Training
Cisco Certified Network Associate Security (CCNA Security)
Cisco Certified Network Associate Security (CCNA Security) validates associate-level knowledge and skills required to secure Cisco networks. With a CCNA Security certification, a network professional demonstrates the skills required to develop a security infrastructure, recognize threats and vulnerabilities to networks, and mitigate security threats. The CCNA Security curriculum emphasizes core security technologies, the installation, troubleshooting and monitoring of network devices to maintain integrity, confidentiality and availability of data and devices, and competency in the technologies that Cisco uses in its security structure.

Valid CCNA or any CCIE Certification can act as a pre-requisite.

CCNA Security certifications are valid for three years. To recertify, pass ONE of the following before the certification expiration date:

  • Pass any current CCNA Concentration exam (wireless, or security, or voice, or SP Ops),
  • or Pass any current 642-XXX Professional level exam,
  • or Pass any current Cisco Specialist exam (excluding Sales Specialist exams or MeetingPlace Specialist exams or Implementing Cisco Telepresence Installations [ITI] exams),
  • or Pass any current CCIE Written Exam,
  • or Pass the current CCDE Written Exam OR current CCDE Practical Exam,
  • or Pass the Cisco Certified Architect (CCAr) interview AND the CCAr board review to extend lower certifications
CCNA SECURITY EXAMS & RECOMMENDED TRAINING
REQUIRED EXAM(S) RECOMMENDED TRAINING
640-553 IINS Implementing Cisco IOS Network Security (IINS)

Upon completing this course, the learner will be able to meet these overall objectives:

  • Develop a comprehensive network security policy to counter threats against information security.
  • Configure routers on the network perimeter with Cisco IOS Software security features.
  • Configure a Cisco IOS zone-based firewall to perform basic security operations on a network.
  • Configure site-to-site VPNs using Cisco IOS features. Configure IPS on Cisco network routers.
  • Configure LAN devices to control access, resist attacks, shield other network devices and systems, and protect the integrity and confidentiality of network traffic.

  • Module 1: Introduction to Network Security Principles
  • Module 2: Perimeter Security
  • Module 3: Network Security Using Cisco IOS Firewalls
  • Module 4: Site-to-Site VPNs
  • Module 5: Network Security Using Cisco IOS IPS
  • Module 6: LAN, SAN, Voice, and Endpoint Security Overview

The following topics are general guidelines for the content likely to be included on the Implementing Cisco IOS Network Security (IINS) exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

  • Describe and list mitigation methods for common network attacks
  • Describe and list mitigation methods for Worm, Virus, and Trojan Horse attacks
  • Describe the Cisco Self Defending Network architecture

  • Secure Cisco routers using the SDM Security Audit feature
  • Use the One-Step Lockdown feature in SDM to secure a Cisco router
  • Secure administrative access to Cisco routers by setting strong encrypted passwords, exec timeout, login failure rate and using IOS login enhancements
  • Secure administrative access to Cisco routers by configuring multiple privilege levels Secure administrative access to Cisco routers by configuring role based CLI
  • Secure the Cisco IOS image and configuration file

  • Explain the functions and importance of AAA
  • Describe the features of TACACS+ and RADIUS AAA protocols
  • Configure AAA authentication
  • Configure AAA authorization
  • Configure AAA accounting

  • Explain the functionality of standard, extended, and named IP ACLs used by routers to filter packets
  • Configure and verify IP ACLs to mitigate given threats (filter IP traffic destined for Telnet, SNMP, and DDoS attacks) in a network using CLI
  • Configure IP ACLs to prevent IP address spoofing using CLI
  • Discuss the caveats to be considered when building ACLs

  • Use CLI and SDM to configure SSH on Cisco routers to enable secured management access
  • Use CLI and SDM to configure Cisco routers to send Syslog messages to a Syslog server

Describe how to prevent layer 2 attacks by configuring basic Catalyst switch security features

  • Describe the operational strengths and weaknesses of the different firewall technologies
  • Explain stateful firewall operations and the function of the state table
  • Implement Zone Based Firewall using SDM

  • Define network based vs. host based intrusion detection and prevention
  • Explain IPS technologies, attack responses, and monitoring options
  • Enable and verify Cisco IOS IPS operations using SDM

  • Explain the different methods used in cryptography
  • Explain IKE protocol functionality and phases
  • Describe the building blocks of IPSec and the security functions it provides
  • Configure and verify an IPSec site-to-site VPN with pre-shared key authentication using SDM

 
Find More information at: https://learningnetwork.cisco.com/community/certifications/security_ccna/syllabus