Cisco Network Tips: CCNA® Security Certification

CCNA® Security Certification

CCNA Security is a job role based certification for Security Specialists, Security Administrators, and Network Security Support Engineers. This certification validates skills including installation, troubleshooting and monitoring of network devices to maintain integrity, confidentiality and availability of data and devices and develops competency in the technologies that Cisco uses in its security structure.

Students completing the recommended Cisco training will gain an introduction to security technologies as well as how to develop security policies and mitigate risks. IT organizations that employ CCNA Security-holders will have IT staff that can develop a security infrastructure, recognize threats and vulnerabilities to networks, and mitigate security threats.

Prerequisites

Valid CCNA or any CCIE Certification can act as a prerequisite.

Exams & Recommended Training

640-554 IINS Implementing Cisco IOS Network Security (IINS v2.0)

Recertification

CCNA Security
CCNA Security certifications are valid for three years. To recertify, pass ONE of the following before the certification expiration date: Pass any current CCNA Concentration exam (wireless, or security, or voice, or SP Ops), or Pass any current 642-XXX Professional level exam, or Pass any current Cisco Specialist exam (excluding Sales Specialist exams or MeetingPlace Specialist exams, Implementing Cisco Telepresence Installations (ITI) exams, Cisco Leading Virtual Classroom Instruction exams, or any 650 online exams), or Pass any current CCIE Written Exam, or Pass the current CCDE Written Exam OR current CCDE Practical Exam, or Pass the Cisco Certified Architect (CCAr) interview AND the CCAr board review to extend lower certifications. 640-554 IINS Exam Topics Exam Description The 640-554 Implementing Cisco IOS Network Security (IINS) exam is associated with the CCNA Security certification. This exam tests a candidate's knowledge of securing Cisco routers and switches and their associated networks. It leads to validated skills for installation, troubleshooting and monitoring of network devices to maintain integrity, confidentiality and availability of data and devices and develops competency in the technologies that Cisco uses in its security infrastructure. Candidates can prepare for this exam by taking the Implementing Cisco IOS Network Security (IINS) course. Exam Topics The following topics are general guidelines for the content likely to be included on the Implementing Cisco IOS Network Security (IINS) exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice. Common Security Threats Describe common security threats Security and Cisco Routers Implement security on Cisco routers Describe securing the control, data, and management plane Describe Cisco Security Manager Describe IPv4 to IPv6 transition AAA on Cisco Devices Implement AAA (authentication, authorization, and accounting) Describe TACACS+ Describe RADIUS Describe AAA Verify AAA functionality IOS ACLs Describe standard, extended, and named IP IOS access control lists (ACLs) to filter packets Describe considerations when building ACLs Implement IP ACLs to mitigate threats in a network Secure Network Management and Reporting Describe secure network management Implement secure network management Common Layer 2 Attacks Describe Layer 2 security using Cisco switches Describe VLAN security Implement VLANs and trunking Implement spanning tree Cisco Firewall Technologies Describe operational strengths and weaknesses of the different firewall technologies Describe stateful firewalls Describe the types of NAT used in firewall technologies Implement zone-based policy firewall using CCP Implement the Cisco Adaptive Security Appliance (ASA) Implement Network Address Translation (NAT) and Port Address Translation (PAT) Cisco IPS Describe Cisco Intrusion Prevention System (IPS) deployment considerations Describe IPS technologies Configure Cisco IOS IPS using CCP VPN Technologies Describe the different methods used in cryptography Describe VPN technologies Describe the building blocks of IPSec Implement an IOS IPSec site-to-site VPN with pre-shared key authentication Verify VPN operations Implement Secure Sockets Layer (SSL) VPN using ASA device manager

CCNA Security

CCNA Security certifications are valid for three years. To recertify, pass ONE of the following before the certification expiration date:

Pass any current CCNA Concentration exam (wireless, or security, or voice, or SP Ops), or
Pass any current 642-XXX Professional level exam, or
Pass any current Cisco Specialist exam (excluding Sales Specialist exams or MeetingPlace Specialist exams, Implementing Cisco Telepresence Installations (ITI) exams, Cisco Leading Virtual Classroom Instruction exams, or any 650 online exams), or
Pass any current CCIE Written Exam, or
Pass the current CCDE Written Exam OR current CCDE Practical Exam, or
Pass the Cisco Certified Architect (CCAr) interview AND the CCAr board review to extend lower certifications.

640-554 IINS Exam Topics

Exam Description

The 640-554 Implementing Cisco IOS Network Security (IINS) exam is associated with the CCNA Security certification. This exam tests a candidate's knowledge of securing Cisco routers and switches and their associated networks. It leads to validated skills for installation, troubleshooting and monitoring of network devices to maintain integrity, confidentiality and availability of data and devices and develops competency in the technologies that Cisco uses in its security infrastructure.

Candidates can prepare for this exam by taking the Implementing Cisco IOS Network Security (IINS) course.

Exam Topics

The following topics are general guidelines for the content likely to be included on the Implementing Cisco IOS Network Security (IINS) exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

Common Security Threats

Describe common security threats

Security and Cisco Routers

Implement security on Cisco routers
Describe securing the control, data, and management plane
Describe Cisco Security Manager
Describe IPv4 to IPv6 transition

AAA on Cisco Devices

Implement AAA (authentication, authorization, and accounting)
Describe TACACS+
Describe RADIUS
Describe AAA
Verify AAA functionality

IOS ACLs

Describe standard, extended, and named IP IOS access control lists (ACLs) to filter packets
Describe considerations when building ACLs
Implement IP ACLs to mitigate threats in a network

Secure Network Management and Reporting

Describe secure network management
Implement secure network management

Common Layer 2 Attacks

Describe Layer 2 security using Cisco switches
Describe VLAN security
Implement VLANs and trunking
Implement spanning tree

Cisco Firewall Technologies

Describe operational strengths and weaknesses of the different firewall technologies
Describe stateful firewalls
Describe the types of NAT used in firewall technologies
Implement zone-based policy firewall using CCP
Implement the Cisco Adaptive Security Appliance (ASA)
Implement Network Address Translation (NAT) and Port Address Translation (PAT)

Cisco IPS

Describe Cisco Intrusion Prevention System (IPS) deployment considerations
Describe IPS technologies
Configure Cisco IOS IPS using CCP

VPN Technologies

Describe the different methods used in cryptography
Describe VPN technologies
Describe the building blocks of IPSec
Implement an IOS IPSec site-to-site VPN with pre-shared key authentication
Verify VPN operations
Implement Secure Sockets Layer (SSL) VPN using ASA device manager

Cisco Network Tips

Sunday, November 18, 2012

CCNA® Security Certification