Network Fundamentals

•  Explain the role and function of network components
•  Describe characteristics of network topology architectures
•  Compare physical interface and cabling types
•  Identify interface and cable issues (collisions, errors, mismatch duplex, and/or speed)
• Compare TCP to UDP
•  Configure and verify IPv4 addressing and subnetting
•  Describe the need for private IPv4 addressing
•  Configure and verify IPv6 addressing and prefix
•  Compare IPv6 address types
•  Verify IP parameters for Client OS (Windows, Mac OS, Linux)
•  Describe wireless principles
•  Explain virtualization fundamentals (virtual machines)
•  Describe switching concepts

 Network Access

• Configure and verify VLANs (normal range) spanning multiple switches
•  Configure and verify interswitch connectivity
•  Configure and verify Layer 2 discovery protocols (Cisco Discovery Protocol and LLDP)
•  Configure and verify (Layer 2/Layer 3) EtherChannel (LACP)
•  Describe the need for and basic operations of Rapid PVST+ Spanning Tree Protocol and identify basic operations
•  Compare Cisco Wireless Architectures and AP modes
•  Describe physical infrastructure connections of WLAN components (AP,WLC, access/trunk ports, and LAG)
•  Describe AP and WLC management access connections (Telnet, SSH, HTTP,HTTPS, console, and TACACS+/RADIUS)
•  Configure the components of a wireless LAN access for client connectivity using GUI only such as WLAN creation, security settings, QoS profiles, and advanced WLAN settings

IP Connectivity

•  Interpret the components of routing table
•  Determine how a router makes a forwarding decision by default
•  Configure and verify IPv4 and IPv6 static routing
•  Configure and verify single area OSPFv2
•  Describe the purpose of first hop redundancy protocol

 IP Services

•  Configure and verify inside source NAT using static and pools
•  Configure and verify NTP operating in a client and server mode
•  Explain the role of DHCP and DNS within the network
•  Explain the function of SNMP in network operations
•  Describe the use of syslog features including facilities and levels
•  Configure and verify DHCP client and relay
•  Explain the forwarding per-hop behavior (PHB) for QoS such as classification, marking, queuing, congestion, policing, shaping
•  Configure network devices for remote access using SSH
•  Describe the capabilities and function of TFTP/FTP in the network

Security Fundamentals

•  Define key security concepts (threats, vulnerabilities, exploits, and mitigation techniques)
•  Describe security program elements (user awareness, training, and physical access control)
•  Configure device access control using local passwords
•  Describe security password policies elements, such as management, complexity, and password alternatives (multifactor authentication, certificates, and biometrics)
•  Describe remote access and site-to-site VPNs
•  Configure and verify access control lists
•  Configure Layer 2 security features (DHCP snooping, dynamic ARP inspection, and port security)
•  Differentiate authentication, authorization, and accounting concepts
•  Describe wireless security protocols (WPA, WPA2, and WPA3)
•  Configure WLAN using WPA2 PSK using the GUI

Automation and Programmability

•  Explain how automation impacts network management
•  Compare traditional networks with controller-based networking
•  Describe controller-based and software defined architectures (overlay, underlay, and fabric)
•  Compare traditional campus device management with Cisco DNA Center enabled device management
•  Describe characteristics of REST-based APIs (CRUD, HTTP verbs, and data encoding)
• Recognize the capabilities of configuration management mechanisms Puppet, Chef, and Ansible
•  Interpret JSON encoded data

 הכנה למבחן הסמכה

Security Concepts

• Describe the principles of the defense in depth strategy
•  Compare and contrast these concepts
•  Describe these terms
•  Describe these security terms
•  Compare and contrast these access control models
•  Compare and contrast these terms
•  Describe these concepts

Cryptography

• Describe the uses of a hash algorithm
•  Describe the uses of encryption algorithms
•  Compare and contrast symmetric and asymmetric encryption algorithms
•  Describe the processes of digital signature creation and verification
•  Describe the operation of a PKI
•  Describe the security impact of these commonly used hash algorithms
•  Describe the security impact of these commonly used encryption algorithms and secure communications protocols
•  Describe how the success or failure of a cryptographic exchange impacts security investigation
•  Describe these items in regards to SSL/TLS

 Host-Based Analysis

• Define these terms as they pertain to Microsoft Windows
•  Define these terms as they pertain to Linux
•  Describe the functionality of these endpoint technologies in regards to security monitoring
•  Interpret these operating system log data to identify an event

 Security Monitoring

•  Identify the types of data provided by these technologies
•  Describe these types of data used in security monitoring
•  Describe these concepts as they relate to security monitoring
•  Describe these NextGen IPS event types
•  Describe the function of these protocols in the context of security monitoring

 Attack Methods

•  Compare and contrast an attack surface and vulnerability
•  Describe these network attacks
•  Describe these web application attacks
•  Describe these attacks
•  Describe these endpoint-based attacks
•  Describe these evasion methods
•  Define privilege escalation
•  Compare and contrast remote exploit and a local exploit

 הכנה למבחן הסמכה

SECOPS:

•  Endpoint Threat Analysis and Computer Forensics
•  Interpret the output report of a malware analysis tool such as AMP Threat Grid and Cuckoo Sandbox

•  Describe these terms as they are defined in the CVSS 3.0:
•  Describe these terms as they are defined in the CVSS 3.0
•  Define these items as they pertain to the Microsoft Windows file system
•  Define these terms as they pertain to the Linux file system
•  Compare and contrast three types of evidence
•  Compare and contrast two types of image
•  Describe the role of attribution in an investigation

 Network Intrusion Analysis

•  Interpret basic regular expressions
•  Describe the fields in these protocol headers as they relate to intrusion analysis:
•  Identify the elements from a NetFlow v5 record from a security event
•  Identify these key elements in an intrusion from a given PCAP file
•  Extract files from a TCP stream when given a PCAP file and Wireshark
• Interpret common artifact elements from an event to identify an alert
•  Map the provided events to these source technologies
•  Compare and contrast impact and no impact for these items
•  Interpret a provided intrusion event and host profile to calculate the impact flag generated by Firepower Management Center (FMC)

 Incident Response

•  Describe the elements that should be included in an incident response plan as stated in NIST.SP800-61 r2
•  Map elements to these steps of analysis based on the NIST.SP800-61 r2
•  Map the organization stakeholders against the NIST IR categories (C2M2, NIST.SP800-61 r2)
•  Describe the goals of the given CSIRT
•  Identify these elements used for network profiling
•  Identify these elements used for server profiling
•  Map data types to these compliance frameworks
•  Identify data elements that must be protected with regards to a specific standard (PCI-DSS)

 Data and Event Analysis

•  Describe the process of data normalization
•  Interpret common data values into a universal format
•  Describe 5-tuple correlation
•  Describe the 5-tuple approach to isolate a compromised host in a grouped set of logs
•  Describe the retrospective analysis method to find a malicious file, provided file analysis report
•  Identify potentially compromised hosts within the network based on a threat analysis report containing malicious IP address or domains
•  Map DNS logs and HTTP logs together to find a threat actor
•  Map DNS, HTTP, and threat intelligence data together
•  Identify a correlation rule to distinguish the most significant alert from a given set of events from multiple data sources using the firepower management console
•  Compare and contrast deterministic and probabilistic analysis

 הכנה למבחן הסמכה

•  Compare data formats (XML, JSON, and YAML)
•  Describe parsing of common data format (XML, JSON, and YAML) to Python data structures
•  Describe the concepts of test-driven development
•  Compare software development methods (agile, lean, and waterfall)
•  Explain the benefits of organizing code into methods / functions, classes, and modules
•  Identify the advantages of common design patterns (MVC and Observer)
•  Explain the advantages of version control
• Utilize common version control operations with Git

 Understanding and Using APIs

•  Construct a REST API request to accomplish a task given API documentation
•  Describe common usage patterns related to webhooks
•  Identify the constraints when consuming APIs
•  Explain common HTTP response codes associated with REST APIs
•  Troubleshoot a problem given the HTTP response code, request and API documentation
•  Identify the parts of an HTTP response (response code, headers, body)
•  Utilize common API authentication mechanisms: basic, custom token, and API keys
•  Compare common API styles (REST, RPC, synchronous, and asynchronous)
•  Construct a Python script that calls a REST API using the requests library

Cisco Platforms and Development

•  Construct a Python script that uses a Cisco SDK given SDK documentation
•  Describe the capabilities of Cisco network management platforms and APIs (Meraki, Cisco DNA Center, ACI, Cisco SD-WAN, and NSO)
•  Describe the capabilities of Cisco compute management platforms and APIs (UCS Manager, UCS Director, and Intersight)
•  Describe the capabilities of Cisco collaboration platforms and APIs (Webex Teams, Webex devices, Cisco Unified Communication Manager including AXL and UDS interfaces, and Finesse)
•  Describe the capabilities of Cisco security platforms and APIs (Firepower, Umbrella, AMP, ISE, and ThreatGrid)
•  Describe the device level APIs and dynamic interfaces for IOS XE and NX-OS
•  Identify the appropriate DevNet resource for a given scenario (Sandbox, Code Exchange, support, forums, Learning Labs, and API documentation)
•  Apply concepts of model driven programmability (YANG, RESTCONF, and NETCONF) in a Cisco environment
•  Construct code to perform a specific operation based on a set of requirements and given API reference documentation

 Application Deployment and Security

• Describe benefits of edge computing
•  Identify attributes of different application deployment models (private cloud, public cloud, hybrid cloud, and edge)
•  Identify the attributes of these application deployment types
•  Describe components for a CI/CD pipeline in application deployments
•  Construct a Python unit test
•  Interpret contents of a Dockerfile
• Utilize Docker images in local developer environment
•  Identify application security issues related to secret protection, encryption (storage and transport), and data handling
•  Explain how firewall, DNS, load balancers, and reverse proxy in application deployment
•  Describe top OWASP threats (such as XSS, SQL injections, and CSRF)
•  Utilize Bash commands (file management, directory navigation, and environmental variables)
•  Identify the principles of DevOps practices

 Infrastructure and Automation

•  Describe the value of model driven programmability for infrastructure automation
•  Compare controller-level to device-level management
•  Describe the use and roles of network simulation and test tools (such as VIRL and pyATS)
• Describe the components and benefits of CI/CD pipeline in infrastructure automation
•  Describe principles of infrastructure as code
•  Describe the capabilities of automation tools such as Ansible, Puppet, Chef, and Cisco NSO
•  Identify the workflow being automated by a Python script that uses Cisco APIs including ACI, Meraki, Cisco DNA Center, or RESTCONF
•  Identify the workflow being automated by an Ansible playbook (management packages, user management related to services, basic service configuration, and start/stop)
•  Identify the workflow being automated by a bash script (such as file management, app install, user management, directory navigation)
•  Interpret the results of a RESTCONF or NETCONF query
•  Interpret basic YANG models
•  Interpret a unified diff
•  Describe the principles and benefits of a code review process
•  Interpret sequence diagram that includes API calls

 הכנה למבחן הסמכה