安全CCIE lab 考试大纲

    Bridging and Switching
　　Basic frame relay configuration
　　Catalyst VLAN configuration
　　Catalyst VTP configuration
　　Port-VLAN assignments
　　Basic ATM configuration (To be removed from the exam as of January 1, 2006.)
　　Catalyst management and security
　　802.1x
　　Traffic control and congestion management
　　Catalyst features and advanced catalyst configuration


　　IGP Routing
　　OSPF, EIGRP and RIP configurations
　　OSPF, EIGRP and RIP security
　　PIX routing
　　VPN3000 routing
　　Route filtering, redistribution, summarization and other advanced IGP features

　　

　　PIX Firewall
　　Basic PIX configuration
　　Management
　　Address translation (NAT, global, static)
　　ACL, conduit
　　Routing
　　Object groups
　　VLANs
　　AAA
　　VPN
　　DHCP
　　PPPoE
　　Filtering
　　Fixup protocols
　　Other advanced PIX features

　　


　　ISDN
　　Basic configuration (To be removed from the exam as of January 1, 2006.)
　　ODR, DDR, dial-backup, callback, authentication (To be removed from the exam as of January 1, 2006.)
　　Routing over ISDN (To be removed from the exam as of January 1, 2006.)
　　Advanced ISDN features (To be removed from the exam as of January 1, 2006.)

　　


　　BGP
　　Basic IBGP, EBGP and BGP backbone configurations
　　BGP security
　　Summarization, filtering and advanced BGP features


　　IP/IOS Features
　　IP services
　　QoS
　　NAT/PAT
　　NTP
　　DHCP
　　SNMP
　　IOS features and user interfaces
　　File management, system management and advanced IP/IOS features


　　AAA
　　Tacacs+
　　Radius
　　Switch and router management
　　PIX management
　　VPN3000 management
　　Proxy authentication
　　Service authentication FTP, telnet, HTTP, other
　　Advanced AAA features


　　VPN
　　IPSec LAN-to-LAN (IOS/ PIX/ VPN3000)
　　DMVPN
　　Pre-shared
　　CA (PKI)
　　Remote access VPN (IOS/ PIX/ VPN3000)
　　VPN3000 concentrator
　　Unity client
　　WebVPN
　　EzVPN Hardware client (IOS/ PIX)
　　Xauth, split-tunnel, RRI, NAT-T
　　High availability
　　IPSec redundancy
　　QoS for VPN
　　GRE, mGRE
　　L2TP
　　PPTP
　　Advanced VPN features


　　IOS Firewall
　　CBAC
　　Audit
　　Auth Proxy
　　PAM
　　Access control
　　Performance tuning
　　Advanced IOS firewall features


　　Advanced Security
　　DoS/DDoS attacks
　　Network/ Host attacks
　　Packet marking techniques
　　Mitigation techniques
　　Security RFCs
　　Service provider security
　　Black holes, sink holes
　　Access lists (standard, extended, named)
　　Lock-and-Key access-list
　　Reflexive access-list
　　TCP intercept
　　uRPF
　　CAR
　　NBAR
　　Netflow
　　802.1x
　　PBR
　　Flooding
　　Spoofing
　　Policing
　　Fragmentation
　　Sniffer traces
　　Device security and management (telnet, SSH, pwd, priv lvls)
　　Other advanced features


　　Intrusion Detection System
　　IDS sensor appliance 42XX
　　Sensor configuration
　　Signature tuning
　　Shunning
　　TCP resets
　　Sensor features
　　IDM
　　IEV
　　IOS IDS
　　PIX IDS
　　SPAN, RSPAN
　　Advanced IDS features

来源：网络收集 编辑：小白

【投稿】【打印】【关闭】