三网IT教育—CCIE安全认证

cloudonline

CCIE Security简介

---

   CCIE安全认证证明了你拥有对思科网络安全解决方案进行部署、维护及支持的专业级技能。考生需要对笔试、实验考试要点具备深入的理解，推荐在网络安全领域拥有工作经验的人士参加该门考试。

   欲在2012年11月19日之后参加考试的考生，请参照CCIE安全笔试要点v4.0和CCIE安全实验考试要点v4.0备考。

---

CCIE Security课程大纲

---

1.00 Infrastructure, Connectivity, Communications, Network Security
1.1 Network Addressing Basics
1.2 OSI Layers
1.3 TCP/UDP/IP
1.4 LAN Switching (e.g. VTP, VLANs, Spanning Tree, Trunking)
1.5 Routing Protocols (RIP, EIGRP, OSPF, and BGP)
1.6 Tunneling Protocols
1.7 IP Multicast
1.8 Wireless
1.9 Authentication/Authorization Technologies
1.10 VPNs
1.11 Mobile IP Networks
2.00 Security Protocols
2.1 Rivest, Shamir and Adleman (RSA)
2.2 Rivest Cipher 4 (RC4)
2.3 Message Digest 5 (MD5)
2.4 Secure Hash Algorithm (SHA)
2.5 Data Encryption Standard (DES)
2.6 Triple DES (3DES)
2.7 Advanced Encryption Standard (AES)
2.8 IP Security (IPsec)
2.9 Internet Security Association and Key Management Protocol (ISAKMP)
2.10 Internet Key Exchange IKE/IKEv2
2.11 Group Domain of Interpretation (GDOI)
2.12 Authentication Header (AH)
2.13 Encapsulating Security Payload (ESP)
2.14 Certificate Enrollment Protocol (CEP)
2.15 Transport Layer Security TLS/DTLS
2.16 Secure Sockets Layer (SSL)
2.17 Secure Shell (SSH) Protocol
2.18 Remote Authentication Dial In User Service (RADIUS)
2.19 Terminal Access Controller Access-Control System Plus (TACACS+)
2.20 Lightweight Directory Access Protocol (LDAP)
2.21 EAP Methods (e.g. EAP-MD5, EAP-TLS, EAP-TTLS, EAP-FAST, PEAP, LEAP)
2.22 Public Key Infrastructure (PKI)/PKIX/PKCS
2.23 802.1X
2.24 WEP/WPA/WPA2
2.25 Web Cache Communication Protocol (WCCP)
2.26 Secure Group Tagging Exchange Protocol (SXP)
2.27 MacSec
2.28 DNSSec
3.00 Application and Infrastructure Security
3.1 Hypertext Transfer Protocol (HTTP)
3.2 Hypertext Transfer Protocol Secure (HTTPS)
3.3 Simple Mail Transfer Protocol (SMTP)
3.4 Dynamic Host Configuration Protocol (DHCP)
3.5 Domain Name System (DNS)
3.6 File Transfer Protocol (FTP/SFTP)
3.7 Trivial File Transfer Protocol (TFTP)
3.8 Network Time Protocol (NTP)
3.9 Simple Network Management Protocol (SNMP)
3.10 Syslog
3.11 Netlogon, Netbios, SMB
3.12 RPCs
3.13 RDP/VNC
3.14 PCoIP
3.15 OWASP
3.16 Basic Unnecessary Services
4.00 Threats, Vulnerability Analysis and Mitigation
4.1 Recognizing and Mitigating Common Attacks
4.2 Software/OS Exploits
4.3 Security/Attack Tools
4.4 Generic Network Intrusion Prevention Concepts
4.5 Packet Filtering
4.6 Content Filtering/Packet Inspection
4.7 Endpoint/Posture Assessment
4.8 QoS Marking Attacks
5.00 Cisco Security Products, Features, and Management
5.1 Cisco Adaptive Security Appliance (ASA)
5.2 Cisco IOS Firewalls and NAT
5.3 Cisco Intrusion Prevention Systems (IPSs)
5.4 Cisco IOS IPS
5.5 Cisco AAA Protocols and Application
5.6 Cisco Identity Services Engine
5.7 Cisco Secure ACS Solution Engine
5.8 Cisco Network Admission Control (NAC) Appliance Server
5.9 Endpoint/Client
5.10 Secure Access Gateways (Cisco IOS Router/ASA)
5.11 Virtual Security Gateway
5.12 Cisco Catalyst 6500 Series Security Services Modules
5.13 Scansafe Functionality and Components
5.14 IronPort Products
5.15 Security Management
6.00 Cisco Security Technologies and Solutions
6.1 Router Hardening Features (e.g. CoPP, MPP, uRPF, PBR)
6.2 Switch Security Features (e.g. anti-spoofing, port, STP, MacSec , NDAC, NEAT)
6.3 NetFlow
6.4 Wireless Security
6.5 Network Segregation
6.6 VPN Solutions
6.7 Content and Packet Filtering
6.8 QoS application for security
6.9 Load Balancing and Failover
7.00 Security Policies and Procedures, Best Practices, Standards
7.1 Security Policy Elements
7.2 Information Security Standards (e.g. ISO/IEC 27001, ISO/IEC 27002)
7.3 Standards Bodies (e.g. ISO, IEC, ITU, ISOC, IETF, IAB, IANA, ICANN)
7.4 Industry Best Practices (e.g. SOX, PCI DSS)
7.5 Common RFC/BCP (e.g. RFC2827/BCP38, RFC3704/BCP84,RFC5735)
7.6 Security Audit and Validation
7.7 Risk Assessment
7.8 Change Management Process
7.9 Incident Response Framework
7.10 Computer Security Forensics
7.11 Desktop Security Risk Assessment/Desktop Security Risk Management

更多详细课程请参考课程大纲详解页面

---

认证步骤

---

第一步：CCIE安全笔试
您必须通过两小时的资格笔试，以获取参加实践考试的资格，笔试内容涵盖了网络概念和一些设备命令。
笔试概述 (350-018)
参加考试

---

第二步：CCIE安全实验考试
CCIE安全实验考试总长8小时，将测试您在限时的测试情况下，运行一个安全网络的能力。您必须在通过笔试后的3年内通过实验考试，以获取CCIE安全认证，且第一次尝试实验考试必须在18个月内。
实验考试概述
参加考试

该贴已经同步到 cloudonline的微博

shi351953026