IT Certification and Career Paths

642-502 SNRS

Hierarchical Navigation

Securing Networks with Cisco Routers and Switches Exam
Retired June 20, 2007
    Exam Number:     642-502
Associated Certifications: CCSP
Duration: 90 minutes (60-70 questions)
Available Languages: English
Click Here to Register: Pearson VUE or Prometric
Exam Policies: Read current policies and requirements
Exam Tutorial: Review type of exam questions

Exam Description    Exam Topics    Recommended Training    Additional Resources
Exam Description

The Securing Networks with Cisco Routers and Switches exam is one of the exams associated with the Cisco Certified Security Professional certification. Candidates can prepare for this exam by taking the SNRS v1.0 course. This exam includes simulations and tests a candidate's knowledge and ability to secure networks using Cisco routers and switches.

Exam Topics

The following information provides general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes the guidelines below may change at any time without notice.

Implement Layer 2 security

  • Utilize Cisco IOS and Cat OS commands to mitigate Layer 2 attacks
  • Implement Cisco Identity-Based Networking Services
  • Implement Cisco 802.1X Port-Based Authentication
  • Identify and describe Layer 2 security best practices

Configure Cisco IOS Firewall features to meet security requirements

  • Identify and describe the capabilities of the IOS firewall feature set
  • Configure CBAC to dynamically mitigate identified threats to the network
  • Verify and troubleshoot CBAC configuration and operation
  • Configure authentication proxy to apply security policies on a per-user basis
  • Verify and troubleshoot authentication proxy configuration and operation

Configure Cisco IOS-based IPS to identify and mitigate threats to network resources

  • Identify and describe the capabilities of the IOS-IPS feature set
  • Configure the IPS features to identify threats and dynamically block them from entering the network
  • Verify and troubleshoot IDS operation
  • Maintain and update the signatures

Configure basic IPSec VPNs to secure site-to-site and remote access to network resources

  • Select the correct IPSec implementation based on specific stated requirements
  • Configure IPSec Encryption for site-to-site VPN using pre-shared keys
  • Configure IPSec Encryption for site-to-site VPN using certificate authority
  • Verify and troubleshoot IPSec operation
  • Configure EZ-VPN server
  • Configure EZ-VPN remote using both hardware and software clients.
  • Troubleshoot EZ-VPN

Configure authentication, authorization and accounting to provide basic secure access control for networks

  • Configure administrative access to the Cisco Secure ACS server
  • Configure AAA clients on the Cisco Secure ACS (for routers)
  • Configure users, groups and access rights
  • Configure router to enable AAA to use TACACS+
  • Configure router to enable AAA to use a Radius server
  • Verify and troubleshoot AAA operation

Use management applications to configure and monitor IOS security features

  • Initialize SDM communications on Cisco routers
  • Perform a LAN interface configuration of a Cisco router using SDM
  • Use SDM to define and establish a site-to-site VPN
Recommended Training

Securing Networks with Cisco Routers and Switches (SNRS) is the recommended training for this exam.

Courses listed are offered by Cisco Learning Partners, the only authorized source for Cisco IT training delivered exclusively by Certified Cisco Instructors. Check the Global Learning Partner Locator for a Cisco Learning Partner near you.

Additional Resources

A variety of Cisco Press titles may be available for this exam. These titles can be purchased through the Cisco Marketplace Bookstore, directly from Cisco Press.


Return to Top