Cisco Certified Network Professional Security » Khóa Học CCNP Security CORE (SCOR 350-701)

Thời gian khóa học: 60 giờ
Điều kiện tiên quyết:

Hoàn thành chương trình học Khóa Học CCNA - Implementing and Administering Cisco Solutions (200-301) hoặc tương đương.

Giới thiệu
Nội dung khóa học
Lịch trình học

Implementing And Operating Cisco Security Core Technologies – SCOR (350-701) là khóa học bắt buộc trong chương trình CCNP Security. Khóa học SCOR (350-701) cung cấp những kiến thức để người học có thể hiểu, triển khai và vận hành các công nghệ bảo mật cốt lõi của Cisco bao gồm: network security, cloud security, content security, endpoint protection & detection, secure network access, visibility and enforcement.


Implementing And Operating Cisco Security Core Technologies – SCOR (350-701) cũng là bài thi bắt buộc nếu bạn muốn lấy chứng chỉ chuyên gia bảo mật Cisco CCIE Security. 

SECURITY CONCEPTS

  • Explain common threats against on-premises and cloud environments
    • On-premises: viruses, trojans, DoS/DDoS attacks, phishing, rootkits, man-in-themiddle attacks, SQL injection, cross-site scripting, malware
    • Cloud: data breaches, insecure APIs, DoS/DDoS, compromised credentials
  • Compare common security vulnerabilities such as software bugs, weak and/or hardcoded passwords, SQL injection, missing encryption, buffer overflow, path traversal, cross-site scripting/forgery
  • Describe functions of the cryptography components such as hashing, encryption, PKI, SSL, IPsec, NAT-T IPv4 for IPsec, pre-shared key and certificate based authorization
  • Compare site-to-site VPN and remote access VPN deployment types such as sVTI, IPsec, Cryptomap, DMVPN, FLEXVPN including high availability considerations, and AnyConnect
  • Describe security intelligence authoring, sharing, and consumption
  • Explain the role of the endpoint in protecting humans from phishing and social engineering attacks
  • Explain North Bound and South Bound APIs in the SDN architecture
  • Explain DNAC APIs for network provisioning, optimization, monitoring, and troubleshooting
  • Interpret basic Python scripts used to call Cisco Security appliances APIs.

 

 

NETWORK SECURIY

  • Compare network security solutions that provide intrusion prevention and firewall capabilities
  • Describe deployment models of network security solutions and architectures that provide intrusion prevention and firewall capabilities
  • Describe the components, capabilities, and benefits of NetFlow and Flexible NetFlow records
  • Configure and verify network infrastructure security methods (router, switch, wireless)
    • Layer 2 methods (Network segmentation using VLANs and VRF-lite; Layer 2 and port security; DHCP snooping; Dynamic ARP inspection; storm control; PVLANs to segregate network traffic; and defenses against MAC, ARP, VLAN hopping, STP, and DHCP rogue attacks
    • Device hardening of network infrastructure security devices (control plane, data plane, management plane, and routing protocol security)
  • Implement segmentation, access control policies, AVC, URL filtering, and malware protection
  • Implement management options for network security solutions such as intrusion prevention and perimeter security (Single vs. multidevice manager, in-band vs. out-ofband, CDP, DNS, SCP, SFTP, and DHCP security and risks)
  • Configure AAA for device and network access (authentication and authorization, TACACS+, RADIUS and RADIUS flows, accounting, and dACL)
  • Configure secure network management of perimeter security and infrastructure devices(secure device management, SNMPv3, views, groups, users, authentication, and encryption, secure logging, and NTP with authentication)
  • Configure and verify site-to-site VPN and remote access VPN
    • Site-to-site VPN utilizing Cisco routers and IOS
    • Remote access VPN using Cisco AnyConnect Secure Mobility client
    • Debug commands to view IPsec tunnel establishment and troubleshooting.

SECURING THE CLOUD

  • Identify security solutions for cloud environments
    • Public, private, hybrid, and community clouds
    • Cloud service models: SaaS, PaaS, IaaS (NIST 800-145)
  • Compare the customer vs. provider security responsibility for the different cloud service models
    • Patch management in the cloud
    • Security assessment in the cloud
    • Cloud-delivered security solutions such as firewall, management, proxy, security intelligence, and CASB
  • Describe the concept of DevSecOps (CI/CD pipeline, container orchestration, and security
  • Implement application and data security in cloud environments
  • Identify security capabilities, deployment models, and policy management to secure the cloud
  • Describe application and workload security concepts.

ENDPOINT PROTECTION AND DETECTION

  • Compare Endpoint Protection Platforms (EPP) and Endpoint Detection & Response (EDR) solutions
  • Explain antimalware, retrospective security, Indication of Compromise (IOC), antivirus, dynamic file analysis, and endpoint-sourced telemetry
  • Configure and verify outbreak control and quarantines to limit infection
  • Describe justifications for endpoint-based security
  • Describe the value of endpoint device management and asset inventory such as MDM
  • Describe the uses and importance of a multifactor authentication (MFA) strategy
  • Describe endpoint posture assessment solutions to ensure endpoint security
  • Explain the importance of an endpoint patching strategy.

SECURE NETWORK ACCESS, VISIBILITY AND ENFORCEMENT

  • Describe identity management and secure network access concepts such as guest
  • services, profiling, posture assessment and BYOD
  • Configure and verify network access device functionality such as 802.1X, MAB, WebAuth
  • Describe network access with CoA
  • Describe the benefits of device compliance and application control
  • Explain exfiltration techniques (DNS tunneling, HTTPS, email, FTP/SSH/SCP/SFTP, ICMP, Messenger, IRC, NTP)
  • Describe the benefits of network telemetry
  • Describe the components, capabilities, and benefits of these security products and solutions
    • Cisco Stealthwatch
    • Cisco Stealthwatch Cloud
    • Cisco pxGrid
    • Cisco Umbrella Investigate
    • Cisco Cognitive Threat Analytics
    • Cisco Encrypted Traffic Analytics
    • Cisco AnyConnect Network Visibility Module (NVM).

 

Implementing and Operating Cisco Security Core Technologies (SCOR 350-701)

CHỦ ĐỀ BÀI HỌC

 

Security Concepts

 
  • Explain common threats & Compare common security vulnerabilities:
    • Viruses, trojans, DoS/DDoS attacks, phishing, rootkits, man-in-themiddle attacks, SQL injection, cross-site scripting, malware
    • Software bugs, weak and/or hardcoded passwords, SQL injection, missing encryption, buffer overflow, path traversal, cross-site scripting/forgery
  • Explain the role of the endpoint in protecting humans from phishing and social engineering attacks
  • Describe security intelligence authoring, sharing, and consumption

 

Infrastructure Hardening

 
  • Configure and verify network infrastructure security methods:
    • Layer 2 methods (Network segmentation using VLANs and VRF-lite; Layer 2 and port security; DHCP snooping; Dynamic ARP inspection; storm control)  
    • PVLANs to segregate network traffic
    • Defenses against MAC, ARP, VLAN hopping, STP, and DHCP rogue attacks
    • Device hardening of network infrastructure security devices (control plane, data plane, management plane, and routing protocol security)

 

NETWORK SECURITY

 
  • Describe deployment models of network security solutions and architectures that provide intrusion prevention and firewall capabilities.
  • Implement ASA firewall features.
  • Cisco Next-Generation Firewall (NGFW)
    • Implement segmentation.
    • Access control policies.
    • AVC.
    • URL filtering
    • Malware protection

 

VPN

 
  • Describe functions of the cryptography components such as hashing, encryption, PKI, SSL, IPsec, NAT-T IPv4 for IPsec, pre-shared key and certificate based authorization
  • Compare site-to-site VPN and remote access VPN deployment types such as sVTI, IPsec, Cryptomap, DMVPN, FLEXVPN including high availability considerations, and AnyConnect
  • Configure and verify site-to-site VPN and remote access VPN
    • Site-to-site VPN utilizing Cisco routers and IOS
    • Remote access VPN using Cisco AnyConnect Secure Mobility client
    • Debug commands to view IPsec tunnel establishment and troubleshooting

 

Content Security

 
  • Web Security
    • Describe web proxy identity and authentication including transparent user identification
    • Compare the components, capabilities, and benefits of local and cloud-based email and web solutions (ESA, CES, WSA)
    • Describe the components, capabilities, and benefits of Cisco Umbrella
    • Configure and verify web security controls on Cisco Umbrella (identities, URL content settings, destination lists, and reporting)
  • Email Security
    • Configure and verify email security features such as SPAM filtering, antimalware filtering, DLP, blacklisting, and email encryption
    • Configure and verify secure internet gateway and web security features such as blacklisting, URL filtering, malware scanning, URL categorization, web application filtering, and TLS decryption

 

Secure Network Access

 
  • Configure AAA for device and network access (authentication and authorization, TACACS+, RADIUS and RADIUS flows, accounting, and dACL)
  • Configure and verify network access device functionality such as 802.1X, MAB, WebAuth
  • Describe network access with CoA.

 

Endpoint Protection and Detection

 
  • Configure and verify outbreak control and quarantines to limit infection
  • Describe justifications for endpoint-based security
  • Describe the value of endpoint device management and asset inventory such as MDM
  • Describe the uses and importance of a multifactor authentication (MFA) strategy
  • Describe endpoint posture assessment solutions to ensure endpoint security
  • Explain the importance of an endpoint patching strategy

 

Network Telemetry, Visibility, and Enforcement

 
  • Configure secure network management of perimeter security and infrastructure devices (secure device management, SNMPv3, views, groups, users, authentication, and encryption, secure logging, and NTP with authentication)
  • Describe the components, capabilities, and benefits of NetFlow and Flexible NetFlow records
  • Explain exfiltration techniques (DNS tunneling, HTTPS, email, FTP/SSH/SCP/SFTP, ICMP, Messenger, IRC, NTP)
  • Describe the benefits of device compliance and application control
  • Describe the components, capabilities, and benefits of these security products and solutions:
    • Cisco Stealthwatch & Stealthwatch Cloud
    • Cisco pxGrid
    • Cisco Umbrella Investigate
    • Cisco Cognitive Threat Analytics
    • Cisco Encrypted Traffic Analytics
    • Cisco AnyConnect Network Visibility Module (NVM)

 

Securing the Cloud & SDN

 
  • Identify security solutions for cloud environments
    • Public, private, hybrid, and community clouds
    • Cloud service models: SaaS, PaaS, IaaS (NIST 800-145)
  • Compare the customer vs. provider security responsibility for the different cloud service models
    • Patch management in the cloud
    • Security assessment in the cloud
    • Cloud-delivered security solutions such as firewall, management, proxy, security intelligence, and CASB
  • Describe data breaches, insecure APIs, DoS/DDoS, compromised credentials
  • SDN Architecture:
    • Explain North Bound and South Bound APIs in the SDN architecture
    • Interpret basic Python scripts used to call Cisco Security appliances APIs.
Chương trình đào tạo