5.0 Infrastructure Security

  • 5.1 Device security
    • 5.1.a Implement and troubleshoot IOS AAA using local database
    • 5.1.b Implement and troubleshoot device access control
    • 5.1.b (i) Lines (VTY, AUX, console)
    • 5.1.b (ii) SNMP
    • 5.1.b (iii) Management plane protection
    • 5.1.b (iv) Password encryption
    • 5.1.c Implement and troubleshoot control plane policing
    • 5.1.d Describe device security using IOS AAA with TACACS+ and RADIUS
    • 5.1.d (i) AAA with TACACS+ and RADIUS
    • 5.1.d (ii) Local privilege authorization fallback
  • 5.2 Network security
    • 5.2.a Implement and troubleshoot switch security features
    • 5.2.a (i) VACL, PACL
    • 5.2.a (ii) Stormcontrol
    • 5.2.a (iii) DHCP snooping
    • 5.2.a (iv) IP source-guard
    • 5.2.a (v) Dynamic ARP inspection
    • 5.2.a (vi) port-security
    • 5.2.a (vii) Private VLAN
    • 5.2.b Implement and troubleshoot router security features
    • 5.2.b (i) IPv4 access control lists (standard, extended, time-based)
    • 5.2.b (ii) IPv6 traffic filter
    • 5.2.b (iii) Unicast reverse path forwarding
    • 5.2.c Implement and troubleshoot IPv6 first hop security
    • 5.2.c (i) RA guard
    • 5.2.c (ii) DHCP guard
    • 5.2.c (iii) Binding table
    • 5.2.c (iv) Device tracking
    • 5.2.c (v) ND inspection/snooping
    • 5.2.c (vii) Source guard
    • 5.2.c (viii) PACL
    • 5.2.d Describe 802.1x
    • 5.2.d (i) 802.1x, EAP, RADIUS
    • 5.2.d (ii) MAC authentication bypass