Project Description

Secure Connectivity and Segmentation

  • 3.1          Compare and contrast cryptographic and hash algorithms such as AES, DES, 3DES, ECC, SHA, and MD5
  • 3.2          Compare and contrast security protocols such as ISAKMP/IKEv1, IKEv2, SSL, TLS/DTLS, ESP, AH, SAP, and MKA
  • 3.3          Describe, implementc and troubleshoot remote access VPN using technologies such as FLEXVPN, SSL-VPN between Cisco firewalls, routers, and end hosts
  • 3.4        Describe, implement, and troubleshoot the Cisco IOS CA for VPN authentication
  • 3.5          Describe, implement, and troubleshoot clientless SSL VPN technologies with DAP and smart tunnels on Cisco ASA and Cisco FTD
  • 3.6          Describe, implement, and troubleshoot site-to-site VPNs such as GETVPN, DMVPN and IPsec
  • 3.7         Describe, implement, and troubleshoot uplink and downlink MACsec (802.1AE)
  • 3.8          Describe, implement, and troubleshoot VPN high availability using Cisco ASA VPN clustering and dual-hub DMVPN deployments
  • 3.9          Describe the functions and security implications of cryptographic protocols such as AES, DES, 3DES, ECC, SHA, MD5, ISAKMP/IKEv1, IKEv2, SSL, TLS/DTLS, ESP, AH, SAP, MKA, RSA, SCEP/EST, GDOI, X.509, WPA, WPA2, WEP, and TKIP
  • 3.10      Describe the security benefits of network segmentation and isolation
  • 3.11     Describe, implement, and troubleshoot VRF-Lite and VRF-Aware VPN
  • 3.12        Describe, implement, and troubleshoot microsegmentation with TrustSec using SGT and SXP
  • 3.13        Describe, implement, and troubleshoot infrastructure segmentation methods such as VLAN, PVLAN, and GRE
  •  3.14      Describe the functionality of Cisco VSG used to secure virtual environments
  • 3.15        Describe the security benefits of data center segmentation using ACI, EVPN, VXLAN, and NVGRE