Securing Networks with Cisco Routers and Switches Exam

The Securing Networks With Cisco Routers and Switches exam (SNRS 642-503) is one of the exams associated with the Cisco Certified Security Professional certification. Candidates can prepare for this exam by taking the SNRS v2.0 course. This exam includes simulations and tests a candidate's knowledge and ability to secure networks using Cisco routers and switches.

The following information provides general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes the guidelines below may change at any time without notice.

Implement Cisco Layer 2 security

• Utilize Cisco IOS commands to mitigate Layer 2 attacks
• Implement Cisco Identity-Based Networking Services on Cisco Catalyst Switches
• Implement Identity Management using ACS as the Authentication Server

Configure Cisco IOS Firewalls to mitigate network threats using the CLI

• Identify and describe the advanced capabilities of the IOS firewall feature set
• Configure IOS Firewall to dynamically mitigate identified threats to the network
• Verify and troubleshoot IOS Firewall configuration and operation.
• Configure authentication proxy to apply security policies on a per-user basis
• Verify and troubleshoot authentication proxy configuration and operation
• Configure IOS zone-based Firewalls
• Troubleshoot Zone-based Firewalls
• Configure APPFW application Firewalls
• Configure Granular Protocol Inspection

Configure Cisco IOS IPS to identify and mitigate threats to network resources using the CLI

• Identify and describe the advanced capabilities of the IOS-IPS feature
• Configure the IPS features to identify threats and dynamically block them from entering the network
• Verify and troubleshoot IPS operation

Configure Cisco VPNs to provide secure connectivity for site-to-site and remote access communications using the CLI

• Describe IPSec features and functionality
• Configure secure connectivity for site-to-site IPSec VPN using pre-shared keys
• Describe GRE features and functionality
• Configure secure connectivity for site-to-site VPN using certificate authorities
• Describe DMVPN features and functionality
• Configure secure connectivity for site-to-site VPN using DMVPN
• Verify and troubleshoot secure site-to-site connectivity operations
• Implement Clientless IOS SSL VPN
• Verify Clientless IOS SSL VPNs
• Configure Easy VPN server with pre-shared keys

Configure Authentication, Authorization, and Accounting to provide basic secure access control for networks

• Configure administrative access to the CSACS server
• Configure CSACS system settings
• Configure AAA clients on the CSACS
• Configure users, groups and access rights
• Configure shared profile components in CSACS
• Configure network access profiles in CSACS
• Configure NADS to enable AAA to use a Radius Server
• Verify and troubleshoot AAA operation

Implement Network Foundation Protection using the CLI

• Describe NFP features and functionality
• Secure the management plane using Cisco IOS security features
• Secure the data plane using Cisco IOS security features
• Secure the control plane using Cisco IOS security features

Securing Networks with Cisco Routers and Switches (SNRS) is the recommended training for this exam.

Courses listed are offered by Cisco Learning Partners, the only authorized source for Cisco IT training delivered exclusively by Certified Cisco Instructors. Check the Global Learning Partner Locator for a Cisco Learning Partner near you.

A variety of Cisco Press titles may be available for this exam. These titles can be purchased through the Cisco Marketplace Bookstore, directly from Cisco Press.

Return to Top