includes all our Cisco 642-552 training tools:
- 642-552 Questions & Answers + Sound Files + Realistic Labs
- Price : $119.97 $107.97
- You Save $12.00!
Cisco 642-552
Description:
The Securing Cisco Network Devices 642-552 SND is the exam associated with the Cisco Certified Security Professional, Cisco Firewall Specialist, Cisco IPS Specialist, and Cisco VPN Specialist certifications. Candidates can prepare for this exam by taking the Securing Cisco Network Devices v2.0 (SND) course. This exam tests a candidate's knowledge of securing Cisco routers and switches and their associated networks. Topics covered include; Security threats facing modern network infrastructures, Securing Cisco routers, Implementing basic AAA, Using ACLs to mitigate router and network threats, Implementing secure management and reporting, Mitigating common Layer 2 attacks, and Implementing Cisco IOS Firewall features, Cisco IOS IPS features, and IPsec VPN features using Cisco Security Device Manager.
Exam Details:
The Cisco 642-552 examination is administered through Prometric and Pearson VUE in a secure environment near you. Just visit the Prometric or Pearson VUE Web site to sit for the 642-552 exam. Do remember that the exam is administered in English. You are allowed a total of 75 minutes in which to complete the examination.
Key Topics:
Describe the security threats facing modern network infrastructures
- Common threats to the physical installation
- Mitigation methods for common network attacks
- Mitigation methods for Worm, Virus, and Trojan Horse attacks
- Main activities in each phase of a secure network lifecycle
- Comprehensive security policy
- Cisco Self Defending Network architecture
Secure Cisco routers
- Using the SDM Security Audit feature
- Use the One-Step Lockdown feature in SDM
- Secure administrative access to Cisco routers: by setting strong encrypted passwords, exec timeout, login failure rate and using IOS login enhancements; by configuring multiple privilege levels; by configuring role based CLI
- Secure the Cisco IOS image and configuration file
Implement basic AAA using Cisco routers
- Explain the functions and importance of AAA
- Features of TACACS+ and RADIUS AAA protocols
- Methods of authentication that are used to provide access through a router (packet mode) and to provide access to the router (character mode)
Mitigate threats to Cisco routers and networks using ACLs
- Explain the functionality of standard, extended, and named IP ACLs used by routers
- Configure and verify IP ACLs to mitigate given threats (filter IP traffic destined for Telnet, SNMP, and DDoS attacks) in a network using CLI
- Configure IP ACLs to prevent IP address spoofing using CLI
- Discuss the caveats to be considered when building ACLs
Implement secure network management and reporting
- Secure management and reporting of network devices - considerations
- Use CLI to configure SSH on Cisco routers
- Use CLI to configure Cisco routers to send Syslog messages to a Syslog server
- SNMPv3 and NTPv3
Mitigate common Layer 2 attacks
- Common Layer 2 attacks and how to mitigate them
- Function and benefit of the security features in Cisco Catalyst switches (IBNS, PVLAN, SPAN port)
- Common threats to WLANs
- Security features of the 802.11 protocol
Implement the Cisco IOS firewall feature set using SDM
- Operational strengths and weaknesses of the different firewall technologies
- Stateful firewall operations and the function of the state table
- Types of NAT that can be implemented in a firewall
- Basic and advanced firewall on a Cisco router using SDM
Implement the Cisco IOS IPS feature set using SDM
- Network based vs. host based intrusion detection and prevention
- IPS technologies, attack responses, and monitoring options
- Cisco IOS IPS operations using SDM
Implement IPsec VPN on Cisco routers using SDM
- IKE protocol functionality and phases
- Building blocks of IPsec and the security functions it provides
- Hash-based message authentication code (HMAC) operations
- Different methods of encryption
- Purpose of the Diffie-Hellman key agreement protocol
- IPsec - origin authentication
- PKI environment at a high level
- Different types of IPsec VPN implementations
- Cisco Easy VPN Server and Cisco Easy VPN Remote
- Configure and verify remote access VPNs using
Preparing for the Exam:
Following are a few factors that you need to take into consideration. Cisco recommends that one have knowledge, skills, and abilities necessary to install, administer and support Cisco systems prior to taking this exam. It is also recommended that prospective candidates attend the Cisco: Securing Cisco Network Devices (SND) course for this exam
Certification Credits:
You will be awarded with credit towards various Cisco certifications. These are: CCSP/Cisco Firewall Specialist/Cisco IPS Specialist/Cisco VPN Specialist
