保護思科無線企業網絡考試要點(最新)
WISECURE(300-375)考試檢驗考生是否具備實施客户端設備安全,基於身份認證和服務,以及保護和監控企業無線基礎設施的能力。下面是小編整理的考試主要內容:
1.0 Integrate Client Device Security19%Hide Details
1.1. Describe Extensible Authentication Protocol (EAP) authentication process
1.2. Configure client for secure EAP authentication
1.2.a. Native OS (iOS, Android, Windows, MAC OS, year 2013+) or AnyConnect client
1.3. Describe the impact of security configurations on application and client roaming
1.3.a. Key caching
1.3.b. 802.11r
1.4. Implement 802.11w Protected Management Frame (PMF) on the WLAN
1.4.a. Client support
1.4.b. PMF modes
1.4.c. Relevant timer settings
1.5. Implement Cisco Management Frame Protection (MFP)
1.5.a. Cisco Compatible Extensions (CCX)
1.5.b. Infrastructure mode
1.5.c. Client and infrastructure mode
1.6. Describe and configure client profiling
1.6.a. ISE
1.6.b. WLC
2.0 Implement Secure Distribution System Connectivity Services on the Wireless Infrastructure24%Hide Details
2.1. Describe the impact of BYOD on wireless security
2.1.a Additional security risks
2.1.b Loss of device control
2.1.c Increased complexity of policy enforcement
2.2. Implement BYOD policies
2.2.a. Single vs dual SSID
registration
2.2.c. mDNS sharing
-Fi Direct
2.3. Implement AAA based Layer 3 security on the controller
2.3.a. Local Web Auth (LWA)
2.3.a.[i] External authentication)
2.3.a.[ii] Locally significant certificates
2.3.a.[iii] Pre-authentication ACL
2.3.a.[iv] Pass through configuration
2.4. Describe regulatory compliance considerations for protecting data and access and providing accountability
2.4.a. PCI
2.5. Utilize security audit tools for Distribution Systems
2.5.a. PI reports
2.5.b. PCI audit
3.0 Implement Secure Client Connectivity Services on the Wireless Infrastructure27%Hide Details
3.1. Implement 802.1x wireless client authentication
3.1.a. AireOS
3.1.a.[i] Local
3.1.a.[ii] Central
3.1.b. IOS-XE
3.1.c. Autonomous
3.1.c.[i] Local authentication
3.1.c.[ii] Remote authentication
3.1.d. FlexConnect
3.1.d.[i] Local authentication
3.1.d.[ii] Remote authentication
3.2. Implement Identity Based Networking (IBN)
3.2.a. AireOS
3.2.a.[i] VLANs
3.2.a.[ii] QoS
3.2.a.[iii] ACLs
3.2.b. IOS-XE
3.2.b.[i] VLANs
3.2.b.[ii] QoS
3.2.b.[iii] ACLs
3.2.c. Autonomous
3.2.c.[i] VLAN
3.2.d. FlexConnect
3.2.d.[i] VLAN
3.2.d.[ii] ACLs
3.2.d.[iii] QoS
3.3. Implement ISE AAA parameters for integration with the wireless network
3.3.a. Network device
3.3.b. IBN profile
3.4. Implement AAA based Layer 3 security using ISE
3.4.a. Utilizing ISE as AAA service
3.4.a.[i] Locally significant certificates on ISE
3.4.a.[ii] Using captive portal capabilities for guest access
3.4.b. Central Web Auth (CWA
3.4.b.[i] Returned values and overrides
3.4.b.[ii] Access accept
3.4.b.[iii] AAA override statement
3.5. Configure MSE based web authentication
3.6. Utilize security audit tools for client connectivity
3.6.a. PI reports
3.6.b. PCI audit
4.0 Implement Secure Management Access on the WLAN Infrastructure14%Hide Details
4.1. Controlling administrative access to the wireless infrastructure
4.1.a. RADIUS
4.1.b. TACACS
4.1.c. Controller and ISE integration
4.1.d. Access point administration credentials
4.2. Configure APs and switches for 802.1x access to the wired infrastructure
4.2.a. Controller based
4.2.b. Autonomous
4.3. Implement SNMPv3 on the wireless infrastructure
4.3.a. AireOS
4.3.b. IOS-XE
4.3.c. Autonomous
5.0 Monitoring Security on the WLAN Infrastructure16%Hide Details
5.1. Execute Security reports on PI
5.2. Perform Rogue Management
5.2.a. Rogue Containment on WLC and PI
5.2.b. RLDP on WLC and PI
5.2.c. SwitchPort tracing on PI
5.2.d. Location on PI
5.2.e. Rogue Rules on WLC and PI
5.3. Monitor rogue APs and clients
5.3.a. PI Maps
5.3.b. Controller
5.4. Monitor Alarms
5.4.a. 2 items
5.4.b. PI Security Tab
5.4.c. Controller Trap Logs
5.5. Identify RF related Security interferers on WLC and PI Maps
5.5.a. Jammers
5.5.b. Inverted Wi-Fi
5.5.c. Wi-Fi invalid channel
5.6. Implement wIPS
5.6.a. Enhanced Local Mode (ELM)
-
cisco常用命令大全
為幫助大家更好通過思科認證。yjbys小編為大家分想的是思科認證基本命令,歡迎參考閲讀!路由器的幾個基本命令:Router>enable進入特權模式Router#disable從特權模式返回到用户模式Router#configureterminal進入到全局配置模式Router(config)#interfaceethernet1進...
-
思科認證課程介紹
培訓期限:建議自學時間1個月,培訓機構6天基本可以講完。:建議自學時間2個月,培訓機構20天基本解決。:建議學習半年。CCNACCNA認證介紹——思科認證網絡支持工程師思科認證網絡支持工程師認證證書説明了你擁有足夠的網絡知識去提供服務給中小型企業。作為C...
-
思科路由器voip配置最新解析
在企業網絡中推廣IP語音技術有很多優點,例如可以控制數據流量,保證語音質量,充分利用企業租用的數據線路資源,節省傳統的長途話費等等。企業使用IP語音技術,可以將語音、數據和多媒體通信融合在一個集成的網絡中,並在一個企業解決方案中,把專網和公網連接起來。在2600...
-
ARCH思科網絡服務架構設計考試主要內容
ARCH思科網絡服務架構設計考試主要內容300-320ARCH思科網絡服務架構設計考試,考試時間為75分鐘,共有60-70道與思科CCDP認證相關的考題。300-320ARCH考試測試考生是否具備最新的網絡設計及技術知識,包括L2層及L3層企業架構,WAN技術,數據中心整合,網絡安全及網絡服務等...