IT Certification and Career Paths

300-206 SENSS

Implementing Cisco Edge Network Security Solutions

Exam Number 300-206 SENSS
Associated Certifications CCNP Security
Duration 90 minutes (65 - 75 questions)
Available Languages English, Japanese
Register Pearson VUE
Exam Policies Read current policies and requirements
Exam Tutorial Review type of exam questions

The Implementing Cisco Edge Network Security (SENSS) (300-206) exam tests the knowledge of a network security engineer to configure and implement security on Cisco network perimeter edge devices such as a Cisco switch, Cisco router, and Cisco ASA firewall. This 90-minute exam consists of 65-75 questions and focuses on the technologies used to strengthen security of a network perimeter such as Network Address Translation (NAT), ASA policy and application inspect, and a zone-based firewall on Cisco routers. Candidates can prepare for this exam by taking the Cisco Edge Network Security (SENSS) course.

Exam Topics

The exam is closed book, and no outside reference materials are allowed. The following topics are general guidelines for the content that is likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines that follow may change at any time without notice.

  • 25%     1.0   Threat Defense

      • 1.1   Implement firewall (ASA or IOS depending on which supports the
        • 1.1.a   Implement ACLs
        • 1.1.b   Implement static/dynamic NAT/PAT
        • 1.1.c   Implement object groups
        • 1.1.d   Describe threat detection features
        • 1.1.e   Implement botnet traffic filtering
        • 1.1.f   Configure application filtering and protocol inspection
        • 1.1.g   Describe ASA security contexts
      • 1.2   Implement Layer 2 security
        • 1.2.a   Configure DHCP snooping
        • 1.2.b   Describe dynamic ARP inspection
        • 1.2.c   Describe storm control
        • 1.2.d   Configure port security
        • 1.2.e   Describe common Layer 2 threats and attacks and mitigation
        • 1.2.f   Describe MACSec
        • 1.2.g   Configure IP source verification
      • 1.3   Configure device hardening per best practices
        • 1.3.a   Routers
        • 1.3.b   Switches
        • 1.3.c   Firewalls
  • 25%     2.0   Cisco Security Devices GUIs and Secured
                        CLI Management

      • 2.1   Implement SSHv2, HTTPS, and SNMPv3 access on the network
      • 2.2   Implement RBAC on the ASA/IOS using CLI and ASDM
      • 2.3   Describe Cisco Prime Infrastructure
        • 2.3.a   Functions and use cases of Cisco Prime
        • 2.3.b   Device Management
      • 2.4   Describe Cisco Security Manager (CSM)
        • 2.4.a   Functions and use cases of CSM
        • 2.4.b   Device Management
      • 2.5   Implement Device Managers
        • 2.5.a   Implement ASA firewall features using ASDM
  • 12%     3.0   Management Services on Cisco

      • 3.1   Configure NetFlow exporter on Cisco Routers, Switches, and ASA
      • 3.2   Implement SNMPv3
        • 3.2.a   Create views, groups, users, authentication, and encryption
      • 3.3   Implement logging on Cisco Routers, Switches, and ASA using
                Cisco best practices
      • 3.4   Implement NTP with authentication on Cisco Routers, Switches,
                and ASA
      • 3.5   Describe CDP, DNS, SCP, SFTP, and DHCP
        • 3.5.a   Describe security implications of using CDP on routers and
        • 3.5.b   Need for dnssec
  • 10%     4.0   Troubleshooting, Monitoring and Reporting

      • 4.1   Monitor firewall using analysis of packet tracer, packet capture,
                and syslog
        • 4.1.a   Analyze packet tracer on the firewall using CLI/ASDM
        • 4.1.b   Configure and analyze packet capture using CLI/ASDM
        • 4.1.c   Analyze syslog events generated from ASA
  • 16%     5.0   Threat Defense Architectures

      • 5.1   Design a Firewall Solution
        • 5.1.a   High-availability
        • 5.1.b   Basic concepts of security zoning
        • 5.1.c   Transparent & Routed Modes
        • 5.1.d   Security Contexts
      • 5.2   Layer 2 Security Solutions
        • 5.1.a   Implement defenses against MAC, ARP, VLAN hopping,
                     STP, and DHCP rogue attacks
        • 5.1.b   Describe best practices for implementation
        • 5.1.c   Describe how PVLANs can be used to segregate network
                     traffic at Layer 2
  • 12%     6.0   Security Components and Considerations

      • 6.1   Describe security operations management architectures
        • 6.1.a   Single device manager vs. multi-device manager
      • 6.2   Describe Data Center security components and considerations
        • 6.2.a   Virtualization and Cloud security
      • 6.3   Describe Collaboration security components and considerations
        • 6.3.a   Basic ASA UC Inspection features
      • 6.4   Describe common IPv6 security considerations
        • 6.4.a   Unified IPv6/IPv4 ACL on the ASA
  • The following course is the recommended training for this exam:

    Courses listed are offered by Cisco Learning Partners-the only authorized source for Cisco IT training delivered exclusively by Certified Cisco Instructors. Check the List of Learning Partners for a Cisco Learning Partner nearest you

    A variety of Cisco Press titles may be available for this exam. These titles can be purchased through the Cisco Marketplace Bookstore, directly from Cisco Press.

          Register at Pearson VUE      

    Cisco Learning Network

    Get valuable IT training resources for all Cisco certifications. Access study tools, CCNA practice tests, IT salaries, and find IT jobs.

    Go Now

    Cisco Training Tools

    Use the following tools to assist in your certification journey.

    Cisco Learning Locator Self Assessment Tool Certification Tracking System Certifications & Communities Online Support

    Cisco Learning Labs

    Get hands-on routing / switching lab experience using Cisco IOS on UNIX.

    Learn More