Validate
your skills with CCSP (Cisco
Certified
Security
Professional)
The CCSP certification (Cisco Certified Security Professional)
indicates advanced knowledge of securing Cisco networks. With a
CCSP, a network professional can secure and manage network
infrastructures to protect productivity and reduce costs. The
content emphasizes topics such as perimeter security, virtual
private networks, intrusion protection as well as how to combine
these technologies in a single, integrated network security
solution.
Get
started today!
.
(CCSP) Cisco Certified Security Professional Exams
642-501 Securing IOS Networks (SECUR)
642-521 Cisco PIX Firewall Advanced (CSPFA)
642-531
Cisco Security Intrusion Detection Systems (CSIDS)
642-511 Cisco Secure Virtual Private Networks
(CSVPN)
642-541 Cisco SAFE Implementation
(CSI)
------------------------------------------------------------------------------------------------------------------------------------------------
Exam
Number: 642-501
Associated Certifications: CCSP, Cisco Firewall, VPN and IDS
Specialists
Duration: 90 minutes (65-75 questions)
Available Language: English
Click
Here to Register:
Pearson VUE or
Prometric
Exam Description
The
Securing Cisco IOS Networks exam (SECUR 642-501) is one of the
exams associated with the Cisco Certified Security Professional,
Cisco Firewall Specialist, Cisco VPN Specialist, and Cisco IDS
Specialist certifications. Candidates can prepare for this exam
by taking the SECUR v1.1 course. This exam includes simulations
and tests a candidate's knowledge and ability to secure Cisco
IOS router networks. CCNA or CCDA recertification candidates who
pass the 642-501 exam will be considered recertified at the CCNA
or CCDA level.
Exam Topics
The
following information provides general guidelines for the
content likely to be included on this exam. However, other
related topics may also appear on any specific delivery of the
exam.
Basic
Cisco Router Security
 |
Secure
administrative access for Cisco routers |
|
|
Describe the components of a basic AAA implementation |
|
|
Test
the perimeter router AAA implementation using applicable
debug commands |
Advanced AAA Security for Cisco Router Networks
|
|
Describe the features and architecture of CSACS 3.0 for
Windows |
|
|
Configure the perimeter router to enable AAA processes to
use a TACACS remote service |
Cisco
Router Threat Mitigation
|
|
Disable
unused router services and interfaces |
|
|
Use
access lists to mitigate common router security threats |
Cisco
IOS Firewall CBAC Configuration
|
|
Define
the Cisco IOS Firewall and CBAC |
|
|
Configure CBAC |
Cisco
IOS Firewall Authentication Proxy Configuration
|
|
Describe how authentication proxy technology works |
|
|
Configure AAA on a Cisco IOS Firewall |
Cisco
IOS Firewall IDS Configuration
|
|
Name
the two types of signature implementations used by the Cisco
IOS Firewall IDS |
|
|
Initialize a Cisco IOS Firewall IDS router |
Building Basic IPSec Using Cisco Routers
|
|
Configure a Cisco router for IPSec using pre-shared keys |
|
|
Verify
the IKE and IPSec configuration |
|
|
Explain
the issues regarding configuring IPSec manually and using
RSA encrypted nonces |
Building Advanced IPSec VPNs Using Cisco Routers and
Certificate Authorities
|
|
Advanced IPSec VPNs using Cisco Routers and CAs |
Configuring Cisco Remote Access IPSec VPNs
|
|
Describe the Easy VPN Server |
Managing Enterprise VPN Routers
|
|
Managing Enterprise VPN Routers |
-------------------------------------------------------------------------------------------------------------------------------------
Exam
Number: 642-511
Associated Certifications: CCSP, Cisco VPN Specialist
Duration: 75 minutes (55-65 questions)
Available Language: English
Click
Here to Register:
Pearson VUE or
Prometric
Exam
Description
|
The
Cisco Secure Virtual Private Networks exam (CSVPN 642-511)
is one of the exams associated with the Cisco Certified
Security Professional and the Cisco VPN Specialist
certifications. Candidates can prepare for this exam by
taking the CSVPN v4.0 course. This exam includes
simulations and tests a candidate's knowledge and ability
to describe, configure, verify, and manage the Cisco VPN
3000 Concentrator, Cisco VPN Software Client, and Cisco
VPN 3002 Hardware Client feature set. CCNA or CCDA
recertification candidates who pass the 642-511 CSVPN exam
will be considered recertified at the CCNA or CCDA level.
|
Exam Topics
The
following information provides general guidelines for the
content likely to be included on this exam. However, other
related topics may also appear on any specific delivery of the
exam.
Overview of Virtual Private Networks and IPSec Technologies
|
|
Cisco
products enable a secure VPN |
|
|
IPSec
overview |
|
|
IPSec
protocol framework |
|
|
How
IPSec works |
Cisco
Virtual Private Network 3000 Concentrator Series Hardware
|
|
Overview of the Cisco VPN 3000 Concentrator Series |
|
|
Cisco
VPN 3000 Concentrator |
|
|
Cisco
VPN 3000 Concentrator Series Client support |
Configuring the Cisco VPN 3000 Series Concentrator for Remote
Access Using Pre-shared Keys
|
|
Overview of remote access using pre-shared keys |
|
|
Initial
configuration of the Cisco VPN 3000 Concentrator Series for
remote access |
|
|
Browser
configuration of the Cisco VPN 3000 Series Concentrator |
|
|
Configure users and groups |
|
|
More
in-depth configuration information |
|
|
Configure the Cisco Windows VPN Software Client |
Configure Cisco Virtual Private Network 3000 Series
Concentrator for Remote Access Using Digital Certificates
|
|
CA
support overview |
|
|
Certificate generation |
|
|
Validating certificates |
|
|
Configuring the Cisco VPN 3000 Concentrator Series for CA
support |
Configure the Cisco Virtual Private Network Firewall Feature
for IPSec Software Client
|
|
Overview of software client's firewall feature |
|
|
Software Client's Are You There feature |
|
|
Software Client's Central Policy Protection feature |
|
|
Software Client's firewall statistics |
|
|
Customizing firewall policy |
Configure the Cisco Virtual Private Network Client
Auto-Initiation Feature
|
|
Overview of the Cisco VPN Software Client auto-initiation |
|
|
Configure the Cisco VPN Software Client auto-initiation |
Monitor and Administer Cisco VPN 3000 Remote Access Networks
|
|
Monitoring |
|
|
Administration |
|
|
Bandwidth Management |
Configure the Cisco VPN 3002 Hardware Client for Remote Access
|
|
Cisco
VPN 3002 Hardware client remote access with pre-shared keys |
Configure the Cisco Virtual Private Network 3002 Hardware
Client
|
|
Overview of the Hardware Client interactive unit and user
authentication features |
|
|
Configuring the Hardware Client interactive unit
authentication feature |
|
|
Configuring the Hardware Client user authentication feature |
|
|
Monitoring the Hardware Client user statistics |
Configure the Cisco Virtual Private Network Client Backup
Server and Load Balancing
|
|
Configuring the Cisco VPN Client backup server feature |
|
|
Configuring the Cisco VPN Client load balancing feature |
|
|
Overview of the Cisco VPN Client Reverse Route Injection
feature |
Configure the Virtual Private Network 3002 Hardware Client for
Software Auto-Update
|
|
Overview and configuration of the VPN 3002 Hardware Client
software auto-update feature |
|
|
Monitoring the Cisco VPN 3002 Hardware Client software
auto-update feature |
Configure the Cisco Virtual Private Network 3000 Series
Concentrator for the IPSec Over UDP and IPSec Over TCP
|
|
Overview of Port Address Translation |
|
|
Configuring IPSec over UDP |
|
|
Configuring NAT-Transversal |
|
|
Configuring IPSec over TCP |
Cisco
Virtual Private Network 3000 Series Concentrator LAN-to-LAN
with Pre-Shared Keys
|
|
Cisco
VPN 3000 Series Concentrator IPSec LAN-to-LAN |
|
|
LAN-to-LAN configuration |
Cisco
Virtual Private Network 3000 Series Concentrator LAN-to-LAN
with NAT
|
|
LAN-to-LAN overview |
|
|
Configuring the Concentrator LAN-LAN NAT feature |
Cisco
Virtual Private Network 3000 Series Concentrator LAN-to-LAN
using Digital Certificates
|
|
Root
certificate installation |
|
|
Identify certificate installation |
Recommended
Training
Cisco
Secure Virtual Private Networks (CSVPN) v4.0 is
the recommended training for the Cisco Secure Virtual Private
Networks Exam.
------------------------------------------------------------------------------------------------------------------------------------------
Exam
Number: 642-521
Associated Certifications: CCSP, Cisco Firewall Specialist
Duration: 75 minutes (55-65 questions)
Available Language: English
Click
Here to Register:
Pearson VUE or
Prometric
Exam
Description
The Cisco
Secure PIX Firewall Advanced exam (CSPFA 642-521) is one of the
exams associated with the Cisco Certified Security Professional
and the Cisco Firewall Specialist certifications. Candidates can
prepare for this exam by taking the CSPFA v3.2 course. This exam
includes simulations and tests a candidate's knowledge and
ability to describe, configure, verify and manage the PIX
Firewall product family. CCNA or CCDA recertification candidates
who pass the 642-521 CSPFA exam will be considered recertified
at the CCNA or CCDA level.
Exam
Topics
The
following information provides general guidelines for the
content likely to be included on this exam. However, other
related topics may also appear on any specific delivery of the
exam.
Cisco
PIX Firewall Technology and Features
|
|
Firewalls |
|
|
PIX
Firewall models |
Cisco
PIX Firewall Family
|
|
PIX
Firewall models |
|
|
PIX
services module |
|
|
PIX
Firewall licensing |
Getting Started with the Cisco PIX Firewall
|
|
User
interface |
|
|
Examining the PIX Firewall status |
|
|
ASA
security levels |
|
|
Basic
PIX Firewall configuration |
|
|
Syslog
configuration |
|
|
DHCP
server configuration |
|
|
PPPoE
and the PIX Firewall |
Translations and Connections
|
|
Transport Protocols |
|
|
Network
Address Translation |
|
|
Configuring DNS Support |
|
|
Port
Address Translations |
Access
Control Lists and Content Filtering
|
|
ACLS |
|
|
Converting Conduits to ACLS |
|
|
Using
ACLS |
Object
Grouping
|
|
Overview of object grouping |
|
|
Getting
started with object groups |
|
|
Configuring object groups |
|
|
Nested
object groups |
Advanced Protocol Handling
|
|
Advanced protocols |
|
|
Multimedia support |
Attack
Guards, Intrusion Detection, and Shunning
|
|
Attack
guards |
|
|
Intrusion detection |
Authentication, Authorization, and Accounting
|
|
Introduction |
|
|
Installation of CSACS for Windows NT |
|
|
Authentication configuration |
|
|
Downloadable ACLS |
Failover
|
|
Understanding failover |
|
|
Serial
failover configuration |
|
|
LAN-based failover configuration |
Virtual Private Networks
|
|
PIX
Firewall enables a secure VPN |
|
|
Prepare
to configure VPN support |
|
|
Configure IKE parameter |
|
|
Configure IPSec parameters |
|
|
Test
and verify VPN configuration |
|
|
Cisco
VPN Client |
|
|
Scale
PIX Firewall VPNs |
System
Maintenance
|
|
Remote
access |
|
|
Command
authorization |
Cisco
PIX Device Manager
|
|
PDM
overview |
|
|
Prepare
for PDM |
|
|
Using
PDM to configure the PIX Firewall |
|
|
Using
PDM to create a site-to-site VPN |
|
|
Using
PDM to create a remote access VPN |
Enterprise PIX Firewall Management
|
|
Configuring access and translation rules |
|
|
Reporting, tools, and administration |
Enterprise PIX Firewall Maintenance
|
|
Introduction to the auto update server |
|
|
PIX
Firewall and AUS communication settings |
|
|
Devices, images, and assignments |
|
|
Reports
and administration |
Firewall Services Module
|
|
FWSM
overview |
|
|
Using
PDM with the FWSM |
Recommended
Training
Cisco
Secure PIX Firewall Advanced (CSPFA) v3.2 is
the recommended training for the Cisco Secure PIX Firewall
Advanced Exam
------------------------------------------------------------------------------------------------------------------
Exam
Number: 642-541
Associated Certifications: CCSP
Duration: 75 minutes (55-65 questions)
Available Language: English
Click
Here to Register:
Pearson VUE or
Prometric
Exam
Description
The Cisco
SAFE Implementation exam tests the knowledge and skills needed
to use and implement the principles and axioms presented in the
SAFE Small, Midsize and Remote (SMR) User White Paper.
Candidates are tested on knowledge of how the following devices
can be used to create a complete end-to-end solution: IOS
routers, PIX Firewalls, VPN Concentrators, Cisco IDS Sensors,
Cisco Host IDS, and the Cisco VPN Client.
Exam Topics
The
following information provides general guidelines for the
content likely to be included on this exam. However, other
related topics may also appear on any specific delivery of the
exam.
Security Fundamentals
|
|
Need
for network security |
|
|
Network
attack taxonomy |
|
|
Network
security policy |
|
|
Management protocols and functions |
Architectural Overview
|
|
Overview |
|
|
Design
fundamentals |
|
|
Safe
axioms |
|
|
Security wheel |
Cisco
Security Portfolio
|
|
Overview |
|
|
Secure
connectivity - Virtual Private Network solutions |
|
|
Secure
connectivity - the 3000 Concentrator series |
|
|
Secure
connectivity - Cisco VPN optimized routers |
|
|
Perimeter security firewalls - Cisco PIX and Cisco IOS
Firewall |
|
|
Intrusion protection - IDS and Cisco secure scanner |
|
|
Identity - Access control solutions |
|
|
Security management - VMS and CSPM |
|
|
Cisco
AVVID |
SAFE
Small Network Design
|
|
Overview |
|
|
Small
network corporate Internet module |
|
|
Small
network campus module |
|
|
Implementation-ISP router |
|
|
Implementation-IOS Firewall features and configuration |
|
|
Implementation-PIX Firewall |
SAFE
Medium Network Design
|
|
Medium
network corporate Internet module |
|
|
Mediumnetwork corporate Internet module design guidelines |
|
|
Medium
network campus module |
|
|
Medium
network campus module design guidelines |
|
|
Medium
network WAN module |
|
|
Implementation - ISP router |
|
|
Implementation - edge router |
|
|
Implementation - IOS Firewall |
|
|
Implementation - PIX Firewall |
|
|
Implementation - NIDS |
|
|
Implementation - HIDS |
|
|
Implementation - VPN Concentrator |
|
|
Implementation - Layer 3 switch |
SAFE
Remote-User Network Implementation
|
|
Overview |
|
|
Key
devices |
|
|
Threat
mitigation |
|
|
Software access option |
|
|
Remote
site firewall option |
|
|
Hardware VPN Client option |
|
|
Remote
site router option |
Recommended
Training
Cisco SAFE
Implementation (CSI) is the recommended
training for this exam.
|
