500-750: Cisco Network Security Specialist (CNSS)

11:50 By Alisha Rascon 0 Comment
500-750: Cisco Network Security Specialist (CNSS)

This exam tests a candidate's knowledge of secure network infrastructure, understanding core security concepts, managing secure access, VPN encryption, firewalls, intrusion prevention, web and email content security, and endpoint security.

500-750: Cisco Network Security Specialist (CNSS)


Cisco 500-750 Exam Overview:


Exam NameCisco Network Security Specialist
Exam Number 500-750 CNSS
Exam Number $300 USD
Duration 90 minutes
Number of Questions 55-65
Passing Score Variable (750-850 / 1000 Approx.)
Recommended Training Implementing Cisco Network Security v3.0
Sample Questions Cisco 500-750 Sample Questions
Practice Exam Implementing Cisco Network Security Practice Test

Cisco 500-750 Exam Topics:


Section Weight  Objectives
Security Concepts 12%

- Common security principles

◉ Describe Confidentiality, Integrity, Availability (CIA)
◉ Describe SIEM technology
◉ Identify common security terms
◉ Identify common network security zones

- Common security threats

◉ Identify common network attacks
◉ Describe social engineering
◉ Identify malware
◉ Classify the vectors of data loss/exfiltration

- Cryptography concepts

◉ Describe key exchange
◉ Describe hash algorithm
◉ Compare & contrast symmetric and asymmetric encryption
◉ Describe digital signatures, certificates and PKI

- Describe network topologies

◉ Campus Area Network (CAN)
◉ Cloud, Wide Area Network (WAN)
◉ Data Center
◉ Small office/home office (SOHO)
◉ Network security for a virtual environment
SecureAccess 14%

- Secure management

◉ Compare In-band and out of band
◉ Configure secure network management
◉ Configure and verify secure access through SNMP v3 using an ACL
◉ Configure and verify security for NTP
◉ Use SCP for file transfer

- AAA concepts

◉ Describe RADIUS & TACACS+ technologies
◉ Configure administrative access on a Cisco router using TACACS+
◉ Verify connectivity on a Cisco router to a TACACS+ server
◉ Explain the integration of Active Directory with AAA
◉ Describe authentication & authorization using ACS and ISE

- 802.1X authentication

◉ Identify the functions 802.1X components

- BYOD

◉ Describe the BYOD architecture framework
◉ Describe the function of Mobile Device Management (MDM)
VPN 17%

- VPN concepts

◉ Describe IPSec protocols and delivery modes (IKE, ESP, AH, tunnel mode, transport mode)
◉ Describe hairpinning, split tunneling, always-on, NAT Traversal

- Remote Access VPN

◉ Implement basic clientless SSL VPN using ASDM
◉ Verify clientless connection
◉ Implement basic AnyConnect SSL VPN using ASDM
◉ Verify AnyConnect connection
◉ Identify Endpoint Posture Assessment

- Site-to-Site VPN

◉ Implement an IPSec site-to-site VPN with pre-shared key authentication on Cisco routers and ASA firewalls
◉ Verify an IPSec site-to-site VPN
Secure Routing & Switching 18%

- Security on Cisco Routers

◉ Configure multiple privilege levels
◉ Configure IOS role-based CLI access
◉ Implement IOS resilient configuration

- Securing routing protocols

◉ Implement routing update authentication on OSPF

- Securing the control plane

◉ Explain the function of control plane policing

- Common Layer 2 attacks

◉ Describe STP attacks
◉ Describe ARP spoofing
◉ Describe MAC spoofing
◉ Describe CAM Table (MAC Address Table) overflows
◉ Describe CDP/LLDP reconnaissance
◉ Describe VLAN hopping
◉ Describe DHCP spoofing

- Mitigation procedures

◉ Implement DHCP snooping
◉ Implement dynamic ARP inspection
◉ Implement port security
◉ Describe BPDU Guard, Root Guard, Loop Guard
◉ Verify mitigation procedures

- VLAN security

◉ Describe the security implications of a PVLAN
◉ Describe the security implications of a native VLAN
Cisco Firewall Technologies 18%

- Describe operational strengths and weaknesses of the different firewall technologies

◉ Proxy firewalls
◉ Application firewall
◉ Personal firewall

- Compare stateful vs. stateless firewalls

◉ Operations
◉ Function of the state table

- Implement NAT on Cisco ASA 9.x

◉ Static
◉ Dynamic
◉ PAT
◉ Policy NAT
◉ Verify NAT operations

- Implement zone-based firewall

◉ Zone to zone
◉ Self zone

- Firewall features on the Cisco Adaptive Security Appliance (ASA) 9.x

◉ Configure ASA Access Management
◉ Configure security access policies
◉ Configure Cisco ASA interface security levels
◉ Configure default Modular Policy Framework (MPF)
◉ Describe modes of deployment (routed firewall, transparent firewall)
◉ Describe methods of implementing High Availability
◉ Describe security contexts
◉ Describe firewall services
IPS 9%

- Describe IPS deployment considerations

◉ Network based IPS vs. host based IPS
◉ Modes of deployment (inline, promiscuous - SPAN, tap)
◉ Placement (positioning of the IPS within the network)
◉ False positives, false negatives, true positives, true negatives

- Describe IPS technologies

◉ Rules/Signatures
◉ Detection/Signature engines
◉ Trigger actions/responses (drop, reset, block, alert, monitor/log, shun)
◉ Block list (static & dynamic)
Content and Endpoint Security 12%

- Describe mitigation technology for email-based threats

◉ SPAM filtering, anti-malware filtering, DLP, block listing, email encryption

- Describe mitigation technology for Web-based threats

◉ Local & cloud-based Web proxies
◉ Block listing, URL-filtering, malware scanning, URL categorization, Web application filtering, TLS/SSL decryption

- Describe mitigation technology for endpoint threats

◉ Anti-Virus/Anti-Malware
◉ Personal Firewall/HIPS
◉ Hardware/Software encryption of local data

0 comments:

Post a Comment

© 2017 Copyright Cisco Central - All rights reserved
Made With By Templateclue | Distributed By Blogger Templates20