Course Details

Previous Page


SENSS 1.0: Threat Controls Deployment on Cisco IOS Software


Overview/Description
Target Audience
Prerequisites
Expected Duration
Lesson Objectives
Course Number



Overview/Description
Cisco IOS Software Threat Control features provide security controls that can establish flexible network access control policies between security domains (zones), into which enterprise networks are often partitioned. This course provides configuration, verification, troubleshooting, and general deployment guidelines for security controls that are available with Cisco IOS Threat Control features.

Target Audience
Anyone wishing to obtain the Implementing Cisco Edge Network Security Solutions (SENSS) v1.0 certification; one of four designed for the CCNP Security track from Cisco. Knowledge of Cisco Certified Network Associate (CCNA) certification is required and knowledge of Cisco Certified Network Associate (CCNA) Security certification and Knowledge of Microsoft Windows Operating System are helpful. Note: Candidates who have a valid CCNA Routing and Switching certification AND have passed either Securing Cisco Network Devices exams 642-551 or 642-552 can act as a prerequisite valid only through December 31, 2014.

Prerequisites
None

Expected Duration (hours)
2.1

Lesson Objectives

SENSS 1.0: Threat Controls Deployment on Cisco IOS Software

  • start the course
  • identify features of the Zone-Based Policy Firewall
  • describe how to configure Zone-Based Policy Firewall zones and zone pairs
  • identify characteristics of Cisco Common Classification Policy Language (C3PL)
  • analyze a basic OSI Layer 3 and 4 interzone access policy class map configuration
  • describe C3PL policy map functions
  • identify default interface rules a router network interface is subject to in a Zone-Based Policy Firewall configuration
  • identify the tasks required to configure the Zone-Based Policy Firewall with a basic (Layer 3 and 4) interzone access control policy
  • apply policy maps to zone pairs in a given scenario
  • verify a basic OSI Layer 3 and 4 interzone access policy
  • describe features of a basic OSI Layer 3 and 4 intrazone access policy
  • describe the concept of the self zone within a Zone-Based Policy Firewall inspection of control plane and management plane traffic configuration
  • configure an inbound policy for the self zone
  • identify features of the TCP normalizer
  • describe the use of parameter maps
  • analyze a Zone-Based Policy Firewall configuration where the stateful engine and connection settings have been tuned
  • describe how to integrate Zone-Based Policy Firewall with Cisco IOS Software NAT configuration
  • describe how to troubleshoot the operation of basic Zone-Based Policy Firewall functions
  • describe application layer filtering functions
  • describe Cisco IOS Zone-Based Policy Firewall HTTP inspector
  • identify the tasks required to configure HTTP inspection
  • create an HTTP inspection class map
  • verify HTTP inspection on Cisco IOS Zone-Based Policy Firewall
  • describe how Zone-Based Policy Firewall supports inspection for other application layer protocols
  • describe URL filtering methods on Cisco IOS Zone-Based Policy Firewall
  • configure Cisco IOS HTTP inspection in a given scenario
  • Course Number:
    cc_sens_a09_it_enus