安全CCIE lab 考试大纲

　　 

Bridging and Switching
Basic frame relay configuration
Catalyst VLAN configuration
Catalyst VTP configuration
Port-VLAN assignments
Basic ATM configuration (To be removed from the exam as of January 1, 2006.)

Catalyst management and security
802.1x
Traffic control and congestion management
Catalyst features and advanced catalyst configuration

IGP Routing
OSPF, EIGRP and RIP configurations
OSPF, EIGRP and RIP security
PIX routing
VPN3000 routing
Route filtering, redistribution, summarization and other advanced IGP features

 

PIX Firewall
Basic PIX configuration
Management
Address translation (NAT, global, static)
ACL, conduit
Routing
Object groups
VLANs
AAA
VPN
DHCP
PPPoE
Filtering
Fixup protocols
Other advanced PIX features

 

ISDN
Basic configuration (To be removed from the exam as of January 1, 2006.)
ODR, DDR, dial-backup, callback, authentication (To be removed from the exam as of January 1, 2006.)
Routing over ISDN (To be removed from the exam as of January 1, 2006.)
Advanced ISDN features (To be removed from the exam as of January 1, 2006.)

 

BGP
Basic IBGP, EBGP and BGP backbone configurations
BGP security
Summarization, filtering and advanced BGP features

IP/IOS Features
IP services
QoS
NAT/PAT
NTP
DHCP
SNMP
IOS features and user interfaces
File management, system management and advanced IP/IOS features

AAA
Tacacs+
Radius
Switch and router management
PIX management
VPN3000 management
Proxy authentication
Service authentication FTP, te.net, HTTP, other
Advanced AAA features

VPN
IPSec LAN-to-LAN (IOS/ PIX/ VPN3000)
DMVPN
Pre-shared
CA (PKI)
Remote aclearcase/" target="_blank" >ccess VPN (IOS/ PIX/ VPN3000)
VPN3000 concentrator
Unity client
WebVPN
EzVPN Hardware client (IOS/ PIX)
Xauth, split-tunnel, RRI, NAT-T
High availability
IPSec redundancy
QoS for VPN
GRE, mGRE
L2TP
PPTP
Advanced VPN features

IOS Firewall
CBAC
Audit
Auth Proxy
PAM
Access control
Performance tuning
Advanced IOS firewall features

Advanced Security
DoS/DDoS attacks
Network/ Host attacks
Packet marking techniques
Mitigation techniques
Security RFCs
Service provider security
Black holes, sink holes
Access lists (standard, extended, named)
Lock-and-Key access-list
Reflexive access-list
TCP intercept
uRPF
CAR
NBAR
Netflow
802.1x
PBR
Flooding
Spoofing
Policing
Fragmentation
Sniffer traces
Device security and management (telnet, SSH, pwd, priv lvls)
Other advanced features

Intrusion Detection System
IDS sensor appliance 42XX
Sensor configuration
Signature tuning
Shunning
TCP resets
Sensor features
IDM
IEV
IOS IDS
PIX IDS
SPAN, RSPAN
Advanced IDS features

原文转自：http://www.ltesting.net