| Install and configure a Security Appliance for basic network connectivity |
 |
Describe the Security Appliance hardware and software architecture |
|
Determine the Security Appliance hardware and software configuration and verify if it is correct |
|
Use setup or the CLI to configure basic network settings, including interface configurations |
|
Use appropriate show commands to verify initial configurations |
|
Configure NAT and global addressing to meet user requirements |
|
Configure DHCP client option |
|
Set default route |
|
Configure logging options |
|
Describe the firewall technology |
|
Explain the information contained in syslog files |
|
Configure static address translations |
|
Configure Network Address Translations: PAT |
|
Verify network address translation operation |
| Configure a Security Appliance to restrict inbound traffic from untrusted sources |
|
Configure access-lists to filter traffic based on address, time, and protocols |
|
Configure object-groups to optimize access-list processing |
|
Configure Network Address Translations: Nat0 |
|
Configure Network Address Translations: Policy NAT |
|
Configure java/activeX filtering |
|
Configure URL filtering |
|
Verify inbound traffic restrictions |
|
Configure static port redirection |
|
Configure a net static |
|
Set embryonic and connection limits on the Security Appliance |
| Configure a Security Appliance to provide secure connectivity using site-to-site VPNs |
|
Explain the basic functionality of IPsec |
|
Configure IKE with preshared keys |
|
Differentiate between the types of encryption |
|
Configure IPsec parameters |
|
Configure crypto-maps and ACLs |
| Configure a Security Appliance to provide secure connectivity using remote access VPNs |
|
Explain the functions of EasyVPN |
|
Configure IPsec using EasyVPN Server/Client |
|
Configure the Cisco Secure VPN client |
|
Explain the purpose of SSL VPN |
|
Configure WebVPN services: Server/Client |
|
Verify VPN operations |
|
Install and Configure SVCs |
|
Install and Configure Cisco Secure Desktop |
Configure transparent firewall, virtual firewall, and high availability firewall features on a Security Appliance |
|
Explain differences between L2 and L3 operating modes |
|
Configure Security Appliance for transparent mode (L2) |
|
Explain purpose of virtual firewalls |
|
Configure Security Appliance to support virtual firewall |
|
Monitor and maintain virtual firewall |
|
Explain the types, purpose and operation of fail-over |
|
Install appropriate topology to support cable-based or LAN-based fail-over |
|
Explain the hardware, software and licensing requirements for high-availability |
|
Configure the Security Appliance for active/standby fail-over |
|
Configure the Security Appliance for stateful fail-over |
|
Configure the Security Appliance for active-active fail-over |
|
Verify fail-over operation |
|
Recover from a fail-over |
|
Allocate resources to virtual firewalls |
| Configure AAA services for the Security Appliance |
|
Configure ACS for Security Appliance support |
|
Configure Security Appliance to use AAA feature |
|
Configure authentication using both local and external databases |
|
Configure authorization using an external database |
|
Configure the ACS server for downloadable ACLs |
|
Configure accounting of connection start/stop |
|
Verify AAA operation |
| Configure routing and switching on a Security Appliance |
|
Enable DHCP server and relay functionality |
|
Configure VLANs on a Security Appliance interface |
|
Configure Security Appliance to pass multi-cast traffic |
| Configure Security Appliance advanced application layer and modular policy features |
|
Configure a class-map |
|
Configure a policy-map |
|
Configure a service-policy |
|
Configure a ftp-map |
|
Configure a http-map |
|
Configure an inspection protocol |
|
Explain the function of protocol inspection |
|
Explain DNS guard feature |
|
Describe the AIP-SSM HW and SW |
|
Load IPS SW in the AIP-SSM |
|
Verify AIP-SSM |
|
Configure an IPS modular policy |
|
Describe the CSC-SSM HW and SW |
|
Configure a typed class map |
|
Configure a typed policy map |
|
Use typed policy maps to specify granular inspection parameters for a policy map |
|
Configure regex class maps |
|
Create regular expressions |
|
Load CSC SW on the SSM |
|
Verify the CSC-SSM |
|
Divert traffic to the CSC-SSM |
|
Initialize the CSC-SSM |
| Monitor and manage an installed Security Appliance |
|
Obtain and apply OS updates |
|
Backup and restore configurations and software |
|
Explain the Security Appliance file management system |
|
Perform password/lockout recovery procedures |
|
Obtain and upgrade license keys |
|
Configure passwords for various access methods: Telnet, serial, enable, SSH |
|
Configure various access methods: Telnet, SSH, ASDM |
|
Configure command authorization and privilege levels |
|
Configure local username database |
|
Verify access control methods |
|
Enable ASDM functionality |
|
Verify a Security Appliance configuration via ASDM |
|
Verify the licensing available on a Security Appliance |
|
Add, delete, and modify syslog messages |
| |
|
|