Project Description
Infrastructure Security, Virtualization, and Automation
- 5.1 Identify common attacks such as Smurf, VLAN hopping, and SYNful knock, and their mitigation techniques
- 5.2 Describe, implement, and troubleshoot device hardening techniques and control plane protection methods, such as CoPP and IP Source routing.
- 5.3 Describe, implement, and troubleshoot management plane protection techniques such as CPU and memory thresholding and securing device access
- 5.4 Describe, implement, and troubleshoot data plane protection techniques such as iACLs, uRPF, QoS, and RTBH
- 5.5 Describe, implement, and troubleshoot IPv4/v6 routing protocols security
- 5.6 Describe, implement, and troubleshoot Layer 2 security techniques such as DAI, IPDT, STP security, port security, DHCP snooping, and VACL
- 5.7 Describe, implement, and troubleshoot wireless security technologies such as WPA, WPA2, TKIP, and AES
- 5.8 Describe wireless security concepts such as FLEX Connect, wIPS, ANCHOR, Rogue AP, and Management Frame Protection (MFP)
- 5.9 Describe, implement, and troubleshoot monitoring protocols such as NETFLOW/IPFIX, SNMP, SYSLOG, RMON, NSEL, and eSTREAMER
- 5.10 Describe the functions and security implications of application protocols such as SSH, TELNET, TFTP, HTTP/HTTPS, SCP, SFTP/FTP, PGP, DNS/DNSSEC, NTP, and DHCP
- 5.11 Describe the functions and security implications of network protocols such as VTP, 802.1Q, TCP/UDP, CDP, LACP/PAgP, BGP, EIGRP, OSPF/OSPFv3, RIP/RIPng, IGMP/CGMP, PIM, IPv6, and WCCP
- 5.12 Describe the benefits of virtualizing security functions in the data center using ASAv, WSAv, ESAv, and NGIPSv
- 5.13 Describe the security principles of ACI such as object models, endpoint groups, policy enforcement, application network profiles, and contracts
- 5.14 Describe the northbound and southbound APIs of SDN controllers such as APIC-EM
- 5.15 Identify and implement security features to comply with organizational security policies, procedures, and standards such as BCP 38, ISO 27001, RFC 2827, and PCI-DSS
- 5.16 Describe and identify key threats to different places in the network (campus, data center, core, edge) as described in Cisco SAFE
- 5.17 Validate network security design for adherence to Cisco SAFE recommended practices
- 5.18 Interpret basic scripts that can retrieve and send data using RESTful API calls in scripting languages such as Python
- 5.19 Describe Cisco Digital Network Architecture (DNA) principles and components.