPFv3, RIP/RIPng, IGMP/CGMP, PIM, IPv6, and WCCP
  • 5.12        Describe the benefits of virtualizing security functions in the data center using ASAv, WSAv, ESAv, and NGIPSv
  • 5.13        Describe the security principles of ACI such as object models, endpoint groups, policy enforcement, application network profiles, and contracts
  • 5.14      Describe the northbound and southbound APIs of SDN controllers such as APIC-EM
  • 5.15        Identify and implement security features to comply with organizational security policies, procedures, and standards such as BCP 38, ISO 27001, RFC 2827, and PCI-DSS
  • 5.16        Describe and identify key threats to different places in the network (campus, data center, core, edge) as described in Cisco SAFE
  • 5.17      Validate network security design for adherence to Cisco SAFE recommended practices
  • 5.18        Interpret basic scripts that can retrieve and send data using RESTful API calls in scripting languages such as Python
  •  5.19      Describe Cisco Digital Network Architecture (DNA) principles and components.