0
Registered
CCIE Security Written Exam Topics v4.0
The Security written exam (350-018) has 90-110 multiple-choice questions and is two hours
in duration. The topic areas listed are general guidelines for the type of content that is likely
to appear on the exam. Please note, however, that other relevant or related topic areas may
also appear.
Topics include networking fundamentals and security related concepts and best practices,
as well as key sections on Cisco Network Security products and solutions in areas such
as VPNs, intrusion prevention, firewalls, identity services, policy management, and secure
network best practices. Content includes both IPv4 and IPv6 based concepts and solutions.
The CCIE Security written exam is a two-hour, multiple choice test with 100 questions
covering the areas of skills and competency needed by a Security Engineer to implement,
deploy, configure, maintain, and troubleshoot Cisco Network Security solutions and designs.
Topics include Cisco network security devices, appliances, protocols, firewalls, VPNs,
intrusion prevention devices, policy management, and best practices for implementing a
secure network.
All exam materials are provided and no outside reference materials are allowed.
Generated on 2012-12-13-08:00
1
Generated on 2012-12-13-08:00
2
Generated on 2012-12-13-08:00
3
PCoIP
OWASP
Basic unnecessary services
Threats, Vulnerability Analysis and Mitigation
Recognizing and mitigating common attacks
(a) ICMP attacks, PING floods
(b) MITM
(c)Replay
(d) Spoofing
(e) Backdoor
(f) Botnets
(g) Wireless attacks
(h) DoS/DDoS Attacks
(i) Virus and Worms Outbreaks
(j) Header Attacks
(k) Tunneling attacks
Software/OS Exploits
Security/Attack Tools
Generic Network Intrusion Prevention Concepts
Packet Filtering
Content Filtering/Packet Inspection
Endpoint/Posture Assessment
QoS marking attacks
Cisco Security Products, Features and Management
Cisco Adaptive Security Appliance (ASA)
(a) Firewall Functionality
(b) Routing/Multicast Cababilities
(c )Firewall modes
(d) NAT - Pre 8.4/Post 8.4
(e) Object Definition/ACLs
(f) MPF functionality (IPS/QoS/Application Awareness)
(g) Context Aware Firewall
(h) Identity Based Services
(g) Failover Options
Generated on 2012-12-13-08:00
4
Generated on 2012-12-13-08:00
5
Generated on 2012-12-13-08:00
6