The lab is comprised of a number of major security areas with the possibility of a varying array of tasks, some of which may be more difficult than others, depending on the individual candidate. More detailed information is available on the lab blueprint but the following outlines the major security focus areas and some, but not all, task options.
- Firewall: Implement secure networks using ASA and Cisco IOS-based firewalls. This would include any service (NAT for example) available on these devices and understand the various modes applicable for them: transparent, multi-context, routed. High availability deployments are also important.
- VPN: Implement secure networks using Cisco Virtual Private Network services, which could include any of the following concepts: IPsec, SSL, any VPN capable Cisco device, PKI, VPN solutions such as EZVPN, DMVPN and GETVPN, L2TP, and other advanced VPN features.
- IPS: Configure and manage Cisco Intrusion Prevention Services to mitigate network threats. Configure and tune IPS sensor appliances and Cisco IOS IPS. Initializing devices, implementing custom signatures, familiarity with promiscuous and inline modes.
- Identity Management: Implement network and device policy and access control using identity-based protocols such as RADIUS and TACACS+ in conjunction with technologies such as NAC, 802.1x, and digital certificates.
- Control and Management Plane security: Protect Cisco devices from attack, and establish secure administration, management audit/logging practices and policy, and routing plane security. Candidates should understand management protocols such as SNMP and syslog as well as AAA implementation, tuning router-and-switch performance and protection parameters, and disabling non-essential services.
- Advanced Security: Configure and monitor security-focused features and solutions that are proactively designed to protect against network attacks. Categories include anti-spoofing solutions, transit traffic controls, congestion management, packet capture, and Catalyst-specific security features.
- Identify and Mitigate Network Attacks: Understand the various types and forms of network and device exploitsprotocol, application, and reconnaissance-based, and configure features that identify and protect against attacks such as DoS, MiM, fragmentation, and spoofing.
The lab exam is eight hours in length and consists of configuring and troubleshooting security devices and solutions. This can seem like plenty of time, but organization is key. Time management is important, so have a plan of action. Initially, spend 15-20 minutes reading through the lab instructions and familiarizing yourself with the topology diagrams and the question flow and requirements.
Read the entire question. Some steps are dependent on others. Ensure that any initialization of devices is completed before moving to the next activity. You may not have time to return to previous questions due to time restrictions.
The major subject areas can appear to be self-contained, but remember that when configuring or troubleshooting, you may be dealing with a solution that requires interaction between various network elements and technologies. For example, troubleshooting DMVPN may require changes to IPsec/IKE, routing protocol manipulation, allowing traffic to pass through a firewall, or changes to an access policy on a router.