Security Concepts
Network Security
Securing the Cloud
Content Security
Endpoint Protection and Detection
Secure Network Access, Visibility & Enforcement
Security Concepts
- Explain common threats against on-premises and cloud environments
- Compare common security vulnerabilities such as software bugs, weak and/or hardcoded passwords, SQL injection, missing encryption, buffer overflow, path traversal, cross-site scripting/forgery
- Describe functions of the cryptography components such as hashing, encryption, PKI, SSL, IPsec, NAT-T IPv4 for IPsec, pre-shared key and certificate-based authorization
- Compare site-to-site VPN and remote access VPN deployment types such as sVTI, IPsec, Cryptomap, DMVPN, FLEXVPN including high availability considerations, and AnyConnect
- Describe security intelligence authoring, sharing, and consumption
- Explain the role of the endpoint in protecting humans from phishing and social engineering attacks
- Explain North Bound and South Bound APIs in the SDN architecture
- Explain DNAC APIs for network provisioning, optimization, monitoring, and troubleshooting
- Interpret basic Python scripts used to call Cisco Security appliances APIs
Network Security
- Compare network security solutions that provide intrusion prevention and firewall capabilities
- Describe deployment models of network security solutions and architectures that provide intrusion prevention and firewall capabilities
- Describe the components, capabilities, and benefits of NetFlow and Flexible NetFlow records
- Configure and verify network infrastructure security methods (router, switch, wireless)
- Implement segmentation, access control policies, AVC, URL filtering, and malware protection
- Implement management options for network security solutions such as intrusion prevention and perimeter security (Single vs. multi-device manager, in-band vs. out-of-band, CDP, DNS, SCP, SFTP, and DHCP security and risks)
- Configure AAA for device and network access (authentication and authorization, TACACS+, RADIUS and RADIUS flows, accounting, and dACL)
- Configure secure network management of perimeter security and infrastructure devices (secure device management, SNMPv3, views, groups, users, authentication, and encryption, secure logging, and NTP with authentication)
- Configure and verify site-to-site VPN and remote access VPN
Securing the Cloud
- Identify security solutions for cloud environments
- Compare the customer vs. provider security responsibility for the different cloud service models
- Describe the concept of DevSecOps (CI/CD pipeline, container orchestration, and security
- Implement application and data security in cloud environments
- Identify security capabilities, deployment models, and policy management to secure the cloud
- Configure cloud logging and monitoring methodologies
- Describe the application and workload security concepts
Content Security
- Implement traffic redirection and capture methods
- Describe web proxy identity and authentication including transparent user identification
- Compare the components, capabilities, and benefits of local and cloud-based email and web solutions (ESA, CES, WSA)
- Configure and verify web and email security deployment methods to protect on-premises and remote users (inbound and outbound controls and policy management)
- Configure and verify email security features such as SPAM filtering, antimalware filtering, DLP, blacklisting, and email encryption
- Configure and verify secure internet gateway and web security features such as blacklisting, URL filtering, malware scanning, URL categorization, web application filtering, and TLS decryption
- Describe the components, capabilities, and benefits of Cisco Umbrella
- Configure and verify web security controls on Cisco Umbrella (identities, URL content settings, destination lists, and reporting)
Endpoint Protection and Detection
- Compare Endpoint Protection Platforms (EPP) and Endpoint Detection & Response (EDR) solutions
- Explain antimalware, retrospective security, Indication of Compromise (IOC), antivirus, dynamic file analysis, and endpoint-sourced telemetry
- Configure and verify outbreak control and quarantines to limit infection
- Describe justifications for endpoint-based security
- Describe the value of endpoint device management and asset inventory such as MDM
- Describe the uses and importance of a multifactor authentication (MFA) strategy
- Describe endpoint posture assessment solutions to ensure endpoint security
- Explain the importance of an endpoint patching strategy
Secure Network Access, Visibility & Enforcement
- Describe identity management and secure network access concepts such as guest services, profiling, posture assessment and BYOD
- Configure and verify network access device functionality such as 802.1X, MAB, WebAuth
- Describe network access with CoA
- Describe the benefits of device compliance and application control
- Explain exfiltration techniques (DNS tunneling, HTTPS, email, FTP/SSH/SCP/SFTP, ICMP, Messenger, IRC, NTP)
- Describe the benefits of network telemetry
- Describe the components, capabilities, and benefits of these security products and solutions