5% 4.0 Infrastructure Security
4.1 Device security
4.1.a Implement and troubleshoot IOS AAA using local database
4.1.b Implement and troubleshoot device access control
2013 Cisco Systems, Inc. This document is Cisco Public. Page 7
4.1.b (i) Lines (VTY, AUX, console)
4.1.b (ii) SNMP
4.1.b (iii) Management plane protection
4.1.b (iv) Password encryption
4.1.c Implement and troubleshoot control plane policing
4.2 Network security
4.2.a Implement and troubleshoot switch security features
4.2.a (i) VACL, PACL
4.2.a (ii) Stormcontrol
4.2.a (iii) DHCP snooping
4.2.a (iv) IP source-guard
4.2.a (v) Dynamic ARP inspection
4.2.a (vi) Port-security
4.2.a (vii) Private VLAN
4.2.b Implement and troubleshoot router security features
4.2.b (i) IPv4 access control lists (standard, extended, time-based)
4.2.b (ii) IPv6 traffic filter
4.2.b (iii) Unicast reverse path forwarding
4.2.c Implement and troubleshoot IPv6 first hop security
4.2.c (i) RA guard
4.2.c (ii) DHCP guard
4.2.c (iii) Binding table
4.2.c (iv) Device tracking
4.2.c (v) ND inspection/snooping
4.2.c (vi) Source guard
4.2.c (vii) PACL
4.3 Troubleshooting infrastructure security
4.3.a Use IOS troubleshooting tools
4.3.a (i) debug, conditional debug
4.3.a (ii) ping, traceroute with extended options
4.3.a (iii) Embedded packet capture
4.3.b Apply troubleshooting methodologies
4.3.b (i) Diagnose the root cause of networking issue (analyze symptoms,
identify and describe root cause)
4.3.b (ii) Design and implement valid solutions according to constraints
4.3.b (iii) Verify and monitor resolution
4.3.c Interpret packet capture
4.3.c (i) Using wireshark trace analyzer
4.3.c (ii) Using IOS embedded packet capture