Master in Network Engineering Course Updated 2023

• Computer Basics
• Tools & Safety Precautions
• Digital Fundamentals
• Assembling & maintenance
• Operating System Concepts
• Network
• Concept
• Windows 10 Configuration
• Diagnostic utilities
• Diagnosing & Troubleshooting
• Personal Computer Security

Hardware

Identifying, using and connecting hardware components and devices, including the broad knowledge about different devices that is now necessary to support the remote workforce

Software Troubleshooting

Troubleshoot PC and mobile device issues including common OS, malware and security issues

Security

Identify and protect against security vulnerabilities for devices and their network connections

Mobile Devices

Install and configure laptops and other mobile devices and support applications to ensure connectivity for end users

• Installing, upgrading, and migrating servers and workloads
  • Introducing Windows Server 2016
  • Preparing and installing Nano Server and Server Core
  • Preparing for upgrades and migrations
  • Migrating server roles and workloads
  • Windows Server activation models
• Configuring local storage
  • Managing disks in Windows Server
  • Managing volumes in Windows Server
• Implementing enterprise storage solutions
  • Overview of DAS, NAS, and SANs
  • Comparing Fibre Channel, iSCSI, and Fibre Channel over Ethernet
  • Understanding iSNS, DCB, and MPIO
  • Configuring sharing in Windows Server 2016
• Implementing Storage Spaces and Data Deduplication
  • Implementing Storage Spaces
  • Managing Storage Spaces
  • Implementing Data Deduplication
• Installing and configuring Hyper-V and virtual machines
  • Overview of Hyper-V
  • Installing Hyper-V
  • Configuring storage on Hyper-V host servers
  • Configuring networking on Hyper-V host servers
  • Configuring Hyper-V virtual machines
  • Managing virtual machines
• Planning and implementing an IPv4 network
  • Planning IPv4 addressing
  • Configuring an IPv4 host
  • Managing and troubleshooting IPv4 network connectivity
• Implementing DHCP
  • Overview of the DHCP server role
  • Deploying DHCP
  • Managing and troubleshooting DHCP
• Implementing IPv6
  • Overview of IPv6 addressing
  • Configuring an IPv6 host
  • Implementing IPv6 and IPv4 coexistence
  • Transitioning from IPv4 to IPv6
• Implementing DNS
  • Implementing DNS servers
  • Configuring zones in DNS
  • Configuring name resolution between DNS zones
  • Configuring DNS integration with Active Directory Domain Services (AD DS)
  • Configuring advanced DNS settings

• Introduction to Red Hat Enterprise Linux
  • Overview of the Red Hat Enterprise Linux operating system
  • Linux distributions and their differences
  • Installing and configuring Red Hat Enterprise Linux
  • The Linux Command Line Interface
• Basic Linux commands and their syntax
  • Navigating the file system
  • Using command-line utilities
  • Managing Files and Directories
• Working with files and directories in the Linux file system
  • Permissions and ownership
  • Archiving and compressing files
  • System Administration Tasks
• Installing and managing software packages
  • Managing users and groups
  • Managing services
  • System monitoring and logging
• Shell Scripting
  • Basics of shell scripting
  • Creating and executing shell scripts
  • Using variables and control structures in shell scripts
  • Debugging shell scripts

Cisco Certified Network Associate 200-301

Main Topics

1. Network Fundamentals
2. Network Access
3. IP Connectivity
4. IP Services
5. Security Fundamentals
6. Automation and Programmability

• Network Fundamentals
  • Explain the role and function of network components
    • Routers
    • Layer 2 and Layer 3 switches
    • Next-generation firewalls and IPS
    • Access points
    • Controllers (Cisco DNA Center and WLC)
    • Endpoints
    • Servers
    • PoE
  • Describe characteristics of network topology architectures
    • Two-tier
    • Three-tier
    • Spine-leaf
    • WAN
    • Small office/home office (SOHO)
    • On-premise and cloud
  • Compare physical interface and cabling types
    • Single-mode fiber, multimode fiber, copper
    • Connections (Ethernet shared media and point-to-point)
  • Identify interface and cable issues (collisions, errors, mismatch duplex, and/or speed)
  • Compare TCP to UDP
  • Configure and verify IPv4 addressing and subnetting
  • Describe the need for private IPv4 addressing
  • Configure and verify IPv6 addressing and prefix
  • Describe IPv6 address types
    • Unicast (global, unique local, and link local)
    • Anycast
    • Multicast
    • Modified EUI 64
  • Verify IP parameters for Client OS (Windows, Mac OS, Linux)
    • 11 Describe wireless principles
      • Nonoverlapping Wi-Fi channels
      • SSID
      • RF
      • Encryption
    • Explain virtualization fundamentals (server virtualization, containers, and VRFs)
    • Describe switching concepts
    • MAC learning and aging
    • Frame switching
    • Frame flooding
    • MAC address table
• Network Access
  • Configure and verify VLANs (normal range) spanning multiple switches
    • Access ports (data and voice)
    • Default VLAN
    • Connectivity
  • Configure and verify inter switch connectivity
    • Trunk ports
    • 802.1Q
    • Native VLAN
  • Configure and verify Layer 2 discovery protocols (Cisco Discovery Protocol and LLDP)
  • Configure and verify (Layer 2/Layer 3) Ether Channel (LACP)
  • Describe the need for and basic operations of Rapid PVST+ Spanning Tree Protocol and identify basic operations
    • Root port, root bridge (primary/secondary), and other port names
    • Port states (forwarding/blocking)
    • Port-Fast benefits
  • Compare Cisco Wireless Architectures and AP modes
  • Describe physical infrastructure connections of WLAN components (AP,WLC, access/trunk ports, and LAG)
  • Describe AP and WLC management access connections (Telnet, SSH, HTTP, HTTPS, console, and TACACS+/RADIUS)
  • Configure the components of a wireless LAN access for client connectivity using GUI only such as WLAN creation, security settings, QoS profiles, and advanced WLAN settings
• IP Connectivity
  • Interpret the components of routing table
    • Routing protocol code
    • Prefix
    • Network mask
    • Next hop
    • Administrative distance
    • Metric

    • Gateway of last resort

  • Determine how a router makes a forwarding decision by default
    • Longest match
    • Administrative distance

    • Routing protocol metric

  • Configure and verify IPv4 and IPv6 static routing
    • Default route

    • Network route

    • Host route
    • Floating static
  • Configure and verify single area.OSPFv2
    • Neighbour adjacencies
    • Point-to-point
    • Broadcast (DR/BDR selection)

    • Router ID

  • Describe the purpose of first hop redundancy protocol

• IP Services
  • Configure and verify inside source NAT using static and pools
  • Configure and verify NTP operating in a.client and server mode

  • Explain the role of DHCP and DNS within the network

  • Explain the function of SNMP in network operations
  • Describe the use of syslog features including facilities and levels
  • Configure and verify DHCP client and relay

  • Explain the forwarding per-hop behaviour (PHB) for QoS such as classification, marking, queuing, congestion, policing, shaping

  • Configure network devices for remote access using SSH

  • Describe the capabilities and function of TFTP/FTP in the network
• Security Fundamentals
  • Define key security concepts (threats, vulnerabilities, exploits,     and mitigation techniques)

  • Describe security program elements (user awareness, training, and physical access control)

  • Configure device access control using local passwords
  • Describe security password policies elements, such as management, complexity, and password alternatives (multifactor authentication, certificates, and biometrics)
  • Describe remote access and site-to-site VPNs
  • Configure and verify access control lists
  • Configure Layer 2 security features  (DHCP snooping, dynamic ARP inspection, and port security)

  • Differentiate authentication, authorization, and accounting concepts

  • Describe wireless security protocols (WPA, WPA2, and WPA3)
  • Configure WLAN using WPA2 PSK using the GUI

• Automation and Programmability

  • Explain how automation impacts network management
  • Compare traditional networks with controller-based networking
  • Describe controller-based and software defined architectures (overlay, underlay, and fabric)

    • Separation of control plane and data plane

    • North-bound and south-bound APIs
  • Compare traditional campus device management with Cisco DNA Center enabled device management
  • Describe characteristics of REST-based APIs (CRUD, HTTP verbs, and data encoding)
  • Recognize the capabilities of configuration management mechanisms Puppet, Chef, and Ansible
  • Interpret JSON encoded data

Implementing and Operating Cisco Enterprise Network Core Technologies (ENCOR) v1.2

Objectives

After taking this course, you should be able to:

• Illustrate the hierarchical network design model and architecture using the access, distribution, and core layers
• Compare and contrast the various hardware and software switching mechanisms and operation, while defining the Ternary Content Addressable Memory (TCAM) and Content Addressable Memory (CAM), along with process switching, fast switching, and Cisco Express Forwarding concepts
• Troubleshoot Layer 2 connectivity using VLANs and trunking
• Implementation of redundant switched networks using Spanning Tree Protocol
• Troubleshooting link aggregation using Etherchannel
• Describe the features, metrics, and path selection concepts of Enhanced Interior Gateway Routing Protocol (EIGRP)
• Implementation and optimization of Open Shortest Path First (OSPF)v2 and OSPFv3, including adjacencies, packet types, and areas, summarization, and route filtering for IPv4 and IPv6
• Implementing External Border Gateway Protocol (EBGP) interdomain routing, path selection, and single and dual-homed networking
• Implementing network redundancy using protocols including Hot Standby Routing Protocol (HSRP) and Virtual Router Redundancy Protocol (VRRP)
• Implementing internet connectivity within Enterprise using static and dynamic Network Address Translation (NAT)
• Describe the virtualization technology of servers, switches, and the various network devices and components
• Implementing overlay technologies such as Virtual Routing and Forwarding (VRF), Generic Routing Encapsulation (GRE), VPN, and Location Identifier Separation Protocol (LISP)
• Describe the components and concepts of wireless networking including Radio Frequency (RF) and antenna characteristics, and define the specific wireless standards
• Describe the various wireless deployment models available, include autonomous Access Point (AP) deployments and cloud- based designs within the centralized Cisco Wireless LAN Controller (WLC) architecture
• Describe wireless roaming and location services
• Describe how APs communicate with WLCs to obtain software, configurations, and centralized management
• Configure and verify Extensible Authentication Protocol (EAP), WebAuth, and Pre-Shared Key (PSK) wireless client authentication on a WLC
• Troubleshoot wireless client connectivity issues using various available tools
• Troubleshooting Enterprise networks using services such as Network Time Protocol (NTP), Simple Network Management Protocol (SNMP), Cisco Internetwork Operating System (Cisco IOS®) IP Service Level Agreements (SLAs), NetFlow, and Cisco IOS Embedded Event Manager
• Explain the use of available network analysis and troubleshooting tools, which include show and debug commands, as well as best practices in troubleshooting
• Configure secure administrative access for Cisco IOS devices using the Command-Line Interface (CLI) access, Role-Based Access Control (RBAC), Access Control List (ACL), and Secure Shell (SSH), and explore device hardening concepts to secure devices from less secure applications, such as Telnet and HTTP
• Implement scalable administration using Authentication, Authorization, and Accounting (AAA) and the local database, while exploring the features and benefits
• Describe the enterprise network security architecture, including the purpose and function of VPNs, content security, logging, endpoint security, personal firewalls, and other security features
• Explain the purpose, function, features, and workflow of Cisco DNA Center™ Assurance for Intent-Based Networking, for network visibility, proactive monitoring, and application experience
• Describe the components and features of the Cisco SD-Access solution, including the nodes, fabric control plane, and data plane, while illustrating the purpose and function of the Virtual Extensible LAN (VXLAN) gateways
• Define the components and features of Cisco SD-WAN solutions, including the orchestration plane, management plane, control plane, and data plane
• Describe the concepts, purpose, and features of multicast protocols, including Internet Group Management Protocol (IGMP) v2/v3, Protocol-Independent Multicast (PIM) dense mode/sparse mode, and rendezvous points
• Describe the concepts and features of Quality of Service (QoS), and describe the need within the enterprise network
• Explain basic Python components and conditionals with script writing and analysis
• Describe network programmability protocols such as Network Configuration Protocol (NETCONF) and RESTCONF
• Describe APIs in Cisco DNA Center and vManage

Prerequisites

• Knowledge and skills you should have before attending this course:
• Implementation of Enterprise LAN networks
• Basic understanding of Enterprise routing and wireless connectivity
• Basic understanding of Python scripting

Outline

• Examining Cisco Enterprise Network Architecture
• Understanding Cisco Switching Paths
• Implementing Campus LAN Connectivity
• Building Redundant Switched Topology
• Implementing Layer 2 Port Aggregation
• Understanding EIGRP
• Implementing OSPF
• Optimizing OSPF
• Exploring EBGP
• Implementing Network Redundancy
• Implementing NAT
• Introducing Virtualization Protocols and Techniques
• Understanding Virtual Private Networks and Interfaces
• Understanding Wireless Principles
• Examining Wireless Deployment Options
• Understanding Wireless Roaming and Location Services
• Examining Wireless AP Operation
• Understanding Wireless Client Authentication
• Troubleshooting Wireless Client Connectivity
• Introducing Multicast Protocols
• Introducing QoS
• Implementing Network Services
• Using Network Analysis Tools
• Implementing Infrastructure Security
• Implementing Secure Access Control
• Understanding Enterprise Network Security Architecture
• Exploring Automation and Assurance Using Cisco DNA Center
• Examining the Cisco SD-Access Solution
• Understanding the Working Principles of the Cisco SD-WAN Solution
• Understanding the Basics of Python Programming
• Introducing Network Programmability Protocols
• Introducing APIs in Cisco DNA Center and VManage

Lab outline

• Investigate the CAM
• Analyze Cisco Express Forwarding
• Troubleshoot VLAN and Trunk Issues
• Tuning Spanning      Tree    Protocol        (STP)   and     Configuring
• Rapid Spanning Tree Protocol (RSTP)
• Configure Multiple Spanning Tree Protocol
• Troubleshoot Ether-Channel
• Implement Multi-area OSPF
• Implement OSPF Tuning
• Apply OSPF Optimization
• Implement OSPFv3
• Configure and Verify Single-Homed EBGP
• Implementing Hot Standby Routing Protocol (HSRP)
• Configure Virtual Router Redundancy Protocol (VRRP)
• Implement NAT
• Configure and Verify Virtual Routing and Forwarding (VRF)
• Configure and Verify a Generic Routing Encapsulation (GRE) Tunnel
• Configure Static Virtual Tunnel Interface       (VTI) Point-to-Point Tunnels
• Configure Wireless Client Authentication in a Centralized Deployment
• Troubleshoot Wireless Client Connectivity Issues
• Configure Syslog
• Configure and Verify Flexible Net-Flow
• Configuring Cisco IOS Embedded Event Manager (EEM)
• Troubleshoot Connectivity and Analyze Traffic with Ping, Traceroute, and Debug Configure and Verify Cisco IP SLAs
• Configure Standard and Extended ACLs
• Configure Control Plane Policing
• Implement Local and Server-Based AAA
• Writing and Troubleshooting Python Scripts
• Explore JavaScript Object Notation (JSON) Objects and Scripts in Python
• Use NETCONF Via SSH
• Use RESTCONF with Cisco IOS XE Software

Enterprise Advanced Routing and  Services  (ENARSI) 1.0

• Configure classic Enhanced Interior Gateway Routing Protocol (EIGRP) and named EIGRP for IPv4 and IPv6
• Optimize classic EIGRP and named EIGRP for IPv4 and IPv6
• Troubleshoot classic EIGRP and named EIGRP for IPv4 and IPv6
• Configure Open Shortest Path First (OSPF)v2 and OSPFv3 in IPv4 and IPv6 environments
• Optimize OSPFv2 and OSPFv3 behavior
• Troubleshoot OSPFv2 for IPv4 and OSPFv3 for IPv4 and IPv6
• Implement route redistribution using filtering mechanisms
• Troubleshoot redistribution
• Implement path control using Policy-Based Routing (PBR) and IP Service Level Agreement (SLA)
• Configure Multiprotocol-Border Gateway Protocol (MP-BGP) in IPv4 and IPv6 environments
• Optimize MP-BGP in IPv4 and IPv6 environments
• Troubleshoot MP-BGP for IPv4 and IPv6
• Describe the features of Multiprotocol Label Switching (MPLS)
• Describe the major architectural components of an MPLS VPN
• Identify the routing and packet forwarding functionalities for MPLS VPNs
• Explain how packets are forwarded in an MPLS VPN environment
• Implement Cisco Internetwork Operating System (IOS®) Dynamic Multipoint VPNs (DMVPNs)
• Implement Dynamic Host Configuration Protocol (DHCP)
• Describe the tools available to secure the IPV6 first hop
• Troubleshoot Cisco router security features
• Troubleshoot infrastructure security and services

Prerequisites

• Before taking this course, you should have:
• General understanding of network fundamentals
• Basic knowledge of how to implement LANs
• General understanding of how to manage network devices
• General understanding of how to secure network devices
• Basic knowledge of network automation
• These Cisco courses are recommended to help you meet these prerequisites:
• Implementing and Operating Cisco Enterprise Network Core Technologies (ENCOR) v1.0
• Interconnecting Cisco Networking Devices, Part 1 (ICND1) v3.0
• Interconnecting Cisco Networking Devices, Part 2 (ICND2) v3.0

Outline

• Implementing EIGRP
• Optimizing EIGRP
• Troubleshooting EIGRP
• Implementing OSPF
• Optimizing OSPF
• Troubleshooting OSPF
• Configuring Redistribution
• Troubleshooting Redistribution
• Implementing Path Control
• Implementing Internal Border Gateway Protocol (IBGP)
• Optimizing BGP
• Implementing MP-BGP
• Troubleshooting BGP
• Exploring MPLS
• Introducing MPLS L3 VPN Architecture
• Introducing MPLS L3 VPN Routing
• Configuring Virtual Routing and Forwarding (VRF)-Lite
• Implementing DMVPN
• Implementing DHCP
• Introducing IPv6 First Hop Security
• Securing Cisco Routers
• Troubleshooting Infrastructure Security and Services
• Troubleshooting with DNA Center Assurance

Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0

Course details Objectives

After taking this course, you should be able to:

• Describe information security concepts and strategies within the network
• Describe common TCP/IP, network application, and endpoint attacks
• Describe how various network security technologies work together to guard against attacks
• Implement access control on Cisco ASA appliance and Cisco Firepower Next-Generation Firewall
• Describe and implement basic email content security features and functions provided by Cisco Email Security Appliance
• Describe and implement web content security features and functions provided by Cisco Web Security Appliance
• Describe Cisco Umbrella® security capabilities, deployment models, policy management, and Investigate console
• Introduce VPNs and describe cryptography solutions and algorithms
• Describe Cisco secure site-to-site connectivity solutions and explain how to deploy Cisco Internetwork Operating System (Cisco IOS®) Virtual Tunnel Interface (VTI)-based point-to-point IPsec VPNs, and point-to-point IPsec VPN on the Cisco ASA and Cisco Firepower Next-Generation Firewall (NGFW)
• Describe and deploy Cisco secure remote access connectivity solutions and describe how to configure 1X and Extensible Authentication Protocol (EAP) authentication
• Provide basic understanding of endpoint security and describe Advanced Malware Protection (AMP) for Endpoints architecture and basic features
• Examine various defenses on Cisco devices that protect the control and management plane
• Configure and verify Cisco IOS software Layer 2 and Layer 3 data plane controls
• Describe Cisco Stealth-watch Enterprise and Stealth-watch Cloud solutions
• Describe basics of cloud computing and common cloud attacks and how to secure cloud environment

Prerequisites

To fully benefit from this course, you should have the following knowledge and skills:

• Skills and knowledge equivalent to those learned in Implementing and Administering Cisco Solutions (CCNA®) 0 course
• Familiarity with Ethernet and TCP/IP networking
• Working knowledge of the Windows operating system
• Working knowledge of Cisco IOS networking and concepts
• Familiarity with basics of networking security concepts These Cisco courses are recommended to help you meet these prerequisites:
• Implementing and Administering Cisco Solutions (CCNA)

Outline

• Describing Information Security Concepts*
  • Information Security Overview
  • Assets, Vulnerabilities, and Countermeasures
  • Managing Risk
• Describing Common TCP/IP Attacks*
  • Legacy TCP/IP Vulnerabilities
  • IP Vulnerabilities
  • Internet Control Message Protocol (ICMP) Vulnerabilities
• Describing Common Network Application Attacks*
  • Password Attacks
  • Domain Name System (DNS)-Based Attacks
  • DNS Tunnelling
• Describing Common Endpoint Attacks*
  • Buffer Overflow
  • Malware
  • Reconnaissance Attack
• Describing Network Security Technologies
  • Défense-in-Depth Strategy
  • Defending Across the Attack Continuum
  • Network Segmentation and Virtualization Overview
• Deploying Cisco ASA Firewall
  • Cisco ASA Deployment Types
  • Cisco ASA Interface Security Levels
  • Cisco ASA Objects and Object Groups
• Deploying Cisco Firepower Next-Generation Firewall
  • Cisco Firepower NGFW Deployments
  • Cisco Firepower NGFW Packet Processing and Policies
  • Cisco Firepower NGFW Objects
• Deploying Email Content Security
  • Cisco Email Content Security Overview
  • Simple Mail Transfer Protocol (SMTP) Overview
  • Email Pipeline Overview
• Deploying Web Content Security
  • Cisco Web Security Appliance (WSA) Overview
  • Deployment Options
  • Network Users Authentication
• Deploying Cisco Umbrella*
  • Cisco Umbrella Architecture
  • Deploying Cisco Umbrella
  • Cisco Umbrella Roaming Client
• Explaining VPN Technologies and Cryptography
  • VPN Definition
  • VPN Types
  • Secure Communication and Cryptographic Services
• Introducing Cisco Secure Site-to-Site VPN Solutions
  • Site-to-Site VPN Topologies
  • IPsec VPN Overview
  • IPsec Static Crypto Maps
• Deploying Cisco IOS VTI-Based Point-to-Point IPsec VPNs
  • Cisco IOS VTIs
  • Static VTI Point-to-Point IPsec Internet Key Exchange (IKE) v2 VPN Configuration
• Deploying Point-to-Point IPsec VPNs on the Cisco ASA and Cisco Firepower NGFW
  • Point-to-Point VPNs on the Cisco ASA and Cisco Firepower NGFW
  • Cisco ASA Point-to-Point VPN Configuration
  • Cisco Firepower NGFW Point-to-Point VPN Configuration
• Introducing Cisco Secure Remote Access VPN Solutions
  • Remote Access VPN Components
  • Remote Access VPN Technologies
  • Secure Sockets Layer (SSL) Overview
• Deploying Remote Access SSL VPNs on the Cisco ASA and Cisco Firepower NGFW
  • Remote Access Configuration Concepts
  • Connection Profiles
  • Group Policies
• Explaining Cisco Secure Network Access Solutions
  • Cisco Secure Network Access
  • Cisco Secure Network Access Components
  • AAA Role in Cisco Secure Network Access Solution
• Describing 1X Authentication
  • 1X and Extensible Authentication Protocol (EAP)
  • EAP Methods
  • Role of Remote Authentication Dial-in User Service (RADIUS) in 1X Communications
• Configuring 1X Authentication
  
  • Cisco Catalyst® Switch 1X Configuration
  • Cisco Wireless LAN Controller (WLC) 1X Configuration
  • Cisco Identity Services Engine (ISE) 1X Configuration
• Describing Endpoint Security Technologies* 
  • Host-Based Personal Firewall
  • Host-Based Anti-Virus
  • Host-Based Intrusion Prevention System
• Deploying Cisco Advanced Malware Protection (AMP) for Endpoints*
  • Cisco AMP for Endpoints Architecture
  • Cisco AMP for Endpoints Engines
  • Retrospective Security with Cisco AMP
• Introducing Network Infrastructure Protection*
  • Identifying Network Device Planes
  • Control Plane Security Controls
  • Management Plane Security Controls
• Deploying Control Plane Security Controls*
  • Infrastructure ACLs
  • Control Plane Policing
  • Control Plane Protection
• Deploying Layer 2 Data Plane Security Controls*
  • Overview of Layer 2 Data Plane Security Controls
  • Virtual LAN (VLAN)-Based Attacks Mitigation
  • Spanning Tree Protocol (STP) Attacks Mitigation
• Deploying Layer 3 Data Plane Security Controls*
  • Infrastructure Antispoofing ACLs
  • Unicast Reverse Path Forwarding
  • IP Source Guard
• Deploying Management Plane Security Controls*
  • Cisco Secure Management Access
  • Simple Network Management Protocol Version 3
  • Secure Access to Cisco Devices
• Deploying Traffic Telemetry Methods*
  • Network Time Protocol
  • Device and Network Events Logging and Export
  • Network Traffic Monitoring Using NetFlow
• Deploying Cisco Stealthwatch Enterprise*
  • Cisco Stealthwatch Offerings Overview
  • Cisco Stealthwatch Enterprise Required Components
  • Flow Stitching and Deduplication
• Describing Cloud and Common Cloud Attacks*
  • Evolution of Cloud Computing
  • Cloud Service Models
  • Security Responsibilities in Cloud
• Securing the Cloud*
  • Cisco Threat-Centric Approach to Network Security
  • Cloud Physical Environment Security
  • Application and Workload Security
• Deploying Cisco Stealth watch Cloud*
  • Cisco Stealth watch Cloud for Public Cloud Monitoring
  • Cisco Stealth watch Cloud for Private Network Monitoring
  • Cisco Stealth watch Cloud Operations
• Describing Software-Defined Networking (SDN*)
  • Software-Defined Networking Concepts
  • Network Programmability and Automation
  • Cisco Platforms and APIs
  • This section is self-study material that can be done at your own pace if you are taking the instructor-led version of this

Lab outline

• Configure Network Settings and NAT on Cisco ASA
• Configure Cisco ASA Access Control Policies
• Configure Cisco Firepower NGFW NAT
• Configure Cisco Firepower NGFW Access Control Policy
• Configure Cisco Firepower NGFW Discovery and IPS Policy
• Configure Cisco NGFW Malware and File Policy
• Configure Listener, Host Access Table (HAT), and Recipient Access Table (RAT) on Cisco Email Security Appliance (ESA)
• Configure Mail Policies
• Configure Proxy Services, Authentication, and HTTPS Decryption
• Enforce Acceptable Use Control and Malware Protection
• Examine the Umbrella Dashboard
• Examine Cisco Umbrella Investigate
• Explore DNS Ransomware Protection by Cisco Umbrella
• Configure Static VTI Point-to-Point IPsec IKEv2 Tunnel
• Configure Point-to-Point VPN between the Cisco ASA and Cisco Firepower NGFW
• Configure Remote Access VPN on the Cisco Firepower NGFW
• Explore Cisco AMP for Endpoints
• Perform Endpoint Analysis Using AMP for Endpoints Console
• Explore File Ransomware Protection by Cisco AMP for Endpoints Console
• Explore Cisco Stealth watch Enterprise 9.3
• Explore Cognitive Threat Analytics (CTA) in Stealth watch Enterprise 0
• Explore the Cisco Cloud lock Dashboard and User Security
• Explore Cisco Cloud lock Application and Data Security
• Explore Cisco Stealth watch Cloud
• Explore Stealth watch Cloud Alert Settings, Watch lists, and Sensors

Implementing Secure Solutions with Virtual   Private Networks (SVPN) v1.0

Objectives
After taking this course, you should be able to:

• Introduce site-to-site VPN options available on Cisco router and firewalls
• Introduce remote access VPN options available on Cisco router and firewalls
• Review site-to-site and remote access VPN design options
• Review troubleshooting processes for various VPN options available on Cisco router and firewalls

Prerequisites

Before taking this course, you should have the following knowledge and skills:

• Familiarity with the various Cisco router and firewall command modes
• Experience navigating and managing Cisco routers and firewalls
• Clear understanding of the benefits of site-to-site and Remote Access VPN options

The following Cisco courses can help you gain the knowledge you need to prepare for this course:

• Implementing and Administering Cisco Solutions (CCNA^®)
• Implementing and Operating Cisco Security Core Technologies (SCOR)

Outline

• Introducing VPN Technology Fundamentals
• Implementing Site-to-Site VPN Solutions
• Implementing Cisco Internetwork Operating System (Cisco IOS®) Site-to-Site FlexVPN Solutions
• Implement Cisco IOS Group Encrypted Transport (GET) VPN Solutions
• Implementing Cisco AnyConnect VPNs
• Implementing Clientless VPNs

Lab outline

• Explore IPsec Technologies
• Implement and Verify Cisco IOS Point-to-Point VPN
• Implement and Verify Cisco Adaptive Security Appliance (ASA) Point-to-Point VPN
• Implement and Verify Cisco IOS Virtual Tunnel Interface (VTI) VPN
• Implement and Verify Dynamic Multipoint VPN (DMVPN)
• Troubleshoot DMVPN
• Implement and Verify FlexVPN with Smart Defaults
• Implement and Verify Point-to-Point FlexVPN
• Implement and Verify Hub and Spoke FlexVPN
• Implement and Verify Spoke-to-Spoke FlexVPN
• Troubleshoot Cisco IOS FlexVPN
• Implement and Verify AnyConnect Transport Layer Security (TLS) VPN on ASA
• Implement and Verify Advanced Authentication, Authorization, and Accounting (AAA) on Cisco AnyConnect VPN
• Implement and Verify Clientless VPN on ASA