| Describing Information Security Concepts* |
| -Information Security Overview |
| -Managing Risk |
| -Vulnerability Assessment |
| -Understanding CVSS |
|
| Describing Common TCP/IP Attacks* |
| -Legacy TCP/IP Vulnerabilities |
| -IP Vulnerabilities |
| -ICMP Vulnerabilities |
| -TCP Vulnerabilities |
| -UDP Vulnerabilities |
| -Attack Surface and Attack Vectors |
| -Reconnaissance Attacks |
| -Access Attacks |
| -Man-In-The-Middle Attacks |
| -Denial of Service and Distributed Denial of Service Attacks |
| -Reflection and Amplification Attacks |
| -Spoofing Attacks |
| -DHCP Attacks |
|
| Describing Common Network Application Attacks |
| -Password Attacks |
| -DNS-Based Attacks |
| -DNS Tunneling |
| -Web-Based Attacks |
| -HTTP 302 Cushioning |
| -Command Injections |
| -SQL Injections |
| -Cross-Site Scripting and Request Forgery |
| -Email-Based Attacks |
|
| Describing Common Endpoint Attacks |
| -Buffer Overflow |
| -Malware |
| -Reconnaissance Attack |
| -Gaining Access and Control |
| -Gaining Access via Social Engineering |
| -Gaining Access via Web-Based Attacks |
| -Exploit Kits and Rootkits |
| -Privilege Escalation |
| -Post-Exploitation Phase |
| -Angler Exploit Kit |
|
| Describing Network Security Technologies |
| -Defence-in-Depth Strategy |
| -Defending Across the Attack Continuum |
| -Network Segmentation and Virtualization Overview |
| -Stateful Firewall Overview |
| -Security Intelligence Overview |
| -Threat Information Standardisation |
| -Network-Based Malware Protection Overview |
| -IPS Overview |
| -Next Generation Firewall Overview |
| -Email Content Security Overview |
| -Web Content Security Overview |
| -Threat Analytic Systems Overview |
| -DNS Security Overview |
| -Authentication, Authorization, and Accounting Overview |
| -Identity and Access Management Overview |
| -Virtual Private Network Technology Overview |
| -Network Security Device Form Factors Overview |
|
| Deploying Cisco ASA Firewall |
| -Cisco ASA Deployment Types |
| -Cisco ASA Interface Security Levels |
| -Cisco ASA Objects and Object Groups |
| -Network Address Translation |
| -Cisco ASA Interface ACLs |
| -Cisco ASA Global ACLs |
| -Cisco ASA Advanced Access Policies |
| -Cisco ASA High Availability Overview |
|
| Deploying Cisco Firepower Next-Generation Firewall |
| -Cisco Firepower NGFW Deployments |
| -Cisco Firepower NGFW Packet Processing and Policies |
| -Cisco Firepower NGFW Objects |
| -Cisco Firepower NGFW NAT |
| -Cisco Firepower NGFW Prefilter Policies |
| -Cisco Firepower NGFW Access Control Policies |
| -Cisco Firepower NGFW Security Intelligence |
| -Cisco Firepower NGFW Discovery Policies |
| -Cisco Firepower NGFW IPS Policies |
| -Cisco Firepower NGFW Malware and File Policies |
|
| Deploying Email Content Security |
| -Cisco Email Content Security Overview |
| -SMTP Overview |
| -Email Pipeline Overview |
| -Public and Private Listeners |
| -Host Access Table Overview |
| -Recipient Access Table Overview |
| -Mail Policies Overview |
| -Protection Against Spam and Graymail |
| -Anti-virus and Anti-malware Protection |
| -Outbreak Filters |
| -Content Filters |
| -Data Loss Prevention |
| -Email Encryption |
|
| Deploying Web Content Security |
| -Cisco WSA Overview |
| -Deployment Options |
| -Network Users Authentication |
| -HTTPS Traffic Decryption |
| -Access Policies and Identification Profiles |
| -Acceptable Use Controls Settings |
| -Anti-Malware Protection |
|
| Deploying Cisco Umbrella* |
| -Cisco Umbrella Architecture |
| -Deploying Cisco Umbrella |
| -Cisco Umbrella Roaming Client |
| -Managing Cisco Umbrella |
| -Cisco Umbrella Investigate Overview |
|
| Explaining VPN Technologies and Cryptography |
| -VPN Definition |
| -VPN Types |
| -Secure Communication and Cryptographic Services |
| -Keys in Cryptography |
| -Public Key Infrastructure |
|
| Introducing Cisco Secure Site-to-Site VPN Solutions |
| -Site-to-Site VPN Topologies |
| -IPsec VPN Overview |
| -IPsec Static Crypto Maps |
| -IPsec Static Virtual Tunnel Interface |
| -Dynamic Multipoint VPN |
| -Cisco IOS FlexVPN |
|
| Deploying Cisco IOS VTI-Based Point-to-Point |
| -Cisco IOS VTIs |
| -Static VTI Point-to-Point IPsec IKEv2 VPN Configuration |
|
| Deploying Point-to-Point IPsec VPNs on the Cisco ASA and Cisco Firepower NGFW |
| -Point-to-Point VPNs on the Cisco ASA and Cisco Firepower NGFW |
| -Cisco ASA Point-to-Point VPN Configuration |
| -Cisco Firepower NGFW Point-to-Point VPN Configuration |
|
| Introducing Cisco Secure Remote Access VPN Solutions |
| -Remote Access VPN Components |
| -Remote Access VPN Technologies |
| -SSL Overview |
|
| Deploying Remote Access SSL VPNs on the Cisco ASA and Cisco Firepower NGFW |
| -Remote Access Configuration Concepts |
| -Connection Profiles |
| -Group Policies |
| -Cisco ASA Remote Access VPN Configuration |
| -Cisco Firepower NGFW Remote Access VPN Configuration |
|
| Explaining Cisco Secure Network Access Solutions |
| -Cisco Secure Network Access |
| -Cisco Secure Network Access Components |
| -AAA Role in Cisco Secure Network Access Solution |
| -Cisco Identity Services Engine |
| -Cisco TrustSec |
|
| Describing 802.1X Authentication |
| -802.1X and EAP |
| -EAP Methods |
| -Role of RADIUS in 802.1X Communications |
| -RADIUS Change of Authorization |
|
| Configuring 802.1X Authentication |
| -Cisco Catalyst Switch 802.1X Configuration |
| -Cisco WLC 802.1X Configuration |
| -Cisco ISE 802.1X Configuration |
| -Supplicant 802.1x Configuration |
| -Cisco Central Web Authentication |
|
| Describing Endpoint Security Technologies* |
| -Host-Based Personal Firewall |
| -Host-Based Anti-Virus |
| -Host-Based Intrusion Prevention System |
| -Application Whitelists and Blacklists |
| -Host-Based Malware Protection |
| -Sandboxing Overview |
| -File Integrity Checking |
|
| Deploying Cisco AMP for Endpoints* |
| -Cisco AMP for Endpoints Architecture |
| -Cisco AMP for Endpoints Engines |
| -Retrospective Security with Cisco AMP |
| -Cisco AMP Device and File Trajectory |
| -Managing Cisco AMP for Endpoints |
|
| Introducing Network Infrastructure Protection |
| -Identifying Network Device Plans |
| -Control Plane Security Controls |
| -Management Plane Security Controls |
| -Network Telemetry |
| -Layer 2 Data Plane Security Controls |
| -Layer 3 Data Plane Security Controls |
|
| Deploying Control Plane Security Controls* |
| -Infrastructure ACLs |
| -Control Plane Policing |
| -Control Plane Protection |
| -Routing Protocol Security |
|
| Deploying Layer 2 Data Plane Security Controls* |
| -Overview of Layer 2 Data Plane Security Controls |
| -VLAN-Based Attacks Mitigation |
| -STP Attacks Mitigation |
| -Port Security |
| -Private VLANs |
| -DHCP Snooping |
| -ARP Inspection |
| -Storm Control |
| -MACsec Encryption |
|
| Deploying Layer 3 Data Plane Security Controls* |
| -Infrastructure Antispoofing ACLs |
| -Unicast Reverse Path Forwarding |
| -IP Source Guard |
|
| * This section is self-study material that can be done at your own pace if you are taking the instructor-led version of this course. |
Germany – German
