Deployment modes on Cisco ASA and Cisco FTD

Routed, Transparent, Single, Multi-context

Multi-instance, NAT

Firewall features on Cisco ASA and FTD

Application inspection, Traffic zones

Policy-based routing

Traffic redirection to service modules

Identity firewall

Security features on Cisco IOS/IOS XE

Application awareness, Zone-based firewall

NAT, Cisco FMC features, Alerting

Logging, Reporting, Dynamic objects

Cisco NGIPS deployment modes

In-line, Passive, TAP

Cisco NGFW features, SSL inspection

User identity, Geolocation, AVC

Detect and mitigate common types of attacks

DoS/DDoS, Evasion techniques

Spoofing, Man-in-the-middle, Botnet

Clustering and high availability features on Cisco ASA and Cisco FTD

Policies and rules for traffic control on Cisco ASA and Cisco FTD

Routing protocols security on Cisco IOS, Cisco ASA, and Cisco FTD

Network connectivity through Cisco ASA and Cisco FTD

Correlation and remediation rules on Cisco FMC

Cisco AnyConnect client-based, remote-access VPN technologies on Cisco ASA, Cisco

FTD, and Cisco routers

Cisco IOS CA for VPN authentication

FlexVPN, DMVPN, and IPsec L2L tunnels

VPN high availability methods

Cisco ASA VPN clustering

Dual-hub DMVPN deployments

Infrastructure segmentation methods

VLAN, PVLAN, GRE, VRF-Lite

Microsegmentation with Cisco TrustSec using SFT and SXP

Device hardening techniques and control plane protection methods

CoPP, IP source routing, iACLs

Management plane protection techniques

CPU, Memory thresholding

Securing device access

Data plane protection techniques

uRPF, QoS, RTBH, Layer 2 security techniques

DAI, IPDT, STP security, Port security

DHCP snooping, RA Guard, VACL

Wireless security technologies

WPA, WPA2, WPA3, TKIP, AES

Monitoring protocols

NetFlow/IPFIX/NSEL

SNMP, SYSLOG, RMON, eStreamer

Security features to comply with organizational security policies, procedures, and

standards BCP 38

ISO 27001, RFC 2827, PCI-DSS

Cisco SAFE model to validate network security design and to identify threats to different

PINs

Interaction with network devices through APIs using basic Python scripts

REST API requests and responses

HTTP action verbs, error codes, cookies, headers

JSON or XML payload, Authentication, Data encoding formats

JSON, XML, YAML

Cisco DNAC Northbound APIs use cases

Authentication and authorization

Network discovery, Network device, Network host

Cisco ISE scalability using multiple nodes and personas

Cisco switches and Cisco Wireless LAN Controllers for network access AAA with Cisco ISE

Cisco devices for administrative access with Cisco ISE

AAA for network access with 802.1X and MAB using Cisco ISE

Guest lifecycle management using Cisco ISE and Cisco WLC

BYOD on-boarding and network access flows

Cisco ISE integration with external identity sources

LDAP, AD, External RADIUS

Provisioning Cisco AnyConnect with Cisco ISE and Cisco ASA

Posture assessment with Cisco ISE

Endpoint profiling using Cisco ISE and Cisco network infrastructure including device

sensor

Integration of MDM with Cisco ISE

Certification-based authentication using Cisco ISE

Authentication methods

EAP Chaining and TEAP, MAR

Identity mapping on Cisco ASA, Cisco ISE, Cisco WSA, and Cisco FTD

pxGrid integration between security devices Cisco WSA, Cisco ISE, and Cisco FMC

Integration of Cisco ISE with multifactor authentication

Access control and single sign-on using Cisco DUO security technology

Cisco IBNS 2.0 (C3PL) for authentication, access control, and user policy enforcement

Cisco AMP for networks, Cisco AMP for endpoints, and Cisco AMP for content security

(Cisco ESA, and Cisco WSA)

Detect, analyze, and mitigate malware incidents

Perform packet capture and analysis using Wireshark, tcpdump, SPAN, ERSPAN, and

RSPAN

Cloud security

DNS proxy through Cisco Umbrella virtual appliance

DNS security policies in Cisco Umbrella

RBI policies in Cisco Umbrella

CASB policies in Cisco Umbrella

DLP policies in Cisco Umbrella

Web filtering, user identification, and Application Visibility and Control (AVC) on Cisco

FTD and Cisco WSA

WCCP redirection on Cisco devices

Email security features, Mail policies

DLP, Quarantine, Authentication, Encryption

HTTP decryption and inspection on Cisco FTD, Cisco WSA, and Cisco Umbrella

Cisco SMA for centralized content security management

Cisco advanced threat solutions and their integration: Cisco Stealthwatch, Cisco FMC,

Cisco AMP, Cisco CTA, Threat Grid, ETA, Cisco WSA, Cisco SMA, Cisco Threat Response,

and Cisco Umbrella