Advanced Diploma in Network Engineering

Name: Advanced Diploma in Network Engineering Certification Course
Price: 75000 INR
Availability: InStock

Advanced Diploma in Network Engineering - Advanced Diploma in Network Engineering

78%

Alumni Career Transitions

5200+

Hiring Partners

60%

Avg Salary Hike

Years of R & D in Syllabus

Advanced Diploma in Network Engineering - Syllabus

** Syllabus Updated on April 2023 -2024

CCNA + ( CCNP / CCNP Security / MCSE / RHCE / AWS / Azure ) Any Three Module

CCNA

Network Fundamentals

Explain the role and function of network components
1. Routers
2. Layer 2 and Layer 3 switches
3. Next-generation firewalls and IPS
4. Access points
5. Controllers (Cisco DNA Center and WLC)
6. Endpoints
7. Servers
8. PoE
Describe characteristics of network topology architectures
1. Two-tier
2. Three-tier
3. Spine-leaf
4. WAN
5. Small office/home office (SOHO)
6. On-premise and cloud
Compare physical interface and cabling types
1. Single-mode fiber, multimode fiber, copper
2. Connections (Ethernet shared media and point-to-point)
Identify interface and cable issues
(collisions, errors, mismatch duplex, and/or speed)
Compare TCP to UDP
Configure and verify IPv4 addressing and subnetting
Describe the need for private IPv4 addressing
Configure and verify IPv6 addressing and prefix
Describe IPv6 address types
1. Unicast (global, unique local, and link local)
2. Anycast
3. Multicast
4. Modified EUI 64
Verify IP parameters for Client OS (Windows, Mac OS, Linux)
Describe wireless principles
1. Nonoverlapping Wi-Fi channels
2. SSID
3. RF
4. Encryption
Explain virtualization fundamentals (server virtualization, containers, and VRFs)
Describe switching concepts
MAC learning and aging
Frame switching
Frame flooding
MAC address table

Network Access

Configure and verify VLANs (normal range) spanning multiple switches
1. Access ports (data and voice)
2. Default VLAN
3. Connectivity
Configure and verify interswitch connectivity
1. Trunk ports
2. 1Q
3. Native VLAN
Configure and verify Layer 2 discovery protocols (Cisco Discovery Protocol and LLDP)
Configure and verify (Layer 2/Layer 3) EtherChannel (LACP
Describe the need for and basic operations of Rapid PVST+ Spanning Tree Protocol andidentify basic operations
1. Root port, root bridge (primary/secondary), and other port names
2. Port states (forwarding/blocking)
3. PortFast benefits
Compare Cisco Wireless Architectures and AP modes
Describe physical infrastructure connections of WLAN components (AP,WLC,
access/trunk ports, and LAG)
Describe AP and WLC management access connections (Telnet, SSH, HTTP,HTTPS,
console, and TACACS+/RADIUS)
Configure the components of a wireless LAN access for client connectivity using GUI
only such as WLAN creation, security settings, QoS profiles, and advanced WLAN settings

IP Connectivity

Interpret the components of routing table
1. Routing protocol code
2. Prefix
3. Network mask
4. Next hop
5. Administrative distance
6. Metric
7. Gateway of last resort
Determine how a router makes a forwarding decision by default
1. Longest match
2. Administrative distance
3. Routing protocol metric
Configure and verify IPv4 and IPv6 static routing
1. Default route
2. Network route
3. Host route
4. Floating static
Configure and verify single area OSPFv2
1. Neighbor adjacencies
2. Point-to-point
3. Broadcast (DR/BDR selection)
4. Router ID
Describe the purpose of first hop redundancy protocol

IP Services

Configure and verify inside source NAT using static and pools
Configure and verify NTP operating in a client and server mode
Explain the role of DHCP and DNS within the network
Explain the function of SNMP in network operations
Describe the use of syslog features including facilities and levels
Configure and verify DHCP client and relay
Explain the forwarding per-hop behaviour (PHB) for QoS such as classification,
marking, queuing, congestion, policing, shaping
Configure network devices for remote access using SSH
Describe the capabilities and function of TFTP/FTP in the network

Security Fundamentals

Define key security concepts (threats, vulnerabilities, exploits, and
mitigation techniques)
Describe security program elements (user awareness, training, and
physical access control)
Configure device access control using local passwords
Describe security password policies elements, such as management, complexity,
and password alternatives (multifactor authentication, certificates, and biometrics)
Describe remote access and site-to-site VPNs
Configure and verify access control lists
Configure Layer 2 security features
(DHCP snooping, dynamic ARP inspection, and port security)
Differentiate authentication, authorization, and accounting concepts
Describe wireless security protocols (WPA, WPA2, and WPA3)
Configure WLAN using WPA2 PSK using the GUI

Automation and Programmability

Explain how automation impacts network management
Compare traditional networks with controller-based networking
Describe controller-based and software defined architectures
(overlay, underlay, and fabric)
1. Separation of control plane and data plane
2. North-bound and south-bound APIs
Compare traditional campus device management with Cisco DNA Center
enabled device management
Describe characteristics of REST-based APIs
(CRUD, HTTP verbs, and data encoding)
Recognize the capabilities of configuration management mechanisms Puppet,
Chef, and Ansible
Interpret JSON encoded data

CCNP

Implementing and Operating Cisco Enterprise Network Core Technologies (ENCOR) v1.2

Illustrate the hierarchical network design model and architecture using the access, distribution, and core layers
Compare and contrast the various hardware and software switching mechanisms and operation, while defining the Ternary Content Addressable Memory (TCAM) and Content Addressable Memory (CAM), along with process switching, fast switching, and Cisco Express Forwarding concepts
Troubleshoot Layer 2 connectivity using VLANs and trunking
Implementation of redundant switched networks using Spanning Tree Protocol
Troubleshooting link aggregation using Etherchannel
Describe the features, metrics, and path selection concepts of Enhanced Interior Gateway Routing Protocol (EIGRP)
Implementation and optimization of Open Shortest Path First (OSPF)v2 and OSPFv3, including adjacencies, packet types, and areas, summarization, and route filtering for IPv4 and IPv6
Implementing External Border Gateway Protocol (EBGP) interdomain routing, path selection, and single and dual-homed networking
Implementing network redundancy using protocols including Hot Standby Routing Protocol (HSRP) and Virtual Router Redundancy Protocol (VRRP)
Implementing internet connectivity within Enterprise using static and dynamic Network Address Translation (NAT)
Describe the virtualization technology of servers, switches, and the various network devices and components
Implementing overlay technologies such as Virtual Routing and Forwarding (VRF), Generic Routing Encapsulation (GRE), VPN, and Location Identifier Separation Protocol (LISP)
Describe the components and concepts of wireless networking including Radio Frequency (RF) and antenna characteristics, and define the specific wireless standards
Describe the various wireless deployment models available, include autonomous Access Point (AP) deployments and cloud-based designs within the centralized Cisco Wireless LAN Controller (WLC) architecture
Describe wireless roaming and location services
Describe how APs communicate with WLCs to obtain software, configurations, and centralized management
Configure and verify Extensible Authentication Protocol (EAP), WebAuth, and Pre-Shared Key (PSK) wireless client authentication on a WLC
Troubleshoot wireless client connectivity issues using various available tools
Troubleshooting Enterprise networks using services such as Network Time Protocol (NTP), Simple Network Management Protocol (SNMP), Cisco Internetwork Operating System (Cisco IOS®) IP Service Level Agreements (SLAs), NetFlow, and Cisco IOS Embedded Event Manager
Explain the use of available network analysis and troubleshooting tools, which include show and debug commands, as well as best practices in troubleshooting
Configure secure administrative access for Cisco IOS devices using the Command-Line Interface (CLI) access, Role-Based Access Control (RBAC), Access Control List (ACL), and Secure Shell (SSH), and explore device hardening concepts to secure devices from less secure applications, such as Telnet and HTTP
Implement scalable administration using Authentication, Authorization, and Accounting (AAA) and the local database, while exploring the features and benefits
Describe the enterprise network security architecture, including the purpose and function of VPNs, content security, logging, endpoint security, personal firewalls, and other security features
Explain the purpose, function, features, and workflow of Cisco DNA Center™ Assurance for Intent-Based Networking, for network visibility, proactive monitoring, and application experience
Describe the components and features of the Cisco SD-Access solution, including the nodes, fabric control plane, and data plane, while illustrating the purpose and function of the Virtual Extensible LAN (VXLAN) gateways
Define the components and features of Cisco SD-WAN solutions, including the orchestration plane, management plane, control plane, and data plane
Describe the concepts, purpose, and features of multicast protocols, including Internet Group Management Protocol (IGMP) v2/v3, Protocol-Independent Multicast (PIM) dense mode/sparse mode, and rendezvous points
Describe the concepts and features of Quality of Service (QoS), and describe the need within the enterprise network
Explain basic Python components and conditionals with script writing and analysis
Describe network programmability protocols such as Network Configuration Protocol (NETCONF) and RESTCONF
Describe APIs in Cisco DNA Center and vManage

Prerequisites

Knowledge and skills you should have before attending this course:

Implementation of Enterprise LAN networks
Basic understanding of Enterprise routing and wireless connectivity
Basic understanding of Python scripting

Outline

Examining Cisco Enterprise Network Architecture
Understanding Cisco Switching Paths
Implementing Campus LAN Connectivity
Building Redundant Switched Topology
Implementing Layer 2 Port Aggregation
Understanding EIGRP
Implementing OSPF
Optimizing OSPF
Exploring EBGP
Implementing Network Redundancy
Implementing NAT
Introducing Virtualization Protocols and Techniques
Understanding Virtual Private Networks and Interfaces
Understanding Wireless Principles
Examining Wireless Deployment Options
Understanding Wireless Roaming and Location Services
Examining Wireless AP Operation
Understanding Wireless Client Authentication
Troubleshooting Wireless Client Connectivity
Introducing Multicast Protocols
Introducing QoS
Implementing Network Services
Using Network Analysis Tools
Implementing Infrastructure Security
Implementing Secure Access Control
Understanding Enterprise Network Security Architecture
Exploring Automation and Assurance Using Cisco DNA Center
Examining the Cisco SD-Access Solution
Understanding the Working Principles of the Cisco SD-WAN Solution
Understanding the Basics of Python Programming
Introducing Network Programmability Protocols
Introducing APIs in Cisco DNA Center and vManage

Lab outline

Investigate the CAM
Analyze Cisco Express Forwarding
Troubleshoot VLAN and Trunk Issues
Tuning Spanning Tree Protocol (STP) and Configuring Rapid Spanning Tree Protocol (RSTP)
Configure Multiple Spanning Tree Protocol
Troubleshoot EtherChannel
Implement Multi-area OSPF
Implement OSPF Tuning
Apply OSPF Optimization
Implement OSPFv3
Configure and Verify Single-Homed EBGP
Implementing Hot Standby Routing Protocol (HSRP)
Configure Virtual Router Redundancy Protocol (VRRP)
Implement NAT
Configure and Verify Virtual Routing and Forwarding (VRF)
Configure and Verify a Generic Routing Encapsulation (GRE) Tunnel
Configure Static Virtual Tunnel Interface (VTI) Point-to-Point Tunnels
Configure Wireless Client Authentication in a Centralized Deployment
Troubleshoot Wireless Client Connectivity Issues
Configure Syslog
Configure and Verify Flexible NetFlow
Configuring Cisco IOS Embedded Event Manager (EEM)
Troubleshoot Connectivity and Analyze Traffic with Ping, Traceroute, and Debug
Configure and Verify Cisco IP SLAs
Configure Standard and Extended ACLs
Configure Control Plane Policing
Implement Local and Server-Based AAA
Writing and Troubleshooting Python Scripts
Explore JavaScript Object Notation (JSON) Objects and Scripts in Python
Use NETCONF Via SSH
Use RESTCONF with Cisco IOS XE Software

CCNP Security

Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0

Objectives

After taking this course, you should be able to:

Describe information security concepts and strategies within the network
Describe common TCP/IP, network application, and endpoint attacks
Describe how various network security technologies work together to guard against attacks
Implement access control on Cisco ASA appliance and Cisco Firepower Next-Generation Firewall
Describe and implement basic email content security features and functions provided by Cisco Email Security Appliance
Describe and implement web content security features and functions provided by Cisco Web Security Appliance
Describe Cisco Umbrella® security capabilities, deployment models, policy management, and Investigate console
Introduce VPNs and describe cryptography solutions and algorithms
Describe Cisco secure site-to-site connectivity solutions and explain how to deploy Cisco Internetwork Operating System (Cisco IOS®) Virtual Tunnel Interface (VTI)-based point-to point IPsec VPNs, and point-to-point IPsec VPN on the Cisco ASA and Cisco Firepower Next-Generation Firewall (NGFW)
Describe and deploy Cisco secure remote access connectivity solutions and describe how to configure 802.1X and Extensible Authentication Protocol (EAP) authentication
Provide basic understanding of endpoint security and describe Advanced Malware Protection (AMP) for Endpoints architecture and basic features
Examine various defenses on Cisco devices that protect the control and management plane
Configure and verify Cisco IOS software Layer 2 and Layer 3 data plane controls
Describe Cisco Stealthwatch Enterprise and Stealthwatch Cloud solutions
Describe basics of cloud computing and common cloud attacks and how to secure cloud environment

Prerequisites

To fully benefit from this course, you should have the following knowledge
and skills:

Skills and knowledge equivalent to those learned in Implementing and Administering Cisco Solutions (CCNA®) v1.0 course
Familiarity with Ethernet and TCP/IP networking
Working knowledge of the Windows operating system
Working knowledge of Cisco IOS networking and concepts
Familiarity with basics of networking security concepts These Cisco
courses are recommended to help you meet these prerequisites:
Implementing and Administering Cisco Solutions (CCNA)

Outline

Describing Information Security Concepts*
1. Information Security Overview
2. Assets, Vulnerabilities, and Countermeasures
3. Managing RisK

Describing Common TCP/IP Attacks*
1. Legacy TCP/IP Vulnerabilities
2. IP Vulnerabilities
3. Internet Control Message Protocol (ICMP) Vulnerabilities

Describing Common Network Application Attacks*
1. Password Attacks
2. Domain Name System (DNS)-Based Attacks
3. DNS Tunnelling
Describing Common Endpoint Attacks*
1. Buffer Overflow
2. Malware
3. Reconnaissance Attack

Describing Network Security Technologies
1. Défense-in-Depth Strategy
2. Defending Across the Attack Continuum
3. Network Segmentation and Virtualization Overview

Deploying Cisco ASA Firewall
1. Cisco ASA Deployment Types
2. Cisco ASA Interface Security Levels
3. Cisco ASA Objects and Object Groups

Deploying Cisco Firepower Next-Generation Firewall
1. Cisco Firepower NGFW Deployments
2. Cisco Firepower NGFW Packet Processing and Policies
3. Cisco Firepower NGFW Objects

Deploying Email Content Security
1. Cisco Email Content Security Overview
2. Simple Mail Transfer Protocol (SMTP) Overview
3. Email Pipeline Overview

Deploying Web Content Security
1. Cisco Web Security Appliance (WSA) Overview
2. Deployment Options
3. Network Users Authentication

Deploying Cisco Umbrella*
1. Cisco Umbrella Architecture
2. Deploying Cisco Umbrella
3. Cisco Umbrella Roaming Client

Explaining VPN Technologies and Cryptography
1. VPN Definition
2. VPN Types
3. Secure Communication and Cryptographic Services
Introducing Cisco Secure Site-to-Site VPN Solutions
1. Site-to-Site VPN Topologies
2. IPsec VPN Overview
3. IPsec Static Crypto Maps

Deploying Cisco IOS VTI-Based Point-to-Point IPsec VPNs
1. Cisco IOS VTIs
2. Static VTI Point-to-Point IPsec Internet Key Exchange (IKE) v2
  VPN Configuration

Deploying Point-to-Point IPsec VPNs on the Cisco ASA and Cisco Firepower NGFW
1. Point-to-Point VPNs on the Cisco ASA and Cisco Firepower
  NGFW
2. Cisco ASA Point-to-Point VPN Configuration
3. Cisco Firepower NGFW Point-to-Point VPN Configuration

Introducing Cisco Secure Remote Access VPN Solutions
1. Remote Access VPN Components
2. Remote Access VPN Technologies
3. Secure Sockets Layer (SSL) Overview

Deploying Remote Access SSL VPNs on the Cisco ASA and Cisco Firepower NGFW
1. Remote Access Configuration Concepts
2. Connection Profiles
3. Group Policies

Explaining Cisco Secure Network Access Solutions
1. Cisco Secure Network Access
2. Cisco Secure Network Access Components
3. AAA Role in Cisco Secure Network Access Solution

Describing 802.1X Authentication
1. 1X and Extensible Authentication Protocol (EAP)
2. EAP Methods
3. Role of Remote Authentication Dial-in User Service (RADIUS) in
  1X Communications

Configuring 802.1X Authentication
1. Cisco Catalyst® Switch 802.1X Configuration
2. Cisco Wireless LAN Controller (WLC) 802.1X Configuration
3. Cisco Identity Services Engine (ISE) 802.1X Configuration

Describing Endpoint Security Technologies*
1. Host-Based Personal Firewall
2. Host-Based Anti-Virus
3. Host-Based Intrusion Prevention System

Deploying Cisco Advanced Malware Protection (AMP) for Endpoints*
1. Cisco AMP for Endpoints Architecture
2. Cisco AMP for Endpoints Engines
3. Retrospective Security with Cisco AMP

Introducing Network Infrastructure Protection*
1. Identifying Network Device Planes
2. Control Plane Security Controls
3. Management Plane Security Controls

Deploying Control Plane Security Controls*
1. Infrastructure ACLs
2. Control Plane Policing
3. Control Plane Protection

Deploying Layer 2 Data Plane Security Controls*
1. Overview of Layer 2 Data Plane Security Controls
2. Virtual LAN (VLAN)-Based Attacks Mitigation
3. Spanning Tree Protocol (STP) Attacks Mitigation

Deploying Layer 3 Data Plane Security Controls*
1. Infrastructure Antispoofing ACLs
2. Unicast Reverse Path Forwarding
3. IP Source Guard

Deploying Management Plane Security Controls*
1. Cisco Secure Management Access
2. Simple Network Management Protocol Version 3
3. Secure Access to Cisco Devices

Deploying Traffic Telemetry Methods*
1. Network Time Protocol
2. Device and Network Events Logging and Export
3. Network Traffic Monitoring Using NetFlow

Deploying Cisco Stealthwatch Enterprise*
1. Cisco Stealthwatch Offerings Overview
2. Cisco Stealthwatch Enterprise Required Components
3. Flow Stitching and Deduplication

Describing Cloud and Common Cloud Attacks*
1. Evolution of Cloud Computing
2. Cloud Service Models
3. Security Responsibilities in Cloud

Securing the Cloud*
1. Cisco Threat-Centric Approach to Network Security
2. Cloud Physical Environment Security
3. Application and Workload Security

Deploying Cisco Stealth watch Cloud*
1. Cisco Stealth watch Cloud for Public Cloud Monitoring
2. Cisco Stealth watch Cloud for Private Network Monitoring
3. Cisco Stealth watch Cloud Operations

Describing Software-Defined Networking (SDN*)
1. Software-Defined Networking Concepts
2. Network Programmability and Automation
3. Cisco Platforms and APIs
4. This section is self-study material that can be done at yourown pace if you are taking the instructor-led version of this

Lab outline

Configure Network Settings and NAT on Cisco ASA
Configure Cisco ASA Access Control Policies
Configure Cisco Firepower NGFW NAT
Configure Cisco Firepower NGFW Access Control Policy
Configure Cisco Firepower NGFW Discovery and IPS Policy
Configure Cisco NGFW Malware and File Policy
Configure Listener, Host Access Table (HAT), and Recipient Access
Table (RAT) on Cisco Email Security Appliance (ESA)
Configure Mail Policies
Configure Proxy Services, Authentication, and HTTPS Decryption
Enforce Acceptable Use Control and Malware Protection
Examine the Umbrella Dashboard
Examine Cisco Umbrella Investigate
Explore DNS Ransomware Protection by Cisco Umbrella
Configure Static VTI Point-to-Point IPsec IKEv2 Tunnel
Configure Point-to-Point VPN between the Cisco ASA and Cisco
Firepower NGFW
Configure Remote Access VPN on the Cisco Firepower NGFW
Explore Cisco AMP for Endpoints
Perform Endpoint Analysis Using AMP for Endpoints Console
Explore File Ransomware Protection by Cisco AMP for Endpoints Console
Explore Cisco Stealth watch Enterprise v6.9.3
Explore Cognitive Threat Analytics (CTA) in Stealth watch Enterprise v7.0
Explore the Cisco Cloud lock Dashboard and User Security
Explore Cisco Cloud lock Application and Data Security
Explore Cisco Stealth watch Cloud
Explore Stealth watch Cloud Alert Settings, Watch lists, and Sensors

MCSE

Installation, Storage, and Compute with Windows Server 2019

Installing, upgrading, and migrating servers and workloads
1. Introducing Windows Server 2019
2. Preparing and installing Server Core
3. Preparing for upgrades and migrations
4. Migrating server roles and workloads
5. Windows Server activation models
Configuring local storage
1. Managing disks in Windows Server
2. Managing volumes in Windows Server
Implementing enterprise storage solutions
1. Overview of DAS, NAS, and SANs
2. Comparing Fiber Channel, iSCSI, and Fiber Channel over Ethernet
3. Understanding iSNS, DCB, and MPIO
4. Configuring sharing in Windows Server 2019
Implementing Storage Spaces and Data Deduplication
1. Implementing Storage Spaces
2. Managing Storage Spaces
3. Implementing Data Deduplication
Installing and configuring Hyper-V and virtual machines
1. Overview of Hyper-V
2. Installing Hyper-V
3. Configuring storage on Hyper-V host servers
4. Configuring networking on Hyper-V host servers
5. Configuring Hyper-V virtual machines
6. Managing virtual machines
Deploying and managing Windows and Hyper-V containers
1. Overview of containers in Windows Server 2016
2. Deploying Windows Server and Hyper-V containers
3. Installing, configuring, and managing containers by using
4. Docker
Overview of high availability and disaster recovery
- Defining levels of availability
- Planning high availability and disaster recovery solutions with Hyper-V virtual machines
- Backing up and restoring by using Windows Server Backup

High availability with failover clustering in Windows Server 2019

Implementing failover clustering
1. Planning a failover cluster
2. Creating and configuring a new failover cluster
3. Maintaining a failover cluster
4. Troubleshooting a failover cluster
5. Implementing site high availability with stretch clustering
Implementing failover clustering with Windows Server 2019 Hyper-V
1. Overview of the integration of Hyper-V Server 2019 with
2. failover clustering
3. Implementing Hyper-V VMs on failover clusters
4. Key features for VMs in a clustered environment
Implementing Network Load Balancing
1. Overview of NLB
2. Configuring an NLB cluster
3. Planning an NLB implementation
Creating and managing deployment images
1. Introduction to deployment images
2. Creating and managing deployment images by using MDT
3. Virtual machine environments for different workloads
Managing, monitoring, and maintaining virtual machine installations
1. WSUS overview and deployment options
2. Update management process with WSUS
3. Overview of Windows PowerShell DSC
4. Overview of Windows Server 2019 monitoring tools
5. Using Performance Monitor
6. Monitoring event logs

Networking with Windows Server 2019

Planning and implementing an IPv4 network
1. Planning IPv4 addressing
2. Configuring an IPv4 host
3. Managing and troubleshooting IPv4 network connectivity
Implementing DHCP
1. Overview of the DHCP server role
2. Deploying DHCP
3. Managing and troubleshooting DHCP
Implementing IPv6
1. Overview of IPv6 addressing
2. Configuring an IPv6 host
3. Implementing IPv6 and IPv4 coexistence
4. Transitioning from IPv4 to IPv6
Implementing DNS
1. Implementing DNS servers
2. Configuring zones in DNS
3. Configuring name resolution between DNS zones
4. Configuring DNS integration with Active Directory Domain Services (AD DS)
5. Configuring advanced DNS settings
Implementing and managing IPAM
1. Overview of IPAM
2. Deploying IPAM
3. Managing IP address spaces by using IPAM
4. Remote access in Windows Server 2019
Overview of remote access
1. Implementing the Web Application Proxy Implementing DirectAccess
2. Overview of DirectAccess
3. Implementing DirectAccess by using the Getting Started Wizard
4. Implementing and managing an advanced DirectAccess infrastructure
Implementing VPNs
1. Planning VPNs
2. Implementing VPNs
Implementing networking for branch offices
1. Networking features and considerations for branch offices
2. Implementing Distributed File System (DFS) for branch offices
3. Implementing BranchCache for branch offices
Configuring advanced networking features
1. Overview of high-performance networking features
2. Configuring advanced Microsoft Hyper-V networking features
Implementing Software Defined Networking Overview of SDN.
1. Implementing network virtualization
2. Implementing Network Controller

Identity with Windows Server 2019

Installing and configuring domain controllers
1. Overview of AD DS
2. Overview of AD DS domain controllers
3. Deploying a domain controller
Managing objects in AD DS
1. Managing user accounts
2. Managing groups in AD DS
3. Managing computer objects in AD DS
4. Using Windows PowerShell for AD DS administration
5. Implementing and managing OUs
Advanced AD DS infrastructure management
1. Overview of advanced AD DS deployments
2. Deploying a distributed AD DS environment
3. Configuring AD DS trusts
Implementing and administering AD DS sites and replication
1. Overview of AD DS replication
2. Configuring AD DS sites
3. Configuring and monitoring AD DS replication
Implementing Group Policy
1. Introducing Group Policy
2. Implementing and administering GPOs
3. Group Policy scope and Group Policy processing
4. Troubleshooting the application of GPOs
Managing user settings with Group Policy
1. Implementing administrative templates
2. Configuring Folder Redirection, software installation, and scripts
3. Configuring Group Policy preferences
Securing Active Directory Domain Services
1. Securing domain controllers
2. Implementing account security
3. Implementing audit authentication
4. Configuring managed service accounts
Deploying and managing AD CS
1. Deploying CAs
2. Administering CAs
3. Troubleshooting and maintaining CAs
Deploying and managing certificates
1. Deploying and managing certificate templates
2. Managing certificate deployment, revocation, and recovery
3. Using certificates in a business environment
4. Implementing and managing smart cards
Implementing and administering AD FS
1. Overview of AD FS
2. AD FS requirements and planning
3. Deploying and configuring AD FS
4. Web Application Proxy Overview
Implementing and administering AD RMS
1. Overview of AD RMS
2. Deploying and managing an AD RMS infrastructure
3. Configuring AD RMS content protection
Implementing AD DS synchronization with Microsoft Azure AD
1. Planning and preparing for directory synchronization
2. Implementing directory synchronization by using Azure AD Connect
3. Managing identities with directory synchronization
Monitoring, managing, and recovering AD DS
1. Monitoring AD DS
2. Managing the Active Directory database
3. Active Directory backup and recovery options for AD DS and other identity and access solutions

Securing Windows Server 2019

Attacks, breach detection, and Sy internals tools
1. Understanding attacks
2. Detecting security breaches
3. Examining activity with the Sy internals tools
Protecting credentials and privileged access
1. Understanding user rights
2. Computer and service accounts
3. Protecting credentials
4. Privileged Access Workstations and jump servers
5. Local administrator password solution
Limiting administrator rights with Just Enough Administration
1. Understanding JEA
2. Verifying and deploying JEA
Privileged access management and administrative forests
1. ESAE forests
2. Overview of Microsoft Identity Manager
3. Overview of JIT administration and PAM
Mitigating malware and threats
1. Configuring and managing Windows Defender
2. Restricting software
3. Configuring and using the Device Guard feature
Analyzing activity with advanced auditing and log analytics
- Overview of auditing
- Advanced auditing
- Windows PowerShell auditing and logging
Deploying and configuring Advanced Threat Analytics and Microsoft Operations Management Suite
1. Deploying and configuring ATA
2. Deploying and configuring Microsoft Operations
3. Management Suite
4. Deploying and configuring Azure Security Center
Secure Virtualization Infrastructure
1. Guarded fabric
2. Shielded and encryption-supported virtual machines
Securing application development and serverworkload infrastructure
1. Using SCT
2. Understanding containers
Planning and protecting data
1. Planning and implementing encryption
2. Planning and implementing BitLocker
3. Protecting data by using Azure Information Protection
Optimizing and securing file services
1. File Server Resource Manager
2. Implementing classification and file management tasks
3. Dynamic Access Control
Securing network traffic with firewalls and encryption
1. Understanding network-related security threats
2. Understanding Windows Firewall with Advanced Security
3. Configuring IPsec
4. Datacenter Firewall
Securing network traffic
1. Configuring advanced DNS settings
2. Examining network traffic with Message Analyzer
3. Securing and analyzing SMB traffic

AWS

Domain 1: Design Secure Architectures

Task Statement 1: Design secure access to AWS resources.

Knowledge of:

Access controls and management across multiple accounts
AWS federated access and identity services (for example, AWS Identity and Access Management [IAM], AWS Single Sign-On [AWS SSO])
AWS global infrastructure (for example, Availability Zones, AWS Regions) AWS security best practices (for example, the principle of least privilege)
Applying AWS security best practices to IAM users and root users (for example, multi-factor authentication [MFA])
Designing a flexible authorization model that includes IAM users, groups, roles, and policies
Designing a role-based access control strategy (for example, AWS Security Token Service [AWS STS], role switching, cross-account access)
Designing a security strategy for multiple AWS accounts (for example, AWS Control Tower, service control policies [SCPs])
Determining the appropriate use of resource policies for AWS services
Determining when to federate a directory service with IAM roles

Task Statement 2: Design secure workloads and applications.

Knowledge of:

Application configuration and credentials security
AWS service endpoints
Control ports, protocols, and network traffic on AWS
Secure application access
Security services with appropriate use cases (for example, Amazon Cognito, Amazon GuardDuty, Amazon Macie)
Threat vectors external to AWS (for example, DDoS, SQL injection) Skills in:
Designing VPC architectures with security components (for example, security groups, route tables, network ACLs, NAT gateways)
Determining network segmentation strategies (for example, using public subnets and private subnets)
Integrating AWS services to secure applications (for example, AWS Shield, AWS WAF, AWS SSO, AWS Secrets Manager)
Securing external network connections to and from the AWS Cloud (for example, VPN, AWS Direct Connect)

Task Statement 3: Determine appropriate data security controls.

Knowledge of:

Data access and governance
Data recovery
Data retention and classification
Encryption and appropriate key management Skills in:
Aligning AWS technologies to meet compliance requirements
Encrypting data at rest (for example, AWS Key Management Service [AWS KMS])
Encrypting data in transit (for example, AWS Certificate Manager [ACM] using TLS)
Implementing access policies for encryption keys
Implementing data backups and replications
Implementing policies for data access, lifecycle, and protection
Rotating encryption keys and renewing certificates

Domain 2: Design Resilient Architectures

Task Statement 1: Design scalable and loosely coupled architectures.

Knowledge of:

API creation and management (for example, Amazon API Gateway, REST API)
AWS managed services with appropriate use cases (for example, AWS Transfer Family, Amazon Simple Queue Service [Amazon SQS], Secrets Manager)
Caching strategies
Design principles for microservices (for example, stateless workloads compared with stateful workloads)
Event-driven architectures
Horizontal scaling and vertical scaling
How to appropriately use edge accelerators (for example, content delivery network [CDN])
How to migrate applications into containers
Load balancing concepts (for example, Application Load Balancer)
Multi-tier architectures
Queuing and messaging concepts (for example, publish/subscribe)
Serverless technologies and patterns (for example, AWS Fargate, AWS Lambda)
Storage types with associated characteristics (for example, object, file, block)
The orchestration of containers (for example, Amazon Elastic Container Service [Amazon ECS], Amazon Elastic Kubernetes Service [Amazon EKS])
When to use read replicas
Workflow orchestration (for example, AWS Step Functions)

Skills in:

Designing event-driven, micro service, and/or multi-tier architectures based on requirements
Determining scaling strategies for components used in an architecture design
Determining the AWS services required to achieve loose coupling based on requirements
Determining when to use containers
Determining when to use serverless technologies and patterns
Recommending appropriate compute, storage, networking, and database technologies based on requirements
Using purpose-built AWS services for workloads

Task Statement 2: Design highly available and/or fault-tolerant architectures.

Knowledge of:

AWS global infrastructure (for example, Availability Zones, AWS Regions, Amazon Route 53)
AWS managed services with appropriate use cases (for example, Amazon Comprehend, Amazon Polly)
Basic networking concepts (for example, route tables)
Disaster recovery (DR) strategies (for example, backup and restore, pilot light, warm standby, active- active failover, recovery point objective [RPO], recovery time objective [RTO])
Distributed design patterns
Failover strategies
Immutable infrastructure
Load balancing concepts (for example, Application Load Balancer)
Proxy concepts (for example, Amazon RDS Proxy)
Service quotas and throttling (for example, how to configure the service quotas for a workload in a standby environment)
Storage options and characteristics (for example, durability, replication)
Workload visibility (for example, AWS X-Ray) Skills in:
Determining automation strategies to ensure infrastructure integrity
Determining the AWS services required to provide a highly available and/or fault-tolerant architecture across AWS Regions or Availability Zones
Identifying metrics based on business requirements to deliver a highly available solution
Implementing designs to mitigate single points of failure
Implementing strategies to ensure the durability and availability of data (for example, backups)
Selecting an appropriate DR strategy to meet business requirements
Using AWS services that improve the reliability of legacy applications and applications not built for the cloud (for example, when application changes are not possible)
Using purpose-built AWS services for workloads

Domain 3: Design High-Performing Architectures

Task Statement 1: Determine high-performing and/or scalable storage solutions.

Knowledge of:

Hybrid storage solutions to meet business requirements
Storage services with appropriate use cases (for example, Amazon S3, Amazon Elastic File System [Amazon EFS], Amazon Elastic Block Store [Amazon EBS])
Storage types with associated characteristics (for example, object, file, block) Skills in:
Determining storage services and configurations that meet performance demands
Determining storage services that can scale to accommodate future needs

Task Statement 2: Design high-performing and elastic compute solutions.

Knowledge of:

AWS compute services with appropriate use cases (for example, AWS Batch, Amazon EMR, Fargate)
Distributed computing concepts supported by AWS global infrastructure and edge services
Queuing and messaging concepts (for example, publish/subscribe)
Scalability capabilities with appropriate use cases (for example, Amazon EC2 Auto Scaling, AWS Auto Scaling)
Serverless technologies and patterns (for example, Lambda, Fargate)
The orchestration of containers (for example, Amazon ECS, Amazon EKS) Skills in: Decoupling workloads so that components can scale independently
Identifying metrics and conditions to perform scaling actions
Selecting the appropriate compute options and features (for example, EC2 instance types) to meet business requirements
Selecting the appropriate resource type and size (for example, the amount of Lambda memory) to meet business requirements

Task Statement 3: Determine high-performing database solutions.

Knowledge of:

AWS global infrastructure (for example, Availability Zones, AWS Regions)
Caching strategies and services (for example, Amazon ElastiCache)
Data access patterns (for example, read-intensive compared with write-intensive)
Database capacity planning (for example, capacity units, instance types, Provisioned IOPS)
Database connections and proxies
Database engines with appropriate use cases (for example, heterogeneous migrations, homogeneous migrations)
Database replication (for example, read replicas)
Database types and services (for example, serverless, relational compared with non-relational, in- memory)

Skills in:

Configuring read replicas to meet business requirements
Designing database architectures
Determining an appropriate database engine (for example, MySQL compared with PostgreSQL)
Determining an appropriate database type (for example, Amazon Aurora, Amazon DynamoDB)
Integrating caching to meet business requirements

Task Statement 4: Determine high-performing and/or scalable network architectures. Knowledge of: • Edge networking services with appropriate use cases (for example, Amazon CloudFront, AWS Global Accelerator)

How to design network architecture (for example, subnet tiers, routing, IP addressing)
Load balancing concepts (for example, Application Load Balancer)
Network connection options (for example, AWS VPN, Direct Connect, AWS PrivateLink) Skills in:
Creating a network topology for various architectures (for example, global, hybrid, multi-tier)
Determining network configurations that can scale to accommodate future needs Determining the appropriate placement of resources to meet business requirements
Selecting the appropriate load balancing strategy

Task Statement 5: Determine high-performing data ingestion and transformation solutions.

Knowledge of:

Data analytics and visualization services with appropriate use cases (for example, Amazon Athena, AWS Lake Formation, Amazon Quick Sight)
Data ingestion patterns (for example, frequency)
Data transfer services with appropriate use cases (for example, AWS Data Sync, AWS Storage Gateway)
Data transformation services with appropriate use cases (for example, AWS Glue)
Secure access to ingestion access points
Sizes and speeds needed to meet business requirements
Streaming data services with appropriate use cases (for example, Amazon Kinesis) Skills in:
- Building and securing data lakes
- Designing data streaming architectures
- Designing data transfer solutions
- Implementing visualization strategies
- Selecting appropriate compute options for data processing (for example, Amazon EMR)
- Selecting appropriate configurations for ingestion
- Transforming data between formats (for example, .csv to .parquet)

Knowledge of:

Access options (for example, an S3 bucket with Requester Pays object storage)
AWS cost management service features (for example, cost allocation tags, multi-account billing)
AWS cost management tools with appropriate use cases (for example, AWS Cost Explorer, AWS Budgets, AWS Cost and Usage Report)
AWS storage services with appropriate use cases (for example, Amazon FSx, Amazon EFS, Amazon S3, Amazon EBS)
Backup strategies
Block storage options (for example, hard disk drive [HDD] volume types, solid state drive [SSD] volume types)
Data lifecycles
Hybrid storage options (for example, DataSync, Transfer Family, Storage Gateway)
Storage access patterns
Storage tiering (for example, cold tiering for object storage)
Storage types with associated characteristics (for example, object, file, block)

Knowledge of:

AWS cost management service features (for example, cost allocation tags, multi-account billing)
AWS cost management tools with appropriate use cases (for example, Cost Explorer, AWS Budgets, AWS Cost and Usage Report)
AWS global infrastructure (for example, Availability Zones, AWS Regions)
AWS purchasing options (for example, Spot Instances, Reserved Instances, Savings Plans)
Distributed compute strategies (for example, edge processing)
Hybrid compute options (for example, AWS Outposts, AWS Snowball Edge)
Instance types, families, and sizes (for example, memory optimized, compute optimized, virtualization)
Optimization of compute utilization (for example, containers, serverless computing, microservices)
Scaling strategies (for example, auto scaling, hibernation)
Configuring appropriate NAT gateway types for a network (for example, a single shared NAT gateway compared with NAT gateways for each Availability Zone)
Configuring appropriate network connections (for example, Direct Connect compared with VPN compared with internet)
Configuring appropriate network routes to minimize network transfer costs (for example, Region to Region, Availability Zone to Availability Zone, private to public, Global Accelerator, VPC endpoints)
Determining strategic needs for content delivery networks (CDNs) and edge caching
Reviewing existing workloads for network optimizations
Selecting an appropriate throttling strategy
Selecting the appropriate bandwidth allocation for a network device (for example, a single VPN compared with multiple VPNs, Direct Connect speed)

IP Services

Configure and verify inside source NAT using static and pools
Configure and verify NTP operating in a client and server mode
Explain the role of DHCP and DNS within the network
Explain the function of SNMP in network operations
Describe the use of syslog features including facilities and levels
Configure and verify DHCP client and relay
Explain the forwarding per-hop behaviour (PHB) for QoS such as classification,
marking, queuing, congestion, policing, shaping
Configure network devices for remote access using SSH
Describe the capabilities and function of TFTP/FTP in the network

Security Fundamentals

Define key security concepts (threats, vulnerabilities, exploits, and
mitigation techniques)
Describe security program elements (user awareness, training, and
physical access control)
Configure device access control using local passwords
Describe security password policies elements, such as management, complexity,
and password alternatives (multifactor authentication, certificates, and biometrics)
Describe remote access and site-to-site VPNs
Configure and verify access control lists
Configure Layer 2 security features
(DHCP snooping, dynamic ARP inspection, and port security)
Differentiate authentication, authorization, and accounting concepts
Describe wireless security protocols (WPA, WPA2, and WPA3)
Configure WLAN using WPA2 PSK using the GUI

Automation and Programmability

Explain how automation impacts network management
Compare traditional networks with controller-based networking
Describe controller-based and software defined architectures
(overlay, underlay, and fabric)
1. Separation of control plane and data plane
2. North-bound and south-bound APIs
Compare traditional campus device management with Cisco DNA Center
enabled device management
Describe characteristics of REST-based APIs
(CRUD, HTTP verbs, and data encoding)
Recognize the capabilities of configuration management mechanisms Puppet,
Chef, and Ansible
Interpret JSON encoded data

Azure

Manage Azure identities and governance (15–20%)

Manage Azure Active Directory (Azure AD) objects
1. Create users and groups
2. Manage licenses in Azure AD
3. Create administrative units
4. Manage user and group properties
5. Manage device settings and device identity
6. Perform bulk updates
7. Manage guest accounts
8. Configure self-service password reset
Manage access control
1. Create custom role-based access control (RBAC) and Azure AD roles
2. Provide access to Azure resources by assigning roles at different scopes
3. Interpret access assignments
4. Manage Azure subscriptions and governance
5. Configure and manage Azure Policy
6. Configure resource locks
7. Apply and manage tags on resources
8. Manage resource groups
9. Manage subscriptions
10. Manage costs by using alerts, budgets, and recommendations
11. Configure management group

Implement and manage storage (15–20%)

Configure access to storage
1. Configure network access to storage accounts
2. Create and configure storage accounts
3. Generate shared access signature tokens
4. Configure stored access policies
5. Manage access keys
6. Configure Azure AD authentication for a storage account
7. Configure storage encryption
Manage data in Azure storage accounts
1. Create import and export jobs
2. Manage data by using Azure Storage Explorer and AzCopy
3. Implement Azure Storage redundancy
4. Configure object replication
Configure Azure Files and Azure Blob Storage
1. Create an Azure file share
2. Configure Azure Blob Storage
3. Configure storage tiers
4. Configure blob lifecycle management

Deploy and manage Azure compute resources (20–25%)

Automate deployment of resources by using templates
1. Modify an ARM template
2. Deploy a template
3. Save a deployment as an ARM template
4. Deploy virtual machine (VM) extensions
Create and configure VMs
1. Create a VM
2. Manage images by using the Azure Compute Gallery
3. Configure Azure Disk Encryption
4. Move VMs from one resource group to another
5. Manage VM sizes
6. Add data disks
7. Configure VM network settings
8. Configure VM availability options
9. Deploy and configure VM scale sets
Create and configure containers
1. Configure sizing and scaling for Azure Container Instances
2. Configure container groups for Azure Container Instances
3. Configure storage for Azure Kubernetes Service (AKS)
4. Configure scaling for AKS
5. Configure network connections for AKS
6. Upgrade an AKS cluster
Create and configure an Azure App Service
1. Create an App Service plan
2. Create an App Service
3. Secure an App Service
4. Configure custom domain names
5. Configure backup for an App Service
6. Configure networking settings
7. Configure deployment settings

Configure and manage virtual networking (20–25%)

Configure virtual networks
1. Create and configure virtual networks and subnets
2. Create and configure virtual network peering
3. Configure private and public IP addresses
4. Configure user-defined network routes
5. Configure Azure DNS
Configure secure access to virtual networks
1. Create and configure network security groups (NSGs) and application security groups (ASGs)
2. Evaluate effective security rules
3. Implement Azure Bastion
4. Configure service endpoints on subnets
5. Configure private endpoints
Configure load balancing
1. Configure Azure Application Gateway
2. Configure an internal or public load balancer
3. Troubleshoot load balancing
Monitor virtual Networking
1. Monitor on-premises connectivity
2. Configure and use Azure Monitor for networks
3. Use Azure Network Watcher
4. Troubleshoot external networking
5. Troubleshoot virtual network connectivity

Monitor and maintain Azure resources (10–15%)

Monitor resources by using Azure Monitor
1. Configure and interpret metrics
2. Configure Azure Monitor Logs
3. Query and analyze logs
4. Set up alerts and actions
5. Configure monitoring of VMs, storage accounts, and networks by using VM insights
Implement backup and recovery
1. Create an Azure Recovery Services vault
2. Create an Azure Backup vault
3. Create and configure backup policy
4. Perform backup and restore operations by using Azure Backup
5. Configure Azure Site Recovery for Azure resources
6. Perform failover to a secondary region by using Azure Site Recovery
7. Configure and review backup reports