Cisco CCIE Security Lab Certification ExamCisco CCIE Security LAB Exam... Continue Below To CCIE Exam Information, Cisco Articles, and CCIE Study Guides. The real Cisco CCIE Security LAB Exam has a duration of 8 hours to complete.
The CCIE security lab exam is an 8 hour, hands-on exam which requires you to configure a series of secure networks to given specifications. Knowledge of troubleshooting is an important skill and candidates are expected to diagnose and solve issues as part of the CCIE security lab exam. Point values and testing criteria are provided. The physical rack for Security is similar to the rack for Routing and Switching with the addition of the PIX, VPN concentrator, intrusion detection sensor and authentication server. All these objectives are designated from the Cisco.com website. Please note that the CCIE Security Lab exam topics and objectives may change without notice, since technologies are always changing.
CCIE Security Lab Exam Objectives:
Bridging and Switching
- Basic frame relay configuration
- Catalyst VLAN configuration
- Catalyst VTP configuration
- Port-VLAN assignments
- Catalyst management and security
- 802.1x
- Traffic control and congestion management
- Catalyst features and advanced catalyst configuration
IGP Routing
- OSPF, EIGRP and RIP configurations
- OSPF, EIGRP and RIP security
- PIX routing
- VPN3000 routing
- Route filtering, redistribution, summarization and other advanced IGP features
PIX Firewall
- Basic PIX configuration
- Management
- Address translation (NAT, global, static)
- ACL, conduit
- Routing
- Object groups
- VLANs
- AAA
- VPN
- DHCP
- PPPoE
- Filtering
- Fixup protocols
- Other advanced PIX features
BGP
- Basic IBGP, EBGP and BGP backbone configurations *
- BGP security
- Summarization, filtering and advanced BGP features
IP/IOS Features
- IP services
- QoS
- NAT/PAT
- NTP
- DHCP
- SNMP
- IOS features and user interfaces
- File management, system management and advanced IP/IOS features
AAA
- Tacacs+
- Radius
- Switch and router management
- PIX management
- VPN3000 management
- Proxy authentication
- Service authentication FTP, telnet, HTTP, other
- Advanced AAA features
VPN
- IPSec LAN-to-LAN (IOS/ PIX/ VPN3000)
- DMVPN
- Pre-shared
- CA (PKI)
- Remote access VPN (IOS/ PIX/ VPN3000)
- VPN3000 concentrator
- Unity client
- WebVPN
- EzVPN Hardware client (IOS/ PIX)
- Xauth, split-tunnel, RRI, NAT-T
- High availability
- IPSec redundancy
- QoS for VPN
- GRE, mGRE
- L2TP
- PPTP
- Advanced VPN features
IOS Firewall
- CBAC
- Audit
- Auth Proxy
- PAM
- Access control
- Performance tuning
- Advanced IOS firewall features
Advanced Security
- DoS/DDoS attacks
- Network/ Host attacks
- Packet marking techniques
- Mitigation techniques
- Security RFCs
- Service provider security
- Black holes, sink holes
- Access lists (standard, extended, named)
- Lock-and-Key access-list
- Reflexive access-list
- TCP intercept
- uRPF
- CAR
- NBAR
- Netflow
- 802.1x
- PBR
- Flooding
- Spoofing
- Policing
- Fragmentation
- Sniffer traces
- Device security and management (telnet, SSH, pwd, priv lvls)
- Other advanced features
Intrusion Detection System
- IDS sensor appliance 42XX
- Sensor configuration
- Signature tuning
- Shunning
- TCP resets
- Sensor features
- IDM
- IEV
- IOS IDS
- PIX IDS
- SPAN, RSPAN
- Advanced IDS features
Certification Articles
|
