保護思科無線企業網絡考試要點

保護思科無線企業網絡考試要點

　　保護思科無線企業網絡(300-375)是獲得思科CCNP認證需要通過的一項考試。考試時間為90分鐘，包括60-70道考題。WISECURE(300-375)考試證明通過的考生具備實施客戶端設備安全，基于身份認證和服務，以及保護和監控企業無線基礎設施。

　　以下是保護思科無線企業網絡(300-375)考試的主要內容和考點。

　　1.0 Integrate Client Device Security19%Hide Details

　　1.1. Describe Extensible Authentication Protocol (EAP) authentication process

　　1.2. Configure client for secure EAP authentication

　　1.2.a. Native OS (iOS, Android, Windows, MAC OS, year 2013+) or AnyConnect client

　　1.3. Describe the impact of security configurations on application and client roaming

　　1.3.a. Key caching

　　1.3.b. 802.11r

　　1.4. Implement 802.11w Protected Management Frame (PMF) on the WLAN

　　1.4.a. Client support

　　1.4.b. PMF modes

　　1.4.c. Relevant timer settings

　　1.5. Implement Cisco Management Frame Protection (MFP)

　　1.5.a. Cisco Compatible Extensions (CCX)

　　1.5.b. Infrastructure mode

　　1.5.c. Client and infrastructure mode

　　1.6. Describe and configure client profiling

　　1.6.a. ISE

　　1.6.b. WLC

　　2.0 Implement Secure Distribution System Connectivity Services on the Wireless Infrastructure24%Hide Details

　　2.1. Describe the impact of BYOD on wireless security

　　2.1.a Additional security risks

　　2.1.b Loss of device control

　　2.1.c Increased complexity of policy enforcement

　　2.2. Implement BYOD policies

　　2.2.a. Single vs dual SSID

　　2.2.b.Self registration

　　2.2.c. mDNS sharing

　　2.2.d.Wi-Fi Direct

　　2.3. Implement AAA based Layer 3 security on the controller

　　2.3.a. Local Web Auth (LWA)

　　2.3.a.[i] External authentication)

　　2.3.a.[ii] Locally significant certificates

　　2.3.a.[iii] Pre-authentication ACL

　　2.3.a.[iv] Pass through configuration

　　2.4. Describe regulatory compliance considerations for protecting data and access and providing accountability

　　2.4.a. PCI

　　2.5. Utilize security audit tools for Distribution Systems

　　2.5.a. PI reports

　　2.5.b. PCI audit

　　3.0 Implement Secure Client Connectivity Services on the Wireless Infrastructure27%Hide Details

　　3.1. Implement 802.1x wireless client authentication

　　3.1.a. AireOS

　　3.1.a.[i] Local

　　3.1.a.[ii] Central

　　3.1.b. IOS-XE

　　3.1.c. Autonomous

　　3.1.c.[i] Local authentication

　　3.1.c.[ii] Remote authentication

　　3.1.d. FlexConnect

　　3.1.d.[i] Local authentication

　　3.1.d.[ii] Remote authentication

　　3.2. Implement Identity Based Networking (IBN)

　　3.2.a. AireOS

　　3.2.a.[i] VLANs

　　3.2.a.[ii] QoS

　　3.2.a.[iii] ACLs

　　3.2.b. IOS-XE

　　3.2.b.[i] VLANs

　　3.2.b.[ii] QoS

　　3.2.b.[iii] ACLs

　　3.2.c. Autonomous

　　3.2.c.[i] VLAN

　　3.2.d. FlexConnect

　　3.2.d.[i] VLAN

　　3.2.d.[ii] ACLs

　　3.2.d.[iii] QoS

　　3.3. Implement ISE AAA parameters for integration with the wireless network

　　3.3.a. Network device

　　3.3.b. IBN profile

　　3.4. Implement AAA based Layer 3 security using ISE

　　3.4.a. Utilizing ISE as AAA service

　　3.4.a.[i] Locally significant certificates on ISE

　　3.4.a.[ii] Using captive portal capabilities for guest access

　　3.4.b. Central Web Auth (CWA

　　3.4.b.[i] Returned values and overrides

　　3.4.b.[ii] Access accept

　　3.4.b.[iii] AAA override statement

　　3.5. Configure MSE based web authentication

　　3.6. Utilize security audit tools for client connectivity

　　3.6.a. PI reports

　　3.6.b. PCI audit

　　4.0 Implement Secure Management Access on the WLAN Infrastructure14%Hide Details

　　4.1. Controlling administrative access to the wireless infrastructure

　　4.1.a. RADIUS

　　4.1.b. TACACS

　　4.1.c. Controller and ISE integration

　　4.1.d. Access point administration credentials

　　4.2. Configure APs and switches for 802.1x access to the wired infrastructure

　　4.2.a. Controller based

　　4.2.b. Autonomous

　　4.3. Implement SNMPv3 on the wireless infrastructure

　　4.3.a. AireOS

　　4.3.b. IOS-XE

　　4.3.c. Autonomous

　　5.0 Monitoring Security on the WLAN Infrastructure16%Hide Details

　　5.1. Execute Security reports on PI

　　5.2. Perform Rogue Management

　　5.2.a. Rogue Containment on WLC and PI

　　5.2.b. RLDP on WLC and PI

　　5.2.c. SwitchPort tracing on PI

　　5.2.d. Location on PI

　　5.2.e. Rogue Rules on WLC and PI

　　5.3. Monitor rogue APs and clients

　　5.3.a. PI Maps

　　5.3.b. Controller

　　5.4. Monitor Alarms

　　5.4.a. 2 items

　　5.4.b. PI Security Tab

　　5.4.c. Controller Trap Logs

　　5.5. Identify RF related Security interferers on WLC and PI Maps

　　5.5.a. Jammers

　　5.5.b. Inverted Wi-Fi

　　5.5.c. Wi-Fi invalid channel

　　5.6. Implement wIPS

　　5.6.a. Enhanced Local Mode (ELM)

【保護思科無線企業網絡考試要點】相關文章：

實施思科統一無線語音網絡IUWVN考試要點06-30

思科網絡安全運營考試要點09-07

思科認證CUWSS考試要點08-02

思科認證CLDFND考試要點07-19

思科認證ARCH考試要點08-15

思科認證SIMOS考試要點09-06

思科CCIE安全實驗考試要點09-13

思科認證互聯網專家無線CCIE筆試要點07-16

實施思科IP交換網絡（SWITCH 642-813）考試要點09-03

思科入門級網絡認證路由和交換綜合考試要點10-05