Exam Description: The 640-554 Implementing Cisco IOS Network Security (IINS) exam is associated
with the CCNA Security certification. This 90-minute, 55-65 questions exam tests a candidate's
knowledge of securing Cisco routers and switches and their associated networks. It leads to validated
skills for installation, troubleshooting and monitoring of network devices to maintain integrity,
confidentiality and availability of data and devices, and develops competency in the technologies that
Cisco uses in its security infrastructure. Candidates can prepare for this exam by taking the
Implementing Cisco IOS Network Security (IINS) course.
The following topics are general guidelines for the content likely to be included on the exam. However,
other related topics may also appear on any specific delivery of the exam. In order to better reflect the
contents of the exam and for clarity purposes, the guidelines below may change at any time without
notice.
11%
1.0
1.1
8%
2.0
2.1
2.2
2.3
Describe CSM
2.4
Page 1
2.4.b
2.4.c
2.4.d
11%
12%
3.0
3.1
3.2
Describe TACACS+
3.3
Describe RADIUS
3.4
Describe AAA
3.4.a Authentication
3.4.b Authorization
3.4.c Accounting
3.5
4.0
4.1
IOS ACLs
Describe standard, extended, and named IP IOS ACLs to filter packets
4.1.a IPv4
4.1.b IPv6
4.1.c Object groups
4.1.d ACL operations
4.1.e Types of ACLs (dynamic, reflexive, time-based ACLs)
4.1.f ACL wild card masking
4.1.g Standard ACLs
4.1.h Extended ACLs
4.1.i
Named ACLs
4.1.j
VLSM
4.2
4.3
Page 2
10%
12%
13%
5.0
5.1
5.2
6.0
6.1
6.2
6.3
6.4
7.0
7.1
Page 3
7.1.a
7.1.b
7.1.c
7.1.d
11%
Proxy firewalls
Packet and stateful packet
Application firewall
Personal firewall
7.2
7.3
7.4
7.5
7.6
8.0
8.1
Cisco IPS
Describe IPS deployment considerations
8.1.a SPAN
8.1.b IPS product portfolio
8.1.c Placement
8.1.d Caveats
8.2
8.3
Page 4
8.3.a
8.3.b
12%
Logging
Signatures
9.0
9.1
VPN Technologies
Describe the different methods used in cryptography
9.1.a Symmetric
9.1.b Asymetric
9.1.c HMAC
9.1.d Message digest
9.1.e PKI
9.2
9.3
9.4
9.5
9.6
Page 5