保护思科无线企业网络考试要点
保护思科无线企业网络(300-375)是获得思科CCNP认证需要通过的`一项考试。考试时间为90分钟,包括60-70道考题。WISECURE(300-375)考试证明通过的考生具备实施客户端设备安全,基于身份认证和服务,以及保护和监控企业无线基础设施。
以下是保护思科无线企业网络(300-375)考试的主要内容和考点。
1.0 Integrate Client Device Security19%Hide Details
1.1. Describe Extensible Authentication Protocol (EAP) authentication process
1.2. Configure client for secure EAP authentication
1.2.a. Native OS (iOS, Android, Windows, MAC OS, year 2013+) or AnyConnect client
1.3. Describe the impact of security configurations on application and client roaming
1.3.a. Key caching
1.3.b. 802.11r
1.4. Implement 802.11w Protected Management Frame (PMF) on the WLAN
1.4.a. Client support
1.4.b. PMF modes
1.4.c. Relevant timer settings
1.5. Implement Cisco Management Frame Protection (MFP)
1.5.a. Cisco Compatible Extensions (CCX)
1.5.b. Infrastructure mode
1.5.c. Client and infrastructure mode
1.6. Describe and configure client profiling
1.6.a. ISE
1.6.b. WLC
2.0 Implement Secure Distribution System Connectivity Services on the Wireless Infrastructure24%Hide Details
2.1. Describe the impact of BYOD on wireless security
2.1.a Additional security risks
2.1.b Loss of device control
2.1.c Increased complexity of policy enforcement
2.2. Implement BYOD policies
2.2.a. Single vs dual SSID
registration
2.2.c. mDNS sharing
-Fi Direct
2.3. Implement AAA based Layer 3 security on the controller
2.3.a. Local Web Auth (LWA)
2.3.a.[i] External authentication)
2.3.a.[ii] Locally significant certificates
2.3.a.[iii] Pre-authentication ACL
2.3.a.[iv] Pass through configuration
2.4. Describe regulatory compliance considerations for protecting data and access and providing accountability
2.4.a. PCI
2.5. Utilize security audit tools for Distribution Systems
2.5.a. PI reports
2.5.b. PCI audit
3.0 Implement Secure Client Connectivity Services on the Wireless Infrastructure27%Hide Details
3.1. Implement 802.1x wireless client authentication
3.1.a. AireOS
3.1.a.[i] Local
3.1.a.[ii] Central
3.1.b. IOS-XE
3.1.c. Autonomous
3.1.c.[i] Local authentication
3.1.c.[ii] Remote authentication
3.1.d. FlexConnect
3.1.d.[i] Local authentication
3.1.d.[ii] Remote authentication
3.2. Implement Identity Based Networking (IBN)
3.2.a. AireOS
3.2.a.[i] VLANs
3.2.a.[ii] QoS
3.2.a.[iii] ACLs
3.2.b. IOS-XE
3.2.b.[i] VLANs
3.2.b.[ii] QoS
3.2.b.[iii] ACLs
3.2.c. Autonomous
3.2.c.[i] VLAN
3.2.d. FlexConnect
3.2.d.[i] VLAN
3.2.d.[ii] ACLs
3.2.d.[iii] QoS
3.3. Implement ISE AAA parameters for integration with the wireless network
3.3.a. Network device
3.3.b. IBN profile
3.4. Implement AAA based Layer 3 security using ISE
3.4.a. Utilizing ISE as AAA service
3.4.a.[i] Locally significant certificates on ISE
3.4.a.[ii] Using captive portal capabilities for guest access
3.4.b. Central Web Auth (CWA
3.4.b.[i] Returned values and overrides
3.4.b.[ii] Access accept
3.4.b.[iii] AAA override statement
3.5. Configure MSE based web authentication
3.6. Utilize security audit tools for client connectivity
3.6.a. PI reports
3.6.b. PCI audit
4.0 Implement Secure Management Access on the WLAN Infrastructure14%Hide Details
4.1. Controlling administrative access to the wireless infrastructure
4.1.a. RADIUS
4.1.b. TACACS
4.1.c. Controller and ISE integration
4.1.d. Access point administration credentials
4.2. Configure APs and switches for 802.1x access to the wired infrastructure
4.2.a. Controller based
4.2.b. Autonomous
4.3. Implement SNMPv3 on the wireless infrastructure
4.3.a. AireOS
4.3.b. IOS-XE
4.3.c. Autonomous
5.0 Monitoring Security on the WLAN Infrastructure16%Hide Details
5.1. Execute Security reports on PI
5.2. Perform Rogue Management
5.2.a. Rogue Containment on WLC and PI
5.2.b. RLDP on WLC and PI
5.2.c. SwitchPort tracing on PI
5.2.d. Location on PI
5.2.e. Rogue Rules on WLC and PI
5.3. Monitor rogue APs and clients
5.3.a. PI Maps
5.3.b. Controller
5.4. Monitor Alarms
5.4.a. 2 items
5.4.b. PI Security Tab
5.4.c. Controller Trap Logs
5.5. Identify RF related Security interferers on WLC and PI Maps
5.5.a. Jammers
5.5.b. Inverted Wi-Fi
5.5.c. Wi-Fi invalid channel
5.6. Implement wIPS
5.6.a. Enhanced Local Mode (ELM)
-
解析CCNA考试流程及注意事项
思科认证网络支持工程师认证证书说明了你拥有足够的网络知识去提供服务给中小型企业。yjbys小编整理了一些关于CCNA考试流程及注意事项,欢迎大家参考!1.CCNA—思科认证网络工程师,是思科厂商认证考试。考试要求:对学历、专业、年龄没有要求。考试时间:是商业...
-
2017思科数据中心基础设施考试大纲
思科数据中心基础设施考试检验考生是否具备实施数据中心基础设施相关知识,包括关键网络协议,路由和交换协议,维护,管理,操作,安全及存储等相关知识。下面是该科考试大纲:考试说明:思科数据中心基础设施(DCII)考试(300-165)考试时间为90分钟,60-70道考题。思科数据中心基...
-
思科交换机配置及电脑开机自检
思科认证考试已经在紧张的备考中了,下面yjbys小编为大家提供的是思科认证的复习资料,希望对大家有所帮助!(一)交换机的配置一直以来是非常神秘的,不仅对于一般用户,对于绝大多数网管人员来说也是如此,同时也是作为网管水平高低衡量的一个重要而又基本的标志。这主要...
-
思科数据中心认证项目简介
思科还提供了多种专门的思科合格专家认证,以显示专业人士在特定的技术、解决方案或者职务角色方面的知识。以下是小编整理的关于思科数据中心认证项目,希望大家认真阅读!对于数据中心架构领域的IT专业人士的需求企业级数据中心主要支持物联网(IoT)相关、大数据、...