IT Certification and Career Paths

642-737 IAUWS

Implementing Advanced Cisco Unified Wireless Security

Exam Number 642-737 IAUWS
Associated Certifications CCNP Wireless
Duration 90 minutes (50 - 60 questions)
Available Languages English, Japanese
Register Pearson VUE
Exam Policies Read current policies and requirements
Exam Tutorial Review type of exam questions

The Implementing Advanced Cisco Unified Wireless Security exam is the exam associated with the CCNP Wireless certification. This exam assesses a candidate's capability to secure the wireless network from security threats via appropriate security policies and best practices, to properly implement security standards, and to properly configure wireless security components. Candidates can prepare for this exam by taking the IAUWS Implementing Advanced Cisco Unified Wireless Security course.

The exam is closed book and no outside reference materials are allowed. The following topics are general guidelines for the content that is likely to be included on the practical exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the following guidelines may change at any time without notice.

  • 22%     1.0   Integrate Client Device Security

      • 1.1   Describe Extensible Authentication Protocol (EAP) authentication
                 process
         
      • 1.2   Configure client for secure EAP authentication
         
      • 1.3   Configure the AnyConnect client
         
      • 1.4   Describe the impact of security configurations on application and
                 client roaming
         
      • 1.5   Troubleshoot client wireless authentication issues
        • 1.5.a   Packet analyzers
        • 1.5.b   Debugs
        • 1.5.c   Logs
        • 1.5.d   Cisco Wireless Control System (WCS)
        • 1.5.e   Access Control Server (ACS)
           
      • 1.6   Identify client security risks
        • 1.6.a   driver update
        • 1.6.b   MS hot fixes
  • 11%     2.0   Design and Integrate Wireless Network with
               NAC
       

      • 2.1   Describe the architectures
        • 2.1.a   inband
        • 2.1.b   out-of-band
        • 2.1.c   agent vs. agentless
        • 2.1.d   Cisco Network Admission Control (NAC) appliance
           
      • 2.2   Describe the high-level authentication process flow
        • 2.2.a   CAS
        • 2.2.b   CAM
        • 2.2.c   RADIUS/ACS
        • 2.2.d   Wireless LAN controller (WLC)
        • 2.2.e   External authentication sources
           
      • 2.3   Configure the WLC for Network Access Controller (NAC)
         
      • 2.4   Verify wireless authentication with NAC
  • 22%     3.0   Implement Secure Wireless Connectivity
               Services

      • 3.1   Configure authentication
        • 3.1.a   Controller Local EAP with or without external Lightweight B.
                      Directory Access
        • 3.1.b   Protocol (LDAP) database
        • 3.1.c   Client authentication on H-REAP access points (APs)
        • 3.1.d   802.1X authentication for AP authentication to the switch
           
      • 3.2   Configure autonomous AP for RADIUS authentication
         
      • 3.3   Configure management frame protection on clients, APs and
                 controllers
         
      • 3.4   Configure IBN
        • 3.4.a   RADIUS based VLAN and ACLs
        • 3.4.b   AAA override
           
      • 3.5   Define ACS parameters for integration with wireless network
         
      • 3.6   Define client and server-side digital certificate requirements
         
      • 3.7   Implement ACLs on controller
        • 3.7.a   CPU ACLs
        • 3.7.b   WLAN, interface, and client identity ACL
           
      • 3.8   Troubleshoot secure wireless connectivity services
        • 3.8.a   Packet analyzers, debugs, logs, WCS, and ACS
        • 3.8.b   Verify firewall ports
        • 3.8.c   ACS and Controller authorization and authentication for clients
  • 12%     4.0   Design and implement Guest Access Service
       

      • 4.1   Describe the architectures for guest access services
        • 4.1.a   VLAN-based
        • 4.1.b   Anchor, DMZ, redundancy, and scaling
        • 4.1.c   NAC guest server
        • 4.1.d   Wired guest access
        • 4.1.e   Bandwidth limiting
           
      • 4.2   Configure guest access accounts
        • 4.2.a   Lobby ambassador (controller and WCS-based)
        • 4.2.b   Guest roles
           
      • 4.3   Configure controller web authentication
        • 4.3.a   Pass through
        • 4.3.b   Internal and external
        • 4.3.c   Authentication (local/RADIUS)
        • 4.3.d   Custom splash page (internal, external, and per WLAN)
        • 4.3.e   Understand design considerations (DNS, proxy)
        • 4.3.f   Pre-authentication ACL
        • 4.3.g   Wired guest access
        • 4.3.h   Install third party certificate on controller
           
      • 4.4   Configure the anchor and internal controllers
         
      • 4.5   Troubleshoot guest access issues
        • 4.5.a   Packet analyzers, debugs, logs, WCS, and ACS
        • 4.5.b   Verify firewall ports
        • 4.5.c   Mping and eping
        • 4.5.d   Proxies
  • 11%     5.0   Translate Organizational and Regulatory
               Security Policies and Enforce Security Compliances
       

      • 5.1   Describe Regulatory Compliance Considerations, such as HIPAA, PCI,
                SOX, and FERPA
        • 5.1.a   HIPAA
        • 5.1.b   PCI
        • 5.1.c   SOX
        • 5.1.d   FERPA
           
      • 5.2   Segment traffic into different VLANs, based upon
        • 5.2.a   Security
        • 5.2.b   Application
        • 5.2.c   QoS
           
      • 5.3   Configure administration security on controller and WCS
        • 5.3.a   TACACS+ and ACS integration
        • 5.3.b   Local
        • 5.3.c   RADIUS and AAA server integration
        • 5.3.d   Access point administration credential
        • 5.3.e   Admin roles
           
      • 5.4   Manage WLC and WCS alarms
        • 5.4.a   SNMP and Trap receivers
        • 5.4.b   Syslog
        • 5.4.c   SMTP
        • 5.4.d   ACS log
        • 5.4.e   Modify WCS alarm levels
           
      • 5.5   Utilize security audit tools
        • 5.5.a   Packet captures
        • 5.5.b   Penetration testing
        • 5.5.c   Third-party software (AirMagnet AirWise)
        • 5.5.d   PCI Audit tool in WCS
  • 11%     6.0   Configure Native WLC security Feature Sets -
               IPS/IDS

      • 6.1   Utilize WCS or controller for IDS and threat mitigation strategies
        • 6.1.a   Signature
        • 6.1.b   Custom signature
        • 6.1.c   Rogue classification management and (auto) containment
        • 6.1.d   Rogue reporting/location (WCS only)
        • 6.1.e   Switchport tracing (WCS only)
        • 6.1.f   Integrate Cisco spectrum expert to WCS
        • 6.1.g   Client exclusion
        • 6.1.h   CleanAir
           
      • 6.2   Identify and mitigate wireless vulnerabilities
        • 6.2.a   Wireless packet injection (can't be mitigated)
        • 6.2.b   Client misconfiguration
        • 6.2.c   DoS (RF jamming)
        • 6.2.d   Anomalous behavior attacks (association and authentication
                      attacks)
        • 6.2.e   Signature attacks (NetStumbler and undetectable at this time
        • 6.2.f   Eavesdropping (wild packets and Honeypot)
        • 6.2.g   Hijacking/mimicry (evil Twin and HoneyPotting)
        • 6.2.h   Social engineering (human attack)
  • 11%     7.0  Integrate Wireless Network with Advanced
               Security Platforms

      • 7.1   Describe end-to-end security Solutions of Cisco and how they
                 Integrate with the Cisco Wireless Solutions
        • 7.1.a   AnyConnect 3.0 and above
        • 7.1.b   NAC appliance
        • 7.1.c   NAC guest server
        • 7.1.d   Wired IPS
        • 7.1.e   ACS
           
      • 7.2   Describe the CUWN firewall port configuration requirements
        • 7.2.a   Access control lists (ACLs)
        • 7.2.b   IP port pass-through
        • 7.2.c   DMZ
           
      • 7.3   Configure the controller for wired IPS/IDS
         
      • 7.4   Configure wireless Intrusion Prevention System (IPS) (MSE)
  • The following course is the recommended training for this exam.

    • Implementing Advanced Cisco Unified Wireless Security (IAUWS)

    Courses listed are offered by Cisco Learning Partners-the only authorized source for Cisco IT training delivered exclusively by Certified Cisco Instructors. Check the List of Learning Partners for a Cisco Learning Partner nearest you

    A variety of Cisco Press titles may be available for this exam. These titles can be purchased through the Cisco Marketplace Bookstore, directly from Cisco Press.

          Register at Pearson VUE      

    Cisco Learning Network

    Get valuable IT training resources for all Cisco certifications. Access study tools, CCNA practice tests, IT salaries, and find IT jobs.

    Go Now

    Cisco Training Tools

    Use the following tools to assist in your certification journey.

    Cisco Learning Locator Self Assessment Tool Certification Tracking System Certifications & Communities Online Support

    Cisco Learning Labs

    Get hands-on routing / switching lab experience using Cisco IOS on UNIX.

    Learn More