Home > Articles > Cisco > CCIE

  • Print
  • + Share This
From the author of 4.0 Infrastructure Security 5%

4.0 Infrastructure Security 5%

4.1 Device security

  • 4.1.a Implement and troubleshoot IOS AAA using local database
  • 4.1.b Implement and troubleshoot device access control
    • 4.1.b [i] Lines (VTY, AUX, console)
    • 4.1.b [ii] SNMP
    • 4.1.b [iii] Management plane protection
    • 4.1.b [iv] Password encryption
  • 4.1.c Implement and troubleshoot control plane policing

4.2 Network security

  • 4.2.a Implement and troubleshoot switch security features
    • 4.2.a [i] VACL, PACL
    • 4.2.a [ii] Stormcontrol
    • 4.2.a [iii] DHCP snooping
    • 4.2.a [iv] IP source-guard
    • 4.2.a [v] Dynamic ARP inspection
    • 4.2.a [vi] Port-security
    • 4.2.a [vii] Private VLAN
  • 4.2.b Implement and troubleshoot router security features
    • 4.2.b [i] IPv4 access control lists (standard, extended, time-based)
    • 4.2.b [ii] IPv6 traffic filter
    • 4.2.b [iii] Unicast reverse path forwarding
  • 4.2.c Implement and troubleshoot IPv6 first hop security
    • 4.2.c [i] RA guard
    • 4.2.c [ii] DHCP guard
    • 4.2.c [iii] Binding table
    • 4.2.c [iv] Device tracking
    • 4.2.c [v] ND inspection/snooping
    • 4.2.c [vi] Source guard
    • 4.2.c [vii] PACL

4.3 Troubleshooting infrastructure security

  • 4.3.a Use IOS troubleshooting tools
    • 4.3.a [i] debug, conditional debug
    • 4.3.a [ii] ping, traceroute with extended options
    • 4.3.a [iii] Embedded packet capture
  • 4.3.b Apply troubleshooting methodologies
    • 4.3.b [i] Diagnose the root cause of networking issue (analyze symptoms, identify and describe root cause)
    • 4.3.b [ii] Design and implement valid solutions according to constraints
    • 4.3.b [iii] Verify and monitor resolution
  • 4.3.c Interpret packet capture
    • 4.3.c [i] Using wireshark trace analyzer
    • 4.3.c [ii] Using IOS embedded packet capture
  • + Share This
  • 🔖 Save To Your Account