Module 1: Describing Information Security Concepts*
- Information Security Overview
- Assets, Vulnerabilities, and Countermeasures
- Managing Risk
- Vulnerability Assessment
- Understanding Common Vulnerability Scoring System (CVSS)
Module 2: Describing Common TCP/IP Attacks*
- Legacy TCP/IP Vulnerabilities
- IP Vulnerabilities
- Internet Control Message Protocol (ICMP) Vulnerabilities
Module 3: Describing Common Network Application Attacks*
- Password Attacks
- Domain Name System (DNS)-Based Attacks
- DNS Tunneling
Module 4: Describing Common Endpoint Attacks*
- Buffer Overflow
- Malware
- Reconnaissance Attack
Module 5: Describing Network Security Technologies
- Defense-in-Depth Strategy
- Defending Across the Attack Continuum
- Network Segmentation and Virtualization Overview
Module 6: Deploying Cisco ASA Firewall
- Cisco ASA Deployment Types
- Cisco ASA Interface Security Levels
- Cisco ASA Objects and Object Groups
Module 7: Deploying Cisco Firepower Next-Generation Firewall
- Cisco Firepower NGFW Deployments
- Cisco Firepower NGFW Packet Processing and Policies
- Cisco Firepower NGFW Objects
Module 8: Deploying Email Content Security
- Cisco Email Content Security Overview
- Simple Mail Transfer Protocol (SMTP) Overview
- Email Pipeline Overview
Module 9: Deploying Web Content Security
- Cisco Web Security Appliance (WSA) Overview
- Deployment Options
- Network Users Authentication
Module 10: Deploying Cisco Umbrella*
- Cisco Umbrella Architecture
- Deploying Cisco Umbrella
- Cisco Umbrella Roaming Client
Module 11: Explaining VPN Technologies and Cryptography
- VPN Definition
- VPN Types
- Secure Communication and Cryptographic Services
Module 12: Introducing Cisco Secure Site-to-Site VPN Solutions
- Site-to-Site VPN Topologies
- IPsec VPN Overview
- IPsec Static Crypto Maps
Module 13: Deploying Cisco IOS VTI-Based Point-to-Point IPsec VPNs
- Cisco IOS VTIs
- Static VTI Point-to-Point IPsec Internet Key Exchange (IKE) v2 VPN Configuration
Module 14: Deploying Point-to-Point IPsec VPNs on the Cisco ASA and Cisco Firepower NGFW
- Point-to-Point VPNs on the Cisco ASA and Cisco Firepower NGFW
- Cisco ASA Point-to-Point VPN Configuration
- Cisco Firepower NGFW Point-to-Point VPN Configuration
Module 15: Introducing Cisco Secure Remote Access VPN Solutions
- Remote Access VPN Components
- Remote Access VPN Technologies
- Secure Sockets Layer (SSL) Overview
Module 16: Deploying Remote Access SSL VPNs on the Cisco ASA and Cisco Firepower NGFW
- Remote Access Configuration Concepts
- Connection Profiles
- Group Policies
Module 17: Explaining Cisco Secure Network Access Solutions
- Cisco Secure Network Access
- Cisco Secure Network Access Components
- AAA Role in Cisco Secure Network Access Solution
Module 18: Describing 802.1X Authentication
- 802.1X and Extensible Authentication Protocol (EAP)
- EAP Methods
- Role of Remote Authentication Dial-in User Service (RADIUS) in 802.1X Communications
Module 19: Configuring 802.1X Authentication
- Cisco Catalyst® Switch 802.1X Configuration
- Cisco Wireless LAN Controller (WLC) 802.1X Configuration
- Cisco Identity Services Engine (ISE) 802.1X Configuration
Module 20: Describing Endpoint Security Technologies*
- Host-Based Personal Firewall
- Host-Based Anti-Virus
- Host-Based Intrusion Prevention System
Module 21: Deploying Cisco Advanced Malware Protection (AMP) for Endpoints*
- Cisco AMP for Endpoints Architecture
- Cisco AMP for Endpoints Engines
- Retrospective Security with Cisco AMP
Module 22: Introducing Network Infrastructure Protection*
- Identifying Network Device Planes
- Control Plane Security Controls
- Management Plane Security Controls
Module 23: Deploying Control Plane Security Controls*
- Infrastructure ACLs
- Control Plane Policing
- Control Plane Protection
Module 24: Deploying Layer 2 Data Plane Security Controls*
- Overview of Layer 2 Data Plane Security Controls
- Virtual LAN (VLAN)-Based Attacks Mitigation
- Spanning Tree Protocol (STP) Attacks Mitigation
Module 25: Deploying Layer 3 Data Plane Security Controls*
- Infrastructure Antispoofing ACLs
- Unicast Reverse Path Forwarding
- IP Source Guard
Module 26: Deploying Management Plane Security Controls*
- Cisco Secure Management Access
- Simple Network Management Protocol Version 3
- Secure Access to Cisco Devices
Module 27: Deploying Traffic Telemetry Methods*
- Network Time Protocol
- Device and Network Events Logging and Export
- Network Traffic Monitoring Using NetFlow
Module 28: Deploying Cisco Stealthwatch Enterprise*
- Cisco Stealthwatch Offerings Overview
- Cisco Stealthwatch Enterprise Required Components
- Flow Stitching and Deduplication
Module 29: Describing Cloud and Common Cloud Attacks**
- Evolution of Cloud Computing
- Cloud Service Models
- Security Responsibilities in Cloud
Module 30: Securing the Cloud*
- Cisco Threat-Centric Approach to Network Security
- Cloud Physical Environment Security
- Application and Workload Security
Module 31: Deploying Cisco Stealthwatch Cloud*
- Cisco Stealthwatch Cloud for Public Cloud Monitoring
- Cisco Stealthwatch Cloud for Private Network Monitoring
- Cisco Stealthwatch Cloud Operations
Module 32: Describing Software-Defined Networking (SDN*)
- Software-Defined Networking Concepts
- Network Programmability and Automation
- Cisco Platforms and APIs
- Basic Python Scripts for Automation
LAB OUTLINE
- Configure Network Settings and NAT on Cisco ASA
- Configure Cisco ASA Access Control Policies
- Configure Cisco Firepower NGFW NAT
- Configure Cisco Firepower NGFW Access Control Policy
- Configure Cisco Firepower NGFW Discovery and IPS Policy
- Configure Cisco NGFW Malware and File Policy
- Configure Listener, Host Access Table (HAT), and Recipient Access Table (RAT) on Cisco Email Security Appliance (ESA)
- Configure Mail Policies
- Configure Proxy Services, Authentication, and HTTPS Decryption
- Enforce Acceptable Use Control and Malware Protection
- Examine the Umbrella Dashboard
- Examine Cisco Umbrella Investigate
- Explore DNS Ransomware Protection by Cisco Umbrella
- Configure Static VTI Point-to-Point IPsec IKEv2 Tunnel
- Configure Point-to-Point VPN between the Cisco ASA and Cisco Firepower NGFW
- Configure Remote Access VPN on the Cisco Firepower NGFW
- Explore Cisco AMP for Endpoints
- Perform Endpoint Analysis Using AMP for Endpoints Console
- Explore File Ransomware Protection by Cisco AMP for Endpoints Console
- Explore Cisco Stealthwatch Enterprise v6.9.3
- Explore Cognitive Threat Analytics (CTA) in Stealthwatch Enterprise v7.0
- Explore the Cisco Cloudlock Dashboard and User Security
- Explore Cisco Cloudlock Application and Data Security
- Explore Cisco Stealthwatch Cloud
- Explore Stealthwatch Cloud Alert Settings, Watchlists, and Sensors