Note:

  • CCIE Security 350-018 exam will be retired on January 30, 2017, the new exam is 400-251.
  • CCNA Data Center 640-911 DCICN exam will be retired on April 11, 2017.
  • CCNA Data Center 640-916 DCICT exam will be retired on April 11, 2017.
  • CCNP Data Center 642-035 DCUCT exam will be retired on July 3, 2017.
  • CCNP Data Center 642-980 DCUFT exam will be retired on July 3, 2017.
  • CCNP Data Center 642-996 DCUFD exam will be retired on July 3, 2017.
  • CCNP Data Center 642-997 DCUFI exam will be retired on July 3, 2017.
  • CCNP Data Center 642-998 DCUCD exam will be retired on July 3, 2017.
  • CCNP Data Center 642-999 DCUCI exam will be retired on July 3, 2017.
  • The new CCNP Data Center certification required exams are 300-180 DCIT, 300-165 DCII, 300-160 DCID, 300-175 DCUCI and 300-170 DCVAI exams.

Tag Archives: 640-554 Implementing Cisco IOS Network Security (IINS) exam

30 Mar

640-554 IINS Implementing Cisco IOS Network Security

IINS Implementing Cisco IOS Network Security is the exam name of 640-554 test. There are 55-65 questions in real Cisco 640-554 exam, which will take the candidates 90 minutes to complete the test. The available languages are English and Japanese. Candidates can register Cisco 640-554 exam at Pearson VUE testing center.

The 640-554 Implementing Cisco IOS Network Security (IINS) exam is associated with the CCNA Security certification. Cisco 640-554 exam tests a candidate’s knowledge of securing Cisco routers and switches and their associated networks.It leads to validated skills for installation, troubleshooting and monitoring of network devices to maintain integrity, confidentiality and availability of data and devices and develops competency in the technologies that Cisco uses in its security infrastructure.

Cisco 640-554 IINS Free Online Test

Knowing Cisco 640-554 IINS exam topics are valuable in your preparation.

11% 1.0 Common Security Threats

1.1 Describe common security threats
1.1.a Common threats to the physical installation
1.1.b Mitigation methods for common network attacks
1.1.c Email-based threats
1.1.d Web-based attacks
1.1.e Mitigation methods for Worm, Virus, and Trojan Horse attacks
1.1.f Phases of a secure network lifecycle
1.1.g Security needs of a typical enterprise with a comprehensive security policy
1.1.h Mobile/remote security
1.1.i DLP

8% 2.0 Security and Cisco Routers

2.1 Implement security on Cisco routers
2.1.a CCP Security Audit feature
2.1.b CCP One-Step Lockdown feature
2.1.c Secure router access using strong encrypted passwords, and using IOS login enhancements, IPV6 security
2.1.d Multiple privilege levels
2.1.e Role-Based CLI
2.1.f Cisco IOS image and configuration files
2.2 Describe securing the control, data, and management plane
2.3 Describe CSM
2.4 Describe IPv4 to IPv6 transition
2.4.a Reasons for IPv6
2.4.b Understanding IPv6 addressing
2.4.c Assigning IPv6 addresses
2.4.d Routing considerations for IPv6

11% 3.0 AAA on Cisco Devices

3.1 Implement AAA (authentication, authorization, and accounting)
3.1a AAA using CCP on routers
3.1b AAA using CLI on routers and switches
3.1c AAA on ASA
3.2 Describe TACACS+
3.3 Describe RADIUS
3.4 Describe AAA
3.4.a Authentication
3.4.b Authroization
3.4.c Accounting

12% 4.0 IOS ACLs

4.1 Describe standard, extended, and named IP IOS ACLs to filter packets
4.1.a IPv4
4.1.b IPv6
4.1.c Object groups
4.1.d ACL operations
4.1.e Types of ACLs (dynamic, reflexive, time-based ACLs)
4.1.f ACL wild card masking
4.1.g Standard ACLs
4.1.h Extended ACLs
4.1.i Named ACLs
4.1.j VLSM
4.2 Describe considerations when building ACLs
4.2.a Sequencing of ACEs
4.2.b Modification of ACEs
4.3 Implement IP ACLs to mitigate threats in a network
4.3.a Filter IP traffic
4.3.b SNMP
4.3.c DDoS attacks
4.3.d CLI
4.3.e CCP
4.3.f IP ACLs to prevent IP spoofing
4.3.g VACLs

10% 5.0 Secure Network Management and Reporting

5.1 Describe secure network management
5.1.a In-band
5.1.b Out of band
5.1.c Management protocols
5.1.d Management enclave
5.1.e Management plane
5.2 Implement secure network management
5.2.a SSH
5.2.b Syslog
5.2.c SNMP
5.2.d NTP
5.2.e SCP
5.2.f CLI
5.2.g CCP
5.2.h SSL

12% 6.0 Common Layer 2 Attacks

6.1 Describe Layer 2 security using Cisco switches
6.1.a STP attacks
6.1.b ARP spoofing
6.1.c MAC spoofing
6.1.d CAM overflows
6.1.e CDP/LLDP
6.2 Describe VLAN security
6.2.a Voice VLAN
6.2.b PVLAN
6.2.c VLAN hopping
6.2.d Native VLAN
6.3 Implement VLANs and trunking
6.3.a VLAN definition
6.3.b Grouping functions into VLANs
6.3.c Considering traffic source to destination paths
6.3.d Trunking
6.3.e Native VLAN
6.3.f VLAN Trunking Protocols
6.3.g Inter-VLAN Routing
6.4 Implement spanning tree
6.4.a Potential issues with redundant switch topologies
6.4.b STP operations
6.4.c Resolving issues with STP

13% 7.0 Cisco Firewall Technologies

7.1 Describe operational strengths and weaknesses of the different firewall technologies
7.1.a Proxy firewalls
7.1.b Packet and stateful packet
7.1.c Application firewall
7.1.d Personal firewall
7.2 Describe stateful firewalls
7.2.a Operations
7.2.b Function of the state table
7.3 Describe the types of NAT used in firewall technologies
7.3.a Static
7.3.b Dynamic
7.3.c PAT
7.4 Implement zone based policy firewall using CCP
7.4.a Zone to zone
7.4.b Self zone
7.5 Implement the Cisco Adaptive Security Appliance (ASA)
7.5.a NAT
7.5.b ACL
7.5.c Default MPF
7.5.d Cisco ASA sec level
7.6 Implement Network Address Translation (NAT) and Port Address Translation (PAT)
7.6.a Functions of NAT, PAT, and NAT Overload
7.6.b Translating Inside Source addresses
7.6.c Overloading Inside global addresses

11% 8.0 Cisco IPS

8.1 Describe Intrusion Prevention System (IPS) deployment considerations
8.1.a SPAN
8.1.b IPS product portfolio
8.1.c Placement
8.1.d Caveats
8.2 Describe IPS technologies
8.2.a Attack responses
8.2.b Monitoring options
8.2.c Syslog
8.2.d SDEE
8.2.e Signature engines
8.2.f Signatures
8.2.g Global correlation and SIO
8.2.h Network-based
8.2.i Host-based
8.3 Configure Cisco IOS IPS using CCP
8.3.a Logging
8.3.b Signatures

12% 9.0 VPN Technologies

9.1 Describe the different methods used in cryptography
9.1.a Symmetric
9.1.b Asymetric
9.1.c HMAC
9.1.d Message digest
9.1.e PKI
9.2 Describe VPN technologies
9.2.a IPsec
9.2.b SSL
9.3 Describe the building blocks of IPSec
9.3.a IKE
9.3.b ESP
9.3.c AH
9.3.d Tunnel mode
9.3.e Transport mode
9.4 Implement an IOS IPSec site-to-site VPN with pre-shared key authentication
9.4.a CCP
9.4.b CLI
9.5 Verify VPN operations
9.6 Implement SSL VPN using ASA device manager
9.6.a Clientless
9.6.b AnyConnect


Recent Posts


Tags

and/or Remove an End-Device and/or Remove an Infrastructure Device and/or Remove Cables (network and/or power) Cisco 642-997 DCUFI exam Cisco 642-999 DCUCI exam Configure Cisco Unity Connection Configure Cisco Unity Express using the GUI Describe and implement centralized call processing redundancy Describe Data Center Structure and Modularity Describe the Design Methodology Describe the Technologies used within the Data Center Describe WLAN Fundamentals Design and Deploy WLAN Infrastructure for Mobility Design Network Management Considerations into a Data Center Design the Access Layer of a Data Center General Networking Knowledge given a Network Design and a set of Requirements High Availability Routing Features Identify Cisco Equipment and Related Hardware Implement high availability features on Cisco Unified Fabric products in a Cisco Data Center Architecture Implement Multicast over Wireless Implement QoS for Wireless Applications Implement VoWLAN Infrastructure Security Infrastructure Services Install Integrate Client Device Security IP Services LAN Switching Technologies Layer 2 Technologies Layer 3 Technologies Maintain Appropriate End-Devices and Industrial Network Infrastructure Devices Manage the Unified Fabric in a Cisco Data Center Architecture Monitoring and Reporting Tools Network Principles Replace Service-Related Knowledge Threat Defense Threat Defense Architectures Troubleshoot Call Setup Issues Troubleshooting Troubleshoot Registration Issues UCS Compute Troubleshooting VPN Technologies WAN Technologies

Links

Powered by CCNP Exams Test Base