IT Certification and Career Paths

The 640-554 Implementing Cisco IOS Network Security (IINS) exam is associated with the CCNA Security certification. This exam tests a candidate's knowledge of securing Cisco routers and switches and their associated networks. It leads to validated skills for installation, troubleshooting and monitoring of network devices to maintain integrity, confidentiality and availability of data and devices and develops competency in the technologies that Cisco uses in its security infrastructure.

Candidates can prepare for this exam by taking the Implementing Cisco IOS Network Security (IINS)course.

The following topics are general guidelines for the content likely to be included on the Implementing Cisco IOS Network Security (IINS) exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

Common Security Threats

• Describe common security threats

Security and Cisco Routers

• Implement security on Cisco routers
• Describe securing the control, data, and management plane
• Describe Cisco Security Manager
• Describe IPv4 to IPv6 transition

AAA on Cisco Devices

• Implement AAA (authentication, authorization, and accounting)
• Describe TACACS+
• Describe RADIUS
• Describe AAA
• Verify AAA functionality

IOS ACLs

• Describe standard, extended, and named IP IOS access control lists (ACLs) to filter packets
• Describe considerations when building ACLs
• Implement IP ACLs to mitigate threats in a network

Secure Network Management and Reporting

• Describe secure network management
• Implement secure network management

Common Layer 2 Attacks

• Describe Layer 2 security using Cisco switches
• Describe VLAN security
• Implement VLANs and trunking
• Implement spanning tree

Cisco Firewall Technologies

• Describe operational strengths and weaknesses of the different firewall technologies
• Describe stateful firewalls
• Describe the types of NAT used in firewall technologies
• Implement zone-based policy firewall using CCP
• Implement the Cisco Adaptive Security Appliance (ASA)
• Implement Network Address Translation (NAT) and Port Address Translation (PAT)

Cisco IPS

• Describe Cisco Intrusion Prevention System (IPS) deployment considerations
• Describe IPS technologies
• Configure Cisco IOS IPS using CCP

VPN Technologies

• Describe the different methods used in cryptography
• Describe VPN technologies
• Describe the building blocks of IPSec
• Implement an IOS IPSec site-to-site VPN with pre-shared key authentication
• Verify VPN operations
• Implement Secure Sockets Layer (SSL) VPN using ASA device manager

The following course is the recommended training for this exam:

• Implementing Cisco IOS Network Security (IINS)

Courses listed are offered by Cisco Learning Partners-the only authorized source for Cisco IT training delivered exclusively by Certified Cisco Instructors. Check the List of Learning Partners for a Cisco Learning Partner nearest you