Limited Time 30% Discount Offer Use Code - off30

642-552 Exam Details

642-552 - Bundle Pack

Actualkey Prepration Latest 642-552 : Securing Cisco Network Devices Questions and Answers PDF's, Verified Answers via Experts - Pass Your Exam For Sure and instant Downloads - "Money Back Guarantee".

Vendor Cisco
Certification CCSP
Exam Code 642-552
Title Securing Cisco Network Devices
No Of Questions 64
Last Updated July 9,2020
Product Type Q & A with Explanation
Bundel Pack Included PDF + Offline / Andriod Testing Engine and Simulator

Bundle Pack

PRICE: $25


PDF Questions & Answers

Exam Code : 642-552 - Jul 9,2020

Offline Test Engine

Exam Code : 642-552 - Jul 9,2020
Try Demo

Android Test Engine

Exam Code : 642-552 - Jul 9,2020
Try Demo

Online Test Engine

Exam Code : 642-552 - Jul 9,2020

642-552 SND
Securing Cisco Network Devices Exam

Associated Certifications: CCSP/Cisco Firewall Specialist/Cisco IPS Specialist/Cisco VPN Specialist

Exam Description
The Securing Cisco Network Devices 642-552 SND is the exam associated with the Cisco Certified Security Professional, Cisco Firewall Specialist, Cisco IPS Specialist, and Cisco VPN Specialist certifications. Candidates can prepare for this exam by taking the Securing Cisco Network Devices v2.0 (SND) course. This exam tests a candidate's knowledge of securing Cisco routers and switches and their associated networks. Topics covered include; Security threats facing modern network infrastructures, Securing Cisco routers, Implementing basic AAA, Using ACLs to mitigate router and network threats, Implementing secure management and reporting, Mitigating common Layer 2 attacks, and Implementing Cisco IOS Firewall features, Cisco IOS IPS features, and IPsec VPN features using Cisco Security Device Manager

Exam Topics
The following information provides general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes the guidelines below may change at any time without notice.

Describe the security threats facing modern network infrastructures
* Describe and mitigate the common threats to the physical installation
* Describe and list mitigation methods for common network attacks
* Describe and list mitigation methods for Worm, Virus, and Trojan Horse attacks
* Describe the main activities in each phase of a secure network lifecycle
* Explain how to meet the security needs of a typical enterprise with a comprehensive security policy
* Describe the Cisco Self Defending Network architecture

Secure Cisco routers
* Secure Cisco routers using the SDM Security Audit feature
* Use the One-Step Lockdown feature in SDM to secure a Cisco router
* Secure administrative access to Cisco routers by setting strong encrypted passwords, exec timeout, login failure rate and using IOS login enhancements
* Secure administrative access to Cisco routers by configuring multiple privilege levels
* Secure administrative access to Cisco routers by configuring role based CLI
* Secure the Cisco IOS image and configuration file

Implement basic AAA using Cisco routers
* Explain the functions and importance of AAA
* Describe the features of TACACS+ and RADIUS AAA protocols
* Describe the methods of authentication that are used to provide access through a router (packet mode) and to provide access to the router (character mode)

Mitigate threats to Cisco routers and networks using ACLs
* Explain the functionality of standard, extended, and named IP ACLs used by routers to filter packets
* Configure and verify IP ACLs to mitigate given threats (filter IP traffic destined for Telnet, SNMP, and DDoS attacks) in a network using CLI
* Configure IP ACLs to prevent IP address spoofing using CLI
* Discuss the caveats to be considered when building ACLs

Implement secure network management and reporting
* Describe the factors to be considered when planning for secure management and reporting of network devices
* Use CLI to configure SSH on Cisco routers to enable secured management access
* Use CLI to configure Cisco routers to send Syslog messages to a Syslog server
* Describe SNMPv3 and NTPv3

Mitigate common Layer 2 attacks
* Describe the common Layer 2 attacks and how to mitigate them (VLAN hopping, STP attacks, ARP spoofing, MAC spoofing, CAM overflow)
* Describe the function and benefit of the security features in Cisco Catalyst switches (IBNS, PVLAN, SPAN port)
* Describe common threats to WLANs
* Describe the security features of the 802.11 protocol

Implement the Cisco IOS firewall feature set using SDM
* Describe the operational strengths and weaknesses of the different firewall technologies
* Explain stateful firewall operations and the function of the state table
* Explain the types of NAT that can be implemented in a firewall
* Configure and verify basic and advanced firewall on a Cisco router using SDM

Implement the Cisco IOS IPS feature set using SDM
* Define network based vs. host based intrusion detection and prevention
* Explain IPS technologies, attack responses, and monitoring options
* Enable and verify Cisco IOS IPS operations using SDM

Implement IPsec VPN on Cisco routers using SDM
* Explain IKE protocol functionality and phases
* Describe the building blocks of IPsec and the security functions it provides
* Explain hash-based message authentication code (HMAC) operations
* Explain the different methods of encryption
* Explain the purpose of the Diffie-Hellman key agreement protocol
* Describe how IPsec establishes origin authentication
* Describe the PKI environment at a high level
* Describe the different types of IPsec VPN implementations
* Configure and verify an IPsec site-to-site VPN with pre-shared key authentication using SDM
* Explain Cisco Easy VPN Server and Cisco Easy VPN Remote
* Configure and verify remote access VPNs using the Cisco Easy VPN Server feature of Cisco SDM