640-554 Exam Topics

640-554 IINS Exam Topics

Exam Description
The 640-554 Implementing Cisco IOS Network Security (IINS) exam is associated with the CCNA Security certification. This exam tests a candidate's knowledge of securing Cisco routers and switches and their associated networks. It leads to validated skills for installation, troubleshooting and monitoring of network devices to maintain integrity, confidentiality and availability of data and devices and develops competency in the technologies that Cisco uses in its security infrastructure.

Candidates can prepare for this exam by taking the Implementing Cisco IOS Network Security (IINS) course.

Exam Topics
The following topics are general guidelines for the content likely to be included on the Implementing Cisco IOS Network Security (IINS) exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

Common Security Threats

Describe common security threats

Security and Cisco Routers

Implement security on Cisco routers Describe securing the control, data, and management plane Describe Cisco Security Manager

1992-2013 Cisco Systems Inc. All Rights Reserved.

Generated on 2013-06-23-07:00 1

640-554 Exam Topics

Describe IPv4 to IPv6 transition

AAA on Cisco Devices

Implement AAA (authentication, authorization, and accounting) Describe TACACS+ Describe RADIUS Describe AAA Verify AAA functionality

IOS ACLs

Describe standard, extended, and named IP IOS access control lists (ACLs) to filter packets Describe considerations when building ACLs Implement IP ACLs to mitigate threats in a network

Secure Network Management and Reporting

Describe secure network management Implement secure network management

Common Layer 2 Attacks

Describe Layer 2 security using Cisco switches Describe VLAN security Implement VLANs and trunking Implement spanning tree

Cisco Firewall Technologies

Describe operational strengths and weaknesses of the different firewall technologies

1992-2013 Cisco Systems Inc. All Rights Reserved.

Generated on 2013-06-23-07:00 2

640-554 Exam Topics

Describe stateful firewalls Describe the types of NAT used in firewall technologies Implement zone-based policy firewall using CCP Implement the Cisco Adaptive Security Appliance (ASA) Implement Network Address Translation (NAT) and Port Address Translation (PAT)

Cisco IPS

Describe Cisco Intrusion Prevention System (IPS) deployment considerations Describe IPS technologies Configure Cisco IOS IPS using CCP

VPN Technologies

Describe the different methods used in cryptography Describe VPN technologies Describe the building blocks of IPSec Implement an IOS IPSec site-to-site VPN with pre-shared key authentication Verify VPN operations Implement Secure Sockets Layer (SSL) VPN using ASA device manager

We would like to get your feedback; please comment and/or rate this document.

1992-2013 Cisco Systems Inc. All Rights Reserved.

Generated on 2013-06-23-07:00 3