Last day to test 01/31/07
The Securing Cisco Network Devices 642-551 SND exam forms the foundation of the Cisco Certified Security Professional, Cisco Firewall Specialist, Cisco IPS Specialist, and Cisco VPN Specialist certifications. Candidates can prepare for this exam by taking the SND course. This exam includes simulations and tests a candidate's knowledge and ability to describe, configure, and verify basic security features of Cisco Layer 2 devices, Cisco Routers, Cisco IDS/IPS Sensors, Cisco VPN 3000 Concentrators, and Cisco PIX Security Appliances.
The following information provides general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes the guidelines below may change at any time without notice.
Describe the products in the Cisco security portfolio and explain how they mitigate security threats to a network
- Identify the appropriate devices to secure a network
- Identify the appropriate device feature to secure a network
- Describe the difference in functionality and capabilities of the different security devices
- Identify security issues with common management protocols
- Describe threats to a network and network devices
- Identify different techniques to deal with security threats
Describe the security features available for a Cisco Layer 2 device in a secure network
- Identify security features on a Layer 2 device
- Describe basic security feature configurations on a Layer 2 device
Implement security on a Cisco IOS Router
- Identify mitigation techniques for common physical router security threats
- Configure router for secure administrative access
- Implement basic AAA for router administrative authentication
- Configure AutoSecure to harden Cisco routers
- Configure router access lists to secure networks
- Configure security for router services and interfaces
- Implement Syslog logging
- Identify major components of the SDM
Describe and configure Cisco IPS and HIPS
- Configure user accounts
- Describe and configure Network Access lists
- Describe how the sensor device is secure by default
- Install the sensor on the network
- Describe the methods used to access a sensor
- Describe the process for displaying the sensor configuration
- Identify major components of IDM
- Describe basic sensor operations
- Describe the process of using alarms to identify network attacks
- Identify the appropriate platform required to install the CSA MC
- Configure the default group
- Describe the process of agent kit deployment and verifying management of the agent
- Describe key features and concepts of VMS
- Describe the interoperability of the components of VMS
- Describe the hardware and software requirements of VMS
Configure and verify basic remote access on a Cisco VPN 3000 Concentrator
- Perform an initial configuration
- Configure users and groups
- Configure VPN clients
- Verify IPSec tunnel establishment
Implement a Cisco PIX security appliance
- Describe basic PIX security appliance hardware and software architecture
- Identify appropriate PIX security appliance hardware and software configuration
- Configure basic network settings using CLI
- Configure basic interface features on a PIX security appliance
- Verify initial configurations
- Identify major components of the PDM
- Configure static address translation
- Configure Network Address Translation
- Configure firewall to secure inbound traffic
- Verify inbound traffic restrictions
- Describe basic IPSec topologies
- Define the services provided by IPSec
- Describe the IPSec protocol framework
- Describe the IPSec algorithm framework
- Describe the concepts of split tunneling
- Describe the various authentication methods
- Describe how the PIX security appliance uses IPSec to secure networks
Securing Cisco Network Devices (SND) is the recommended training for this exam.
Courses listed are offered by Cisco Learning Partners, the only authorized source for Cisco IT training delivered exclusively by Certified Cisco Instructors. Check the List of Learning Partners for a Cisco Learning Partner near you.
