CCNP Security SIMOS

CCNP Security SIMOS
Starts from:Wed, October 27, 2021
Location

11 Al Razi Street,Cairo,Nasr City,Egypt

Map it
Course Feature
  • Categroy IT-Security
  • Vendor Cisco
  • Duration 40 Hours
  • Exam 300-209
Class Description

This is the Third Certification course of CCNP Security Certification which includes the following courses :

Implementing Cisco Secure Access Solutions (SISAS)
Implementing Cisco Edge Network Security Solutions (SENSS)
Implementing Cisco Secure Mobility Solutions (SIMOS)
Implementing Cisco Threat Control Solutions (SITCS)

Implementing Cisco Secure Mobility Solutions (SIMOS)

  1. This is a new course that is part of the recommended training for the Cisco Certified Network Professional Security (CCNP© Security) certification.
  2. This course will prepare you with the knowledge and skills needed to protect data traversing a public or shared infrastructure such as the Internet by implementing and maintaining Cisco VPN solutions.
  3. You will gain hands-on experience with configuring and troubleshooting remote access and site-to-site VPN solutions using Cisco ASA adaptive security appliances and Cisco IOS routers.

The Role of VPNs in Network Security

VPN Definition
Key Threats to WANs and Remote Access
Cisco Modular Network Architecture and VPNs
VPN Types
VPN Components
Secure Communication and Cryptographic Services
Cryptographic Algorithms
Cryptography and Confidentiality
Cryptography and Integrity
Cryptography and Authentication
Cryptography and Nonrepudiation
Keys in Cryptography
Public Key Infrastructure
Next-Generation Encryption
Dependencies in Cryptographic Services
Cryptographic Controls Guidelines

Secure Site-to-Site Connectivity Solutions

Site-to-Site VPN Topologies and Technologies
IPsec VPN Overview
Internet Key Exchange v1 and v2
Security Payload Encapsulation
IPsec Virtual Tunnel Interface
Dynamic Multipoint VPN
Cisco IOS FlexVPN
Overview of Point-to-Point IPsec VPNs on the Cisco ASA
Configuration Tasks for Basic Point-to-Point Tunnels on the Cisco ASA
Enable IKE on an Interface
Configure IKE Policy
Configure PSKs
Choose Transform Set and VPN Peer
Choose Traffic for VPN
Configure Site-to-Site VPN with Connection Profiles Menu
Verify and Troubleshoot Basic Point-to-Point Tunnels on the Cisco ASA
Overview of Cisco IOS VTIs
Configure Static VTI Point-to-Point Tunnels
Verify Static VTI Point-to-Point Tunnels
Configure Dynamic VTI Point-to-Point Tunnels
Verify Dynamic VTI Point-to-Point Tunnels
Overview of Cisco IOS DMVPN
DMVPN Solution Components
GRE
NHRP
DMVPN

Cisco IOS Site-to-Site FlexVPN Solutions

FlexVPN Overview
Public Key Infrastructure (PKI)
Site-to-Site VPN Topologies
FlexVPN Architecture
FlexVPN Configuration Overview
FlexVPN Capabilities
IKEv2 vs. IKEv1 Overview
IKEv2 Message Exchange
IKEv2 DoS Prevention
IKEv1 and IKEv2 Comparison
FlexVPN Use Cases
Point-to-Point FlexVPN
FlexVPN Configuration Blocks
IKEv2 Profile
Smart Defaults
Manipulating Default Values
Negotiating IKEv2 Proposals
Point-to-Point VPN Scenario with IPv4 Static Routes
Configure and Verify Point-to-Point VPN with IPv4 Static Routes
Point-to-Point VPN Scenario with OSPFv3
Configure and Verify Point-to-Point VPN with OSPFv3
Enroll Devices to ECDSA PKI
Configure Router for ECDSA
Configure ASA for ECDSA
Verify EC Key Pairs and Certificates
Verify IKEv2 SA
Verify IPsec SA
Verify Point-to-Point FlexVPN (just flowchart and important show/debug command output)
Cisco IOS FlexVPN
IKEv2 Configuration Payload
Locally Managed Hub-and-Spoke Scenario
Configure a Spoke in a Hub-and-Spoke Scenario
Configure a Hub in a Hub-and-Spoke Scenario
Configuration Exchange
Verify and Troubleshoot Hub-and-Spoke FlexVPN
Spoke-to-Spoke Shortcut Scenario
NHRP in FlexVPN
Configure and Verify a Spoke in a Spoke-to-Spoke Shortcut Scenario
Configure and Verify a Hub in a Spoke-to-Spoke Shortcut Scenario
RADIUS-Managed FlexVPN Scenario
Verify Spoke-to-Spoke Shortcut Switching
Troubleshoot Spoke-to-Spoke Shortcut Switching (just flowchart and important show/debug command output)

SSL VPNs

Components
SSL/TLS
Overview of group policies and connection profiles
Basic Cisco Clientless SSL VPN
Solution Components
Configure ASA gateway
Configure basic authentication
Configure access control (including URL entry and bookmarks)
Verify basic clientless SSL VPN
Troubleshoot basic clientless SSL VPN
Deploying Application Access options (plug-ins, smart tunnels)
Configure and verify plugins
Configure and verify smart tunnels
Troubleshoot plugins and smart tunnel
Advanced Authentication in Cisco Clientless SSL VPN Solution Components
Configure and verify Certificate based Authentication
Configure and Verify External Authentication
Troubleshoot Advanced Authentication in Clientless SSL VPN

Cisco AnyConnect VPNs

IP Address assignment
Split Tunneling
Basic Cisco AnyConnect SSL VPN
Configure ASA for Basic AnyConnect SSL VPN
Configure Basic Cisco Authentication
Configure Access Control
Verify and Troubleshoot Basic Cisco AnyConnect SSL VPN
DTLS
Cisco AnyConnect Client Configuration Management
Cisco AnyConnect Client Operating System Integration Options
Cisco AnyConnect Start Before Logon
Cisco AnyConnect Trusted Network Detection
Configure, Verify and Troubleshoot Cisco AnyConnect Start Before Logon
Cisco AnyConnect Trusted Network Detection
AnyConnect Support for IPSec/IKEv2
Configure a Cisco AnyConnect IPsec/IKEv2 VPNs on a Cisco ASA Adaptive SecurityAppliance
Verify and Troubleshoot Cisco AnyConnect IPsec/IKEv2 VPNs on Cisco ASA
Cisco AnyConnect Advanced Authentication Scenarios
External Authentication
Certificate-Based Server Authentication
Configure and Verify Certificate-Based Client Authentication
SCEP Proxy
Local Authorization
External Authentication and Authorization Scenario
Configure External Authentication and Authorization
Troubleshoot Advanced Authentication and Authorization in Cisco AnyConnect VPNs

Endpoint Security and Dynamic Access Policies

Cisco HostScan Overview
Cisco HostScan Prelogin Assessment
Install Cisco HostScan
Configure Prelogin Criteria and Prelogin Policy
Configure Host Scan Endpoint Assessment
Configure Host Scan Advanced Endpoint Assessment
DAP

By the end of this course, you will be able to:

  1. Describe the various VPN technologies and deployments as well as the cryptographic algorithms and protocols that provide VPN security
  2. Implement and maintain Cisco site-to-site VPN solutions
  3. Deploy Cisco FlexVPN in point-to-point, hub-and-spoke and spoke-to-spoke IPsec VPNs
  4. Implement Cisco clientless SSL VPNs
  5. Implement and maintain Cisco AnyConnect SSL and IPsec VPNs
  6. Deploy endpoint security and dynamic access policies (DAP)

  1. Network Security Engineers
  2. Network Engineers
  3. Network Designers and Administrators
  4. Network Managers
  5. System Engineers