The Implementing Advanced Cisco Unified Wireless Security exam is the exam associated with the CCNP Wireless certification. This Cisco 642-737 IAUWS exam assesses a candidate’s capability to secure the wireless network from security threats via appropriate security policies and best practices, to properly implement security standards, and to properly configure wireless security components.

Implementing Advanced Cisco Unified Wireless Security is the full name of 642-737 IAUWS test. The Associated Certification is CCNP Wireless. There are 50-60 questions in real Cisco 642-737 IAUWS exam, which will take the candidates 90 minutes to complete the test. The available languages are English and Japanese. Candidates can register Cisco 642-737 IAUWS exam at Pearson VUE testing center.

It is important for the candidates to know Cisco 642-737 IAUWS exam topics.

22% 1.0 Integrate Client Device Security

1.1 Describe Extensible Authentication Protocol (EAP) authentication process
1.2 Configure client for secure EAP authentication
1.3 Configure the AnyConnect client
1.4 Describe the impact of security configurations on application and client roaming
1.5 Troubleshoot client wireless authentication issues
1.5.a Packet analyzers
1.5.b Debugs
1.5.c Logs
1.5.d Cisco Wireless Control System (WCS)
1.5.e Access Control Server (ACS)
1.6 Identify client security risks
1.6.a driver update
1.6.b MS hot fixes

11% 2.0 Design and Integrate Wireless Network with NAC

2.1 Describe the architectures
2.1.a inband
2.1.b out-of-band
2.1.c agent vs. agentless
2.1.d Cisco Network Admission Control (NAC) appliance
2.2 Describe the high-level authentication process flow
2.2.a CAS
2.2.b CAM
2.2.d Wireless LAN controller (WLC)
2.2.e External authentication sources
2.3 Configure the WLC for Network Access Controller (NAC)
2.4 Verify wireless authentication with NAC

22% 3.0 Implement Secure Wireless Connectivity Services

3.1 Configure authentication
3.1.a Controller Local EAP with or without external Lightweight B. Directory Access
3.1.b Protocol (LDAP) database
3.1.c Client authentication on H-REAP access points (APs)
3.1.d 802.1X authentication for AP authentication to the switch
3.2 Configure autonomous AP for RADIUS authentication
3.3 Configure management frame protection on clients, APs and controllers
3.4 Configure IBN
3.4.a RADIUS based VLAN and ACLs
3.4.b AAA override
3.5 Define ACS parameters for integration with wireless network
3.6 Define client and server-side digital certificate requirements
3.7 Implement ACLs on controller
3.7.a CPU ACLs
3.7.b WLAN, interface, and client identity ACL
3.8 Troubleshoot secure wireless connectivity services
3.8.a Packet analyzers, debugs, logs, WCS, and ACS
3.8.b Verify firewall ports
3.8.c ACS and Controller authorization and authentication for clients

12% 4.0 Design and implement Guest Access Service

4.1 Describe the architectures for guest access services
4.1.a VLAN-based
4.1.b Anchor, DMZ, redundancy, and scaling
4.1.c NAC guest server
4.1.d Wired guest access
4.1.e Bandwidth limiting
4.2 Configure guest access accounts
4.2.a Lobby ambassador (controller and WCS-based)
4.2.b Guest roles
4.3 Configure controller web authentication
4.3.a Pass through
4.3.b Internal and external
4.3.c Authentication (local/RADIUS)
4.3.d Custom splash page (internal, external, and per WLAN)
4.3.e Understand design considerations (DNS, proxy)
4.3.f Pre-authentication ACL
4.3.g Wired guest access
4.3.h Install third party certificate on controller
4.4 Configure the anchor and internal controllers
4.5 Troubleshoot guest access issues
4.5.a Packet analyzers, debugs, logs, WCS, and ACS
4.5.b Verify firewall ports
4.5.c Mping and eping
4.5.d Proxies

11% 5.0 Translate Organizational and Regulatory Security Policies and Enforce Security Compliances

5.1 Describe Regulatory Compliance Considerations, such as HIPAA, PCI, SOX, and FERPA
5.1.a HIPAA
5.1.b PCI
5.1.c SOX
5.1.d FERPA
5.2 Segment traffic into different VLANs, based upon
5.2.a Security
5.2.b Application
5.2.c QoS
5.3 Configure administration security on controller and WCS
5.3.a TACACS+ and ACS integration
5.3.b Local
5.3.c RADIUS and AAA server integration
5.3.d Access point administration credential
5.3.e Admin roles
5.4 Manage WLC and WCS alarms
5.4.a SNMP and Trap receivers
5.4.b Syslog
5.4.c SMTP
5.4.d ACS log
5.4.e Modify WCS alarm levels
5.5 Utilize security audit tools
5.5.a Packet captures
5.5.b Penetration testing
5.5.c Third-party software (AirMagnet AirWise)
5.5.d PCI Audit tool in WCS

11% 6.0 Configure Native WLC security Feature Sets – IPS/IDS

6.1 Utilize WCS or controller for IDS and threat mitigation strategies
6.1.a Signature
6.1.b Custom signature
6.1.c Rogue classification management and (auto) containment
6.1.d Rogue reporting/location (WCS only)
6.1.e Switchport tracing (WCS only)
6.1.f Integrate Cisco spectrum expert to WCS
6.1.g Client exclusion
6.1.h CleanAir
6.2 Identify and mitigate wireless vulnerabilities
6.2.a Wireless packet injection (can’t be mitigated)
6.2.b Client misconfiguration
6.2.c DoS (RF jamming)
6.2.d Anomalous behavior attacks (association and authentication attacks)
6.2.e Signature attacks (NetStumbler and undetectable at this time
6.2.f Eavesdropping (wild packets and Honeypot)
6.2.g Hijacking/mimicry (evil Twin and HoneyPotting)
6.2.h Social engineering (human attack)

11% 7.0 Integrate Wireless Network with Advanced Security Platforms

7.1 Describe end-to-end security Solutions of Cisco and how they Integrate with the Cisco Wireless Solutions
7.1.a AnyConnect 3.0 and above
7.1.b NAC appliance
7.1.c NAC guest server
7.1.d Wired IPS
7.1.e ACS
7.2 Describe the CUWN firewall port configuration requirements
7.2.a Access control lists (ACLs)
7.2.b IP port pass-through
7.2.c DMZ
7.3 Configure the controller for wired IPS/IDS
7.4 Configure wireless Intrusion Prevention System (IPS) (MSE)

Related resource: