实施思科安全威胁控制解决方案考试要点
实施思科安全威胁控制解决方案(SITCS)主要检验考生作为网络安全工程师是否能够利用访问和身份策略,掌握高级防护墙架构以及配置思科下一代防火墙。一些旧的技术已被删除,包括Cisco Firepower NGIPS以及Cisco AMP(高级恶意软件防护)。 该考试涵盖入侵防御系统(IPS)、事件感知的防火墙组件以及Web(云)和电子邮件安全解决方案。
Exam Description
The Implementing Cisco Threat Control Solutions (SITCS) exam (300-210) is part of the CCNP Security certification. It tests a network security engineer on advanced firewall architecture and configuration with the Cisco next-generation firewall, utilizing access and identity policies. This new revision of the SITCS exam replaces 300-207, removes some older technologies, and adds coverage for both Cisco Firepower NGIPS and Cisco AMP (Advanced Malware Protection). This 90-minute exam consists of 65–75 questions and covers integration of Intrusion Prevention System (IPS) and context-aware firewall components, as well as Web (Cloud) and Email Security solutions. Candidates can prepare for this exam by taking the Implementing Cisco Threat Control Solutions (SITCS) course.
The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.
Download Complete List of Topics in PDF format
1.0 Content Security27%Hide Details
1.1 Cisco Cloud Web Security (CWS)
1.1.a Describe the features and functionality
1.1.b Implement the IOS and ASA connectors
1.1.c Implement the Cisco AnyConnect web security module
1.1.d Implement web usage control
1.1.e Implement AVC
1.1.f Implement antimalware
1.1.g Implement decryption policies
1.2 Cisco Web Security Appliance (WSA)
1.2.a Describe the features and functionality
1.2.b Implement data security
1.2.c Implement WSA identity and authentication, including transparent user identification
1.2.d Implement web usage control
1.2.e Implement AVC
1.2.f Implement antimalware and AMP
1.2.g Implement decryption policies
1.2.h Implement traffic redirection and capture methods (explicit proxy vs. transparent proxy)
1.3 Cisco Email Security Appliance
1.3.a Describe the features and functionality
1.3.b Implement email encryption
1.3.c Implement antispam policies
1.3.d Implement virus outbreak filter
1.3.e Implement DLP policies
1.3.f Implement antimalware and AMP
1.3.g Implement inbound and outbound mail policies and authentication
1.3.h Implement traffic redirection and capture methods
1.3.i Implement ESA GUI for message tracking
2.0 Network Threat Defense22%Hide Details
2.1 Cisco Next-Generation Firewall (NGFW) Security Services
2.1.a Implement application awareness
2.1.b Implement access control policies (URL-filtering, reputation based, file filtering)
2.1.c Configure and verify traffic redirection
2.1.d Implement Cisco AMP for Networks
2.2 Cisco Advanced Malware Protection (AMP)
2.2.a Describe cloud detection technologies
2.2.b Compare and contrast AMP architectures (public cloud, private cloud)
2.2.c Configure AMP endpoint deployments
2.2.d Describe analysis tools
2.2.e Describe incident response functionality
2.2.f Describe sandbox analysis
2.2.g Describe AMP integration
3.0 Cisco FirePOWER Next-Generation IPS (NGIPS)20%Hide Details
3.1 Configurations
3.2 Describe traffic redirection and capture methods
3.2.a Describe preprocessors and detection engines
3.2.b Implement event actions and suppression thresholds
3.2.c Implement correlation policies
3.2.d Describe SNORT rules
3.2.e Implement SSL decryption policies
3.3 Deployments
3.3.a Deploy inline or passive modes
3.3.b Deploy NGIPS as appliance, virtual appliance, or module within an ASA
3.3.c Describe the need for traffic symmetry
3.3.d Compare inline modes: inline interface pair and inline tap mode
4.0 Security Architectures17%Hide Details
4.1 Design a web security solution
4.1.a Compare and contrast Cisco FirePOWER NGFW, WSA, and CWS
4.1.b Compare and contrast physical WSA and virtual WSA
4.1.c Describe the available CWS connectors
4.2 Design an email security solution
4.2.a Compare and contrast physical ESA and virtual ESA
4.2.b Describe hybrid mode
4.3 Design Cisco FirePOWER solutions
4.3.a Configure the virtual routed, switched, and hybrid interfaces
4.3.b Configure the physical routed interfaces
5.0 Troubleshooting, Monitoring, and Reporting Tools14%Hide Details
5.1 Design a web security solution
5.1.a Compare and contrast FirePOWER NGFW, WSA, and CWS
5.1.b Compare and contrast physical WSA and virtual WSA
5.1.c Describe the available CWS connectors
5.2 Cisco Web Security Appliance (WSA)
5.2.a Implement the WSA Policy Trace tool
5.2.b Describe WSA reporting functionality
5.2.c Troubleshoot using CLI tools
5.3 Cisco Email Security Appliance (ESA)
5.3.a Implement the ESA Policy Trace tool
5.3.b Describe ESA reporting functionality
5.3.c Troubleshoot using CLI tools
5.4 Cisco FirePOWER
5.4.a Describe the Cisco FirePOWER Management Center dashboards and reports
5.4.b Implement health policy
5.4.c Configure email, SNMP, and syslog alerts
5.4.d Troubleshoot NGIPS using CLI tools
-
思科认证辅导:cisco路由器忘记密码恢复
路由器忘记密码是很常见也是很麻烦的事情,这个时候就需要我们恢复下密码。恢复密码的主要步骤是:1.中断路由器启动ctrl+break键2.更改配置寄存器的值为0x21423.重启路由器4.查看保存的配置文件中enable密码5.重设enable密码6.保存配置7.更改配置寄存器的值为0x21...
-
虚拟局域网(VLAN)路由设置
虚拟网络技术打破了地理环境的制约,在不改动网络物理连接的情况下可以任意将工作站在工作组或子网之间移动,工作站组成逻辑工作组或虚拟子网,提高信息系统的运作性能,均衡网络数据流量,合理利用硬件及信息资源。下面小编准备了关于虚拟局域网(VLAN)路由设置的.文章,...
-
2016年思科认证CCNA报考指南
CCNA认证(CCNA-Cisco认证网络支持工程师)是整个Cisco认证体系中最初级的认证,同时它也是获得CCNP认证、CCDP认证和CCSP认证的必要条件(CCIP认证、CCIE认证不强制要求),而且许多Cisco专业认证(CiscoQualifiedSpecialist)也要求考生首先得具备的CCNA认证。报考CCNA...
-
思科认证CCIE路由和交换笔试大纲
TheCCIEwrittenexamisatwo-hourqualificationexam.Theexamusesacombinationof90-110multiplechoicequestionsandsimulationstoassessskills.Examsareclosedbookandnoreferencematerialsareallowed.Thefollowingtopicsaregeneralguidelinesforthecontentlikelyt...