That's IT - Contents At A Glance

I. Pre - Qualifications:

0 . Hardware i.e. A+ & S+

1. Software

Operating Systems:

Desktop OS - WIN 7, WIN 8, WIN 10, RHEL 7, MAC-OS

Server OS - WIN 2012, WIN 2016, RHEL 7...

Virtualization OS - vmWARE, Citrix, Hyper-V, Oracle Virtual Box....

Cloud OS - Azure, Open-stack, Blue-mix, Amazon Web Services Cloud

Inter-networking OS - Cisco IOS, IOS XE, IOS XR, NX-OS, JunOS,

Database: SQL & Oracle - Data warehousing, Data Mining...

Programming Languages:C, C++, JAVA, Ruby, Linux, Shell Scripting, TCL/TK, Perl, Python, go...

Testing : Manual & Tools

2. Networking i.e. N+ & SEC+

II. Basic/Core Tracks:

3. Routing & Switching

1. Network Fundamentals:

OSI & TCP/IP Models, TCP & UDP Protocols, Infra components{Firewall, Access points, Wireless controllers}, Cloud {Internal & External cloud services, Virtual services, Virtual NW Infra}, Collapsed core & three-tier arch, Topologies {Star, Mesh, Hybrid}, Cabling, TSHOOT methodologies, IPV4 addressing & Subnetting, Ipv6 (Auto & Stateless Config}, IPv6 address types {Global unicast, Unique local, Link Local, Multicast, modified EUI-64, Anycast}

CEF {FIB & Adjacency table}, Challenges {unicast, Out-of-order packets, Asymmetric routing}, IP Operations {ICMP Unreachable & Redirects, IPv4 & IPv6 Fragmentation, TTL}, TCP Operations {IPv4 & IPv6[P] MTU, MSS, Latency, windowing, Bandwidth-delay, Global Synchronization}, UDP Operations {Starvation & Latency}, Changes {Parameters, IPv6, Routing Protocol}

Use Cisco IOS troubleshooting tools {Debug, conditional debug, Ping and trace route with extended options,

Apply troubleshooting methodologies {Diagnose the root cause of networking issues (analyze symptoms, identify and describe root cause), Design and implement valid solutions, Verify and monitor resolution}

10% 1.0 Network Principles; 1.1 Network theory 1.1.a Describe basic software architecture differences between IOS and IOS XE, 1.1.a [i] Control plane and Forwarding plane,1.1.a [ii] Impact to troubleshooting and performances, 1.1.a [iii] Excluding specific platform's architecture, 1.1.b Identify Cisco express forwarding concepts, 1.1.b [i] RIB, FIB, LFIB, Adjacency table, 1.1.b [ii] Load balancing Hash, 1.1.b [iii] Polarization concept and avoidance, 1.1.c Explain general network challenges,1.1.c [i] Unicast flooding, 1.1.c [ii] Out of order packets, 1.1.c [iii] Asymmetric routing, 1.1.c [iv] Impact of micro burst, 1.1.d Explain IP operations, 1.1.d [i] ICMP unreachable, redirect, 1.1.d [ii] IPv4 options, IPv6 extension headers, 1.1.d [iii] IPv4 and IPv6 fragmentation, 1.1.d [iv] TTL, 1.1.d [v] IP MTU, 1.1.e Explain TCP operations, 1.1.e [i] IPv4 and IPv6 PMTU, 1.1.e [ii] MSS, 1.1.e [iii] Latency, 1.1.e [iv] Windowing, 1.1.e [v] Bandwidth delay product, 1.1.e [vi] Global synchronization, 1.1.e [vii] Options, 1.1.f Explain UDP operations 1.1.f [i] Starvation, 1.1.f [ii] Latency, 1.1.f [iii] RTP/RTCP concepts 1.2 Network implementation and operation 1.2.a Evaluate proposed changes to a network, 1.2.a [i] Changes to routing protocol parameters, 1.2.a [ii] Migrate parts of a network to IPv6, 1.2.a [iii] Routing protocol migration, 1.2.a [iv] Adding multicast support, 1.2.a [v] Migrate spanning tree protocol, 1.2.a [vi] Evaluate impact of new traffic on existing QoS design 1.3 Network troubleshooting 1.3.a Use IOS troubleshooting tools, 1.3.a [i] debug, conditional debug, 1.3.a [ii] ping, traceroute with extended options,1.3.a [iii] Embedded packet capture, 1.3.a [iv] Performance monitor, 1.3.b Apply troubleshooting methodologies, 1.3.b [i] Diagnose the root cause of networking issue [analyze symptoms, identify and describe root cause], 1.3.b [ii] Design and implement valid solutions according to constraints, 1.3.b [iii] Verify and monitor resolution 1.3.c Interpret packet capture, 1.3.c [i] Using Wireshark trace analyzer, 1.3.c [ii] Using IOS embedded packet capture

2. LAN Switching Technologies

Concepts {Mac learning & aging, Frame switching, Frame flooding, MAC address table}, Ethernet frame format, TSHOOT {collisions, errors, duplex, speed}, VLANS{Normal/extended range, access ports –data/voice,}, Interswitch connectivity {Trunk, Pruning, DTP, VTP {v1 & v2} & 802.1Q, Native VLAN}, STP {mode {PVST+, RPVSTP+} & root bridge selection}, STP features {Port fast, BPDU guard}, Layer 2 protocols{CDP & LLDP}, Etherchannel {Layer2/Layer3 – static, PAGP & LACP}, Switching Stacking & Chassis aggregation

SDM Templates, Managing MAC Address table, Troubleshoot Err-Disable Recovery, CDP, LLDP, UDLD, VLAN - Access Ports, VLAN database, Normal, Extended VLAN, Voice VLAN, Trunking - VTPv1, VTPv2, VTPv3, VTP Pruning, dot1Q, Native VLAN, Manual Pruning, Ether channel - LACP, PAGP, Manual, Layer 2, Layer 3, Load balancing, Ether channel Mis-configuration guard, Spanning Tree - PVST+, RPVST+, MST, Switch Priority, Path cost, STP Timers, Port fast, BPDU guard, BPDU Filter, Loop guard and Root guard, ØSPAN, RSPAN , Chassis Virtualization & aggregation technologies (Stack wise),

3. IP Routing Technologies

Concepts {Route Lookup & Frame rewrite}, Route Table {prefix, network mask, next hop, routing protocol code, administrative distance, metric, Gateway of last resort}, Inter-VLAN routing {Routing on stick & SVI}, Routing Types { Static & Dynamic}, Routing Protocols {Distance vector, Link State, Interior & Exterior}, Static routing { Default route, network route, Host route, Floating Static}, RIPv2{IPV4}, OSPFv2 Single area & Multi area {IPv4 & IPv6}, EIGRP {IPv4 & IPv6}, TSHOOT

IPv4 {Addressing & Subnetting, Multicasting, VLSM, ARP, DHCP}, IPv6 {unicast, EUI-64, ND, RS/RA, SLAAC, DHCP}, Static & Default routing, Routing protocols types {DV, LS & path vector}, Administrative distance, passive interface, VRF lite, Filtering, Redistribution, Auto-summarization, Policy based routing, sub-optimal routing, Route maps, Loop prevention {Route tagging & filtering, Split-horizon, Route poisoning}, RIPv2, RIPng, EIGRP {Packet types, Neighbor & authentication, stubs, load balancing, metrics, IPv6}, OSPF {Packet types, Neighbor & authentication, Types[network, area, router, virtual link], Path preference, Operations, IPv6}, BGP {Peer relationship & authentication, IPv4 & IPv6 families, Attributes & best path selection}

4. WAN Technologies

PPP & MLPPP{Local Auth}, PPPOE client side {local auth}, GRE tunnel, WAN {point-to-point, Hub & spoke, Full mesh, single vs dual-homed}, WAN connectivity options {MPLS, Metro Ethernet, broadband PPPOE, Internet VPN {DMVPN, Site-to-Site VPN, Client VPN}, eBGP {Single-homed – peering, route adverting using network command only}, QOS concepts {marking, device trust, Prioritization {voice, video & data}, shaping, policing, congestion management}

PPP {PAP, CHAP, PPoE}, Frame-Relay {Operations, Point-to-Point, Point - to - Multi point}

GRE, DMVPN {Single hub}, Easy virtual Networking {EVN}

5. Infrastructure Services

DNS lookup, TSHOOT {DNS Client}, DHCP {server, Relay, Client, TFTP, DNS & gateway options}, TSHOOT{DHCP}, HSRP {Priority, preemption, version}, NAT {Static, pool & PAT}, NTP {Client/Server}

VRRP, GLBP,

Device Management {Console, vty, Telnet, HTTP, HTTPS, SSH, SCP, [T] FTP, SNMP {V2, V3}, Logging {Local, Syslog, debugs, conditional debugs}, Timestamps, NTP {Master, Client, V3, V4, Authentication}, IPv4 & IPv6 DHCP, {Client, IOS Server, Relay}, IPv4 NAT {Static, Dynamic & PAT}, IPv6 {NAT 64, NPTv6} SLA, IPSLA {ICMP}, Tracking {Objects – interfaces}, Netflow {V5, V9, Local Retrieval, Export {Configuration only}

6. Infrastructure Security

Port Security { static, Dynamic, Sticky, max mac add, violation actions, Err-disable recovery}, Common access layer threat mitigation {802.1x, DHCP snooping, Non default Native VLAN}, IPv4 & IPv6 ACL {Standard, Extended, Named}, APIC-EM path trace ACL analysis tool, Basic device hardening {local auth, Secure Password, Access to device {Source add, Telnet/SSH}, Login banner}, Device security using AAA {TACACS+ & RADIUS}

DHCP snooping, IP Source Guard, Dynamic ARP inspection, Port Security, Private VLAN & Storm Control

IOS AAA using local database, IOS AAA with TACACS+ and Radius {Local privilege authorization fallback}, Device access control {Lines – VTY, AUX, Console, Management plane, Password encryption}, Router security features {IPv4 access control lists, IPv6 traffic filter, {Unicast reverse path forwarding}

7. Infrastructure Management

Device monitoring protocols {SNMPv2, SNMPv3, syslog}, TSHOOT {issues using ICMP echo-based IP SLA}, Device MGT {Backup & Restore device config, CDP, LLDP, Licensing, Logging, Time zone , Loopback}, Intial device config, Device maintenance {Cisco IOS upgrades & recovery {SCP, FTP, TFTP & MD5 verify) , Password recovery & configuration register , File system management} IOS troubleshoot tools {ping & trace route with extended option, terminal monitor, log events, localSPAN}, Network programmability {controller, control & data plane, Northbound & south bound API’s}

4. Security

1.Security Concepts: (1)

1.Principles: Goals, CIA, SIEM, Terms & Zones; 2. Threats: Attacks, Social Engineering, malware, Vectors of Data loss/exfiltration

3. Cryptography : key exchange , hash algorithm , symmetric and asymmetric encryption , digital signatures, certificates, and PKI

4. Topologies : SOHO, CAN, MAN, CLOUD, WAN, Data Center, Virtual Environment(SDN).

2.Secure Access: (1)

1.CCP&Secure management: in-band and out-of band , SNMP v3 , NTP , SCP ; 2. AAA concepts: RADIUS and TACACS+ , Active Directory with AAA , ISE ; 3. 802.1X auth : Identify components ;4. BYOD : BYOD architecture framework , mobile device management (MDM)

3.Secure Routing and Switching : (2)

1.Routers: multiple privilege levels , role-based CLI access ; Routing Protocols: OSPF; 2. Control Plane: Control plane policing

3. Layer 2 Attacks : STP, ARP/MAC/DHCP spoofing , CAM table Overflows, CDP/LLDP reconnaissance , VLAN hopping

4. Mitigation: DHCP snooping , Dynamic ARP Inspection , port security , BPDU guard, root guard, loop guard

5.VLAN : PVLAN, Native VLAN

4.Cisco Firewall Technologies : (2)

1.SWOT – FW Technologies : Proxy, Application, Personal ; 2. Stateful vs Stateless fw; 3. NAT; 4. Zone-based Firewall, 5. ASA

5.VPN: (2)

1.VPN Concepts: Ipsec [IKE, ESP, AH, Tunnel mode, Transport Mode], hairpinning, split tunneling, always-on, NAT traversal

2.Remote Access VPN: clientless SSL VPN , AnyConnect SSL VPN ; 3. Site-to-Site VPN: IPsec site-to-site VPN with pre-shared key auth

6.IPS : (1)

1.Deployment : Network-based IPS vs. host-based IPS , (inline, promiscuous - SPAN, tap ), Placement , False positives, false negatives, true positives, true negatives ; 2. Technologies: Rules/signatures , Detection/signature engines, Trigger actions/responses (drop, reset, block, alert, monitor/log, shun) , Blacklist (static and dynamic)

7.Content and Endpoint Security: (1)

1. Email-based threats : SPAM filtering, anti-malware filtering, DLP, blacklisting, email encryption

2. Web-based threats : Local and cloud-based web proxies, Blacklisting, URL filtering, malware scanning, URL categorization, web application filtering, TLS/SSL decryption

3. Endpoint threats : Anti-virus/anti-malware , Personal firewall/HIPS , Hardware/software encryption of local data

5. WiFi

1.RF Fundamentals

Lesson 1: Radio waves

Lesson 2: RF Signal

Lesson 3: RF Mathematics

Lesson 4: WiFi Antenna

2.802.11 Technology Fundamentals

Lesson 5: Wi-Fi governance

Lesson 6: Channel & Power

Lesson 7: 802.11 Fundamentals

3.Implementing a Wireless Network

Lesson 8: Wireless Architectures

Lesson 9: Physical Infrastructure connections

Lesson 10: AP & WLC Management

4.Operating a Wireless Network

Lesson 11: Initial Setup Procedure (Cloud, Converged Centralized, Autonomous)

Lesson 12: CAP/WAP Discovery & Join Process (DHCP, DNS, Master-Controller- Primary-Secondary- Tertiary)

Lesson 13: Lightweight AP modes

Lesson 14: Client Connectivity using GUI only

Lesson 15: WiFi NW & client MGT & Config Platforms

Lesson 16: Maintain Wireless NW

5.Configuration of Client Connectivity

Lesson 17: Identify authentication mechanisms

Lesson 18: Configure – WLAN Authentication mechanisms

Lesson 19: Client connectivity in different OS

Lesson 20: Describe roaming

Lesson 21: Wireless guest networking

6.Performing Client Connectivity Troubleshooting

Lesson 22: Validating WLAN Configuration setting

Lesson 23: Validating AP Infrastructure setting

Lesson 24: Validating client setting

Lesson 25: Employ appropriate controller tools

Lesson 26: Identify third party tools

7.Site Survey Process

Lesson 27: Site Survey Methodologies

Lesson 28: Passive & Active site Surveys

Lesson 29: Site Survey tools

Lesson 30: Requirements of client real-time & non real-time applications

1.0 RF Fundamentals 13%

Hide Details

1.1 Describe the propagation of radio waves

• 1.1.a Frequency, amplitude, phase, wavelength (characteristics)

• 1.1.b Absorption, reflection, diffraction, scattering, refraction, fading, free space path loss, multipath

1.2 Interpret RF signal measurements

• 1.2.a Signal strength (RSSI, Transmit power, receive sensitivity)

• 1.2.b Differentiate interference vs. noise

• 1.2.c Device capabilities (smartphones, laptops, tablets)

• 1.2.d Define SNR

1.3 Explain the principles of RF mathematics

• 1.3.a Compute dBm, mW, Law of 3s and 10s,

1.4 Describe Wi-Fi antenna characteristics

• 1.4.a Ability to read a radiation pattern chart

• 1.4.b Antenna types and uses

• 1.4.c dBi, dBd, EIRP

2.0 802.11 Technology Fundamentals 13%

2.1 Describe basic Wi-Fi governance

• 2.1.a Describe regional regulatory bodies (such as, FCC / ETSI/ NTT)

• 2.1.b IEEE 802.11

• 2.1.c Wi-Fi Alliance

2.2 Describe usable channel and power combination

• 2.2.a Regional EIRP limitation examples

• 2.2.b ISM, UNII frequency bands

• 2.2.c Describe RRM fundamental(s)

2.3 Describe 802.11 fundamentals

• 2.3.a Modulation techniques

• 2.3.b Channel width

• 2.3.c MIMO / MU-MIMO

• 2.3.c (i) MRC

• 2.3.c (ii) Beam forming

• 2.3.c (iii) Spatial streams

• 2.3.d Wireless topologies

• 2.3.d (i) IBSS

• 2.3.d (ii) BSS

• 2.3.d (iii) ESS

• 2.3.e Frame types

• 2.3.e (i) Management

• 2.3.e (ii) Control

• 2.3.e (iii) Data

3.0 Implementing a Wireless Network 16%

3.1 Describe the various Cisco wireless architectures

• 3.1.a Cloud

• 3.1.b Autonomous

• 3.1.c Split MAC

• 3.1.c (i) FlexConnect

• 3.1.c (ii) Centralized

• 3.1.c (iii) Converged

3.2 Describe physical infrastructure connections

• 3.2.a Wired infrastructures (AP, WLC, access/trunk ports, LAG)

3.3 Describe AP and WLC management access connections

• 3.3.a Management connections (Telnet, SSH, HTTP, HTTPS, console)

• 3.3.b IP addressing: IPv4 / IPv6

• 3.3.c Management via wireless

4.0 Operating a Wireless Network 20%

4.1 Execute initial setup procedures Cisco wireless infrastructures

• 4.1.a Cloud

• 4.1.b Converged

• 4.1.c Centralized

• 4.1.d Autonomous

4.2 Describe the Cisco implementation of the CAPWAP discovery and join process

• 4.2.a DHCP

• 4.2.b DNS

• 4.2.c Master-controller

• 4.2.d Primary-secondary-tertiary

4.3 Distinguish different lightweight AP modes

4.4 Describe and configure the components of a wireless LAN access for client connectivity using GUI only

4.5 Identify wireless network and client management and configuration platform options

• 4.5.a Controller GUI and CLI

• 4.5.b Prime infrastructure

• 4.5.c Dashboard

• 4.5.d ISE

4.6 Maintain wireless network

• 4.6.a Perform controller configuration backups

• 4.6.b Perform code updates on controller, APs, and converged access switches

• 4.6.b (i) AireOS: boot loader (FUS), image

• 4.6.b (ii) IOS-XE: bundle, unbundle

• 4.6.b (iii) Autonomous

5.0 Configuration of Client Connectivity 16%

5.1 Identify authentication mechanisms

• 5.1.a LDAP, RADIUS, local authentication, WebAuth, 802.1X,PSK

5.2 Configuring WLAN authentication mechanisms on the controller

• 5.2.a WebAuth, 802.1X, PSK

• 5.2.b TKIP deprecation

5.3 Configure client connectivity in different operating systems

• 5.3.a Android, MacOS, iOS, Windows

5.4 Describe roaming

• 5.4.a Layer 2 and Layer 3

• 5.4.b Intracontroller and intercontroller

• 5.4.c Centralized mobility

• 5.4.d Converged mobility

5.5 Describe wireless guest networking

• 5.5.a Anchor controller

• 5.5.b Foreign controller

6.0 Performing Client Connectivity Troubleshooting 13%

6.1 Validating WLAN configuration settings at the infrastructure side

• 6.1.a Security settings

• 6.1.b SSID settings

6.2 Validating AP infrastructure settings

• 6.2.a Port level configuration

• 6.2.b Power source

• 6.2.c AP and antenna orientation and position

6.3 Validate client settings

• 6.3.a SSID

• 6.3.b Security

• 6.3.c Device driver version

6.4 Employ appropriate controller tools to assist troubleshooting

• 6.4.a GUI logs

• 6.4.b CLI show commands

• 6.4.c Monitor pages

• 6.4.c (i) CleanAir (controller GUI)

6.5 Identify appropriate third-party tools to assist troubleshooting

• 6.5.a OS-based Client utilities

• 6.5.b Wi-Fi scanners

• 6.5.c RF mapping tool

7.0 Site Survey Process 9%

7.1 Describe site survey methodologies and their purpose

• 7.1.a Offsite (predictive / plan)

• 7.1.b Onsite

• 7.1.b (i) Predeployment (AP on a stick)

• 7.1.b (ii) Post deployment (validation)

7.2 Describe passive and active site surveys

7.3 Identify proper application of site survey tools

• 7.3.a Spectrum analyzer

• 7.3.b Site surveying software

7.4 Describe the requirements of client real-time and non-real-time applications

6. Service Provider

1.0 IP Networks 12%

1.1 Describe the purpose and functions of various network devices (at the core, distribution, and access layers)

1.2 Identify the functional components required to meet a given network specification

1.3 Describe the OSI and TCP/IP models and their associated protocols to explain how data flows in a network

1.4 Describe common network applications and their impact on the network

1.5 Interpret network diagrams

1.6 Troubleshoot common network problems at layers 1, 2, 3, 4, and 7 using a layered model approach

1.7 Describe differences between LAN and WAN operation and features

2.0 IPv4 and IPv6 Addressing 13%

2.1 Describe the structure of IPv4 and IPv6 addresses

2.2 Describe VLSM, CIDR and route summarization concepts

2.3 Describe the different types of IPv4 and IPv6 addresses

2.4 Design an IP subnetting plan based on given requirements

3.0 Switched Network Technologies I 12%

3.1 Describe bridging concepts and Layer 2 Ethernet frames

3.2 Configure basic Spanning Tree operations on Cisco IOS Switches

3.3 Interpret the output of various basic show and debug commands to verify the operational status of a Cisco switched network

3.4 Configure basic switch security (i.e, port security, securing unused ports)

3.5 Describe Ethernet link bundling, LACP, and PAgP and Flex Links

4.0 Routed Network Technologies I 10%

4.1 Describe classful versus classless routing

4.2 Describe routing protocols basics (metrics, IGP versus EGP)

4.3 Describe RIPv1, RIPv2, RIPNG

4.4 Implement EIGRPv4 and EIGRPv6 on Cisco IOS, IOS-XE and IOS-XR routers

4.5 Describe route redistribution

4.6 Describe VRF

4.7 Describe GRE

5.0 IP Services 10%

5.1 Configure NAT (IPv4) on Cisco routers

5.2 Configure DHCP (IPv4 and IPv6) operations on Cisco routers

5.3 Describe ICMPv4 and ICMPv6

5.4 Describe DNS

6.0 Cisco Operating Systems and Platforms I 15%

6.1 Perform basic Cisco IOS, IOS-XE and IOS-XR CLI operations

6.2 Implement basic Cisco IOS, IOS-XE and IOS-XR routers configurations

7.0 Transport Technologies 9%

7.1 Describe SONET and SDH

7.2 Describe DWDM, IPoDWDM, and ROADM

7.3 Configure 10 Gigabit Ethernet, 40 Gigabit Ethernet, and 100 Gigabit Ethernet interfaces on Cisco routers

7.4 Describe Frame Relay

7.5 Describe ATM

7.6 Describe Metro Ethernet

7.7 Describe DSL

7.8 Describe T1, T3, E1, E3, and ISDN

7.9 Implement PPP encapsulation on Cisco routers serial and POS interfaces

7.10 Describe cable (DOCSIS)

7.11 Describe the main BRAS and BNG routers functions in IP NGN

7.12 Describe various Passive Optical Network (PON) access technologies and FTTx

8.0 Security in the Network 10%

8.1 Describe Layer 2 security features on Cisco IOS switches

8.2 Configure management plane security on Cisco routers and IOS switches

8.3 Describe IPsec

8.4 Describe control plane security

8.5 Configure basic AAA (TACACS+ and RADIUS) services on Cisco routers

8.6 Configure routing protocols authentication between Cisco routers

8.7 Describe the relationships between users, user groups, tasks groups and task IDs in IOS-XR

8.8 Describe common types of network attacks

9.0 Network Management 9%

9.1 Configure NTP server or client on Cisco routers

9.2 Configure IP SLA on Cisco routers

9.3 Configure CDP on Cisco routers and IOS switches

9.4 Configure SNMP on Cisco routers

9.5 Configure NetFlow on Cisco routers

9.6 Configure logging to syslog server on Cisco routers

9.7 Describe the Cisco IOS Call-Home feature

9.8 Describe Cisco TAC procedure and navigate Cisco support tools (CCO)

9.9 Implement management access (SSH, telnet, and out-of-band management design)

9.10 Implement SPAN, RSPAN, and ERSPAN

9.11 Implement file transfers to manage network devices configurations and images using FTP, SCP, TFTP, SFTP, and RCP

1.0 IP NGN Architecture 21%

1.1 Identify the functional components required to meet a given network specification

1.2 Troubleshoot common network problems at layers 1, 2, 3, 4, and 7 using a layered model approach

1.3 Describe the different types of service providers

1.4 Describe service provider principal and reference NGN architecture

1.5 Describe the IP address and AS number allocation process via IANA/RIRs

2.0 Switched Network Technologies II 23%

2.1 Configure enhanced switching technologies (including RSTP, MST, and PVSTP) on Cisco IOS switches

2.2 Describe how VLANs create logically separate networks and the need for routing between them

2.3 Configure VLANs on Cisco IOS switches

2.4 Configure trunking on Cisco IOS switches

2.5 Configure InterVLAN routing

2.6 Configure REP on Cisco IOS switches

2.7 Configure QinQ on Cisco IOS Switches

3.0 Routed Network Technologies II 24%

3.1 Configure basic single area OSPFv2 and OSPFv3 routing on Cisco Routers

3.2 Configure basic single area IS-IS routing on Cisco routers

3.3 Describe the differences between static versus dynamic routing, as well as distance vector versus link-state routing protocol operations

3.4 Configure basic BGP routing on Cisco routers

3.5 Describe the address family concept on Cisco routers

3.6 Describe IPv6 transitioning technologies

3.7 Configure first hop router redundancy protocol (HSRP, VRRP, GLBP on Cisco routers

3.8 Implement ACL on Cisco routers

3.9 Describe Carrier Grade NAT and NAT64

3.10 Describe MPLS functions in the SP IP NGN

3.11 Configure LDP on Cisco routers

4.0 Cisco Operating Systems and Platforms II 32%

4.1 Manage the IOS XR configurations and software packages

4.2 Describe IOS XE software packagings

4.3 Describe Cisco SP router platforms, their operating system and placement in the SP IP NGN

III. Advanced Tracks:

7. Data Center

1.0 Data Center Physical Infrastructure 15%

1.1 Describe different types of cabling, uses, and limitations

1.2 Describe different types of transceivers, uses, and limitations

1.3 Identify physical components of a server and perform basic troubleshooting

1.4 Identify physical port roles

1.5 Describe power redundancy modes

2.0 Basic Data Center Networking Concepts 23%

2.1 Compare and contrast the OSI and the TCP/IP models

2.2 Describe classic Ethernet fundamentals

• 2.2.a Forward

• 2.2.b Filter

• 2.2.c Flood

• 2.2.d MAC address table

2.3 Describe switching concepts and perform basic configuration

• 2.3.a STP

• 2.3.b 802.1q

• 2.3.c Port channels

• 2.3.d Neighbor discovery

• 2.3.d [i] CDP

• 2.3.d [ii] LLDP

• 2.3.e Storm control

3.0 Advanced Data Center Networking Concepts 23%

3.1 Basic routing operations

• 3.1.a Explain and demonstrate IPv4/IPv6 addressing

• 3.1.b Compare and contrast static and dynamic routing

• 3.1.c Perform basic configuration of SVI/routed interfaces

3.2 Compare and contrast the First Hop Redundancy Protocols

• 3.2.a VRRP

• 3.2.b GLBP

• 3.2.c HSRP

3.3 Compare and contrast common data center network architectures

• 3.3.a 2 Tier

• 3.3.b 3 Tier

• 3.3.c Spine-leaf

3.4 Describe the use of access control lists to perform basic traffic filtering

3.5 Describe the basic concepts and components of authentication, authorization, and accounting

4.0 Basic Data Center Storage 19%

4.1 Differentiate between file and block based storage protocols

4.2 Describe the roles of FC/FCoE port types

4.3 Describe the purpose of a VSAN

4.4 Describe the addressing model of block based storage protocols

• 4.4.a FC

• 4.4.b iSCSI

5.0 Advanced Data Center Storage 20%

5.1 Describe FCoE concepts and operations

• 5.1.a Encapsulation

• 5.1.b DCB

• 5.1.c vFC

• 5.1.d Topologies

• 5.1.d [i] Single hop

• 5.1.d [ii] Multihop

• 5.1.d [iii] Dynamic

5.2 Describe Node Port Virtualization

5.3 Describe zone types and their uses

5.4 Verify the communication between the initiator and target

• 5.4.a FLOGI

• 5.4.b FCNS

• 5.4.c active zone set

1.0 Unified Computing 25%

1.1 Describe common server types and connectivity found in a data center

1.2 Describe the physical components of the Cisco UCS

1.3 Describe the concepts and benefits of Cisco UCS hardware abstraction

1.4 Perform basic Cisco UCS configuration

• 1.4.a Cluster high availability

• 1.4.b Port roles

• 1.4.c Hardware discovery

1.5 Describe server virtualization concepts and benefits

• 1.5.a Hypervisors

• 1.5.b Virtual switches

• 1.5.c Shared storage

• 1.5.d Virtual Machine components

• 1.5.e Virtual Machine Manager

2.0 Network Virtualization 17%

2.1 Describe the components and operations of Cisco virtual switches

2.2 Describe the concepts of overlays

• 2.2.a OTV

• 2.2.b NVGRE

• 2.2.c VXLAN

2.3 Describe the benefits and perform simple troubleshooting of VDC STP

2.4 Compare and contrast the default and management VRFs

2.5 Differentiate between the data, control, and management planes

3.0 Cisco Data Center Networking Technologies 26%

3.1 Describe, configure, and verify FEX connectivity

3.2 Describe, configure, and verify basic vPC features

3.3 Describe, configure, and verify FabricPath

3.4 Describe, configure, and verify unified switch ports

3.5 Describe the features and benefits of Unified Fabric

3.6 Describe and explain the use of role-based access control within the data center infrastructure

4.0 Automation and Orchestration 15%

4.1 Explain the purpose and value of using APIs

4.2 Describe the basic concepts of cloud computing

4.3 Describe the basic functions of a Cisco UCS Director

• 4.3.a Management

• 4.3.b Orchestration

• 4.3.c Multitenancy

• 4.3.d Chargeback

• 4.3.e Service offerings

• 4.3.f Catalogs

4.4 Interpret and troubleshoot a Cisco UCS Director workflow

5.0 Application Centric Infrastructure 17%

5.1 Describe the architecture of an ACI environment

• 5.1.a Basic policy resolution

• 5.1.b APIC controller

• 5.1.c Spine leaf

• 5.1.d APIs

5.2 Describe the fabric discovery process

5.3 Describe the policy-driven, multitier application deployment model and its benefits

5.4 Describe the ACI logical model

• 5.4.a Tenants

• 5.4.b Context

• 5.4.c Bridge domains

• 5.4.d EPG

• 5.4.e Contracts

8. Collaboration

1.0 Describe the Characteristics of a Cisco Unified Communications Solution 15%

1.1 Describe the Cisco Unified Communications components and their functions

1.2 Describe call signaling and media flows

1.3 Describe quality implications of a VoIP network

2.0 Provision End Users and Associated Devices 24%

2.1 Describe user creation options for Cisco Unified Communications Manager and Cisco Unified Communications Manager Express

2.2 Create or modify user accounts for Cisco Unified Communications Manager

2.3 Create or modify user accounts for Cisco Unified Communications Manager Express using the GUI

2.4 Create or modify endpoints for Cisco Unified Communications Manager

2.5 Create or modify endpoints for Cisco Unified Communications Manager Express using the GUI

2.6 Describe how calling privileges function and how calling privileges impact system features

2.7 Create or modify directory numbers

2.8 Enable user features and related calling privileges for extension mobility, call coverage, intercom, native presence, and unified mobility remote destination configuration

2.9 Enable end users for Cisco Unified IM and Presence

2.10 Verify user features are operational

3.0 Configure Voice Messaging and Presence 27%

3.1 Describe user creation options for voice messaging

3.2 Create or modify user accounts for Cisco Unity Connection

3.3 Describe Cisco Unified IM and Presence

3.4 Configure Cisco Unified IM and Presence

4.0 Maintain Cisco Unified Communications System 10%

4.1 Generate CDR and CMR reports

4.2 Generate capacity reports

4.3 Generate usage reports

4.4 Generate RTMT reports to monitor system activities

4.5 Monitor voicemail usage

4.6 Remove unassigned directory numbers

4.7 Perform manual system backup

5.0 Provide End User Support 24%

5.1 Verify PSTN connectivity

5.2 Define fault domains using information gathered from end user

5.3 Troubleshoot endpoint issues

5.4 Identify voicemail issues and resolve issues related to user mailboxes

5.5 Describe causes and symptoms of call quality issues

5.6 Reset single devices

5.7 Describe how to use phone applications

1.0 Video Concepts 21%

1.1 Describe the functional components of video solutions

• 1.1.a Provisioning and scheduling Management

• 1.1.b Video compositing

• 1.1.c Streaming video

• 1.1.d Recording and storage

• 1.1.e Media players

• 1.1.f Media convergence

• 1.1.g Media managements

• 1.1.h Video convergence

2.0 Endpoint Configuration 32%

2.1 Describe video product models

• 2.1.a Mobile devices

• 2.1.b Desktop systems

• 2.1.c Multi-purpose systems

• 2.1.d Surveillance cameras and encoders

• 2.1.e Immersive systems

• 2.1.f Peripherals and add-ons

• 2.1.g Cabling connections

• 2.1.h Digital media players

2.2 Describe environment recommendations

• 2.2.a Room lighting recommendations

• 2.2.b Room acoustics recommendations

• 2.2.c Room power recommendations

• 2.2.d Room HVAC recommendations

• 2.2.e Room materials (windows, floor material, wall material, etc.)

• 2.2.f Room size and background wall

• 2.2.g Viewing distance

• 2.2.h Physical security recommendations

2.3 Implement desktop endpoints and surveillance cameras

• 2.3.a Network settings

• 2.3.b GUI interface and CLI

• 2.3.c Control plane

• 2.3.d Cables

• 2.3.e Test call

• 2.3.f User acceptance test

• 2.3.g Microphone calibration

• 2.3.h Camera calibration

• 2.3.i Media playback on PCs

2.4 Describe features and functions

• 2.4.a Auto collaboration

• 2.4.b MCU capabilities versus TelePresence Server

• 2.4.c Audio add in

• 2.4.d PIP

• 2.4.e FECC

• 2.4.f Resolution setting

• 2.4.g Multi way vs multi-site

3.0 Troubleshooting and Support 31%

3.1 Describe troubleshooting methodologies

3.2 Identify endpoint issues

• 3.2.a Cabling

• 3.2.b Peripherals

• 3.2.c Network connectivity

• 3.2.d Registration

• 3.2.e Call setup

• 3.2.f Media quality

• 3.2.g Mid call feature issues

3.3 Collecting system information

• 3.3.a Logs

• 3.3.b Status

3.4 Manage configuration

• 3.4.a Backups

• 3.4.b Restore

• 3.4.c Reset to defaults

• 3.4.d Password recovery

3.5 Implement key CLI commands

3.6 Monitor events and alerts

4.0 Conferencing Concepts 10%

4.1 Describe multi-point control units

4.2 Describe conferencing features

• 4.2.a Switching and layout options

• 4.2.b Cascading

• 4.2.c Conferencing add-ons

4.3 Describe scheduling vs adhoc vs on demand features

9. Cloud

1.0 Cloud Characteristics and Models 14%

1.1 Describe common cloud characteristics

• 1.1.a On-demand self service

• 1.1.b Elasticity

• 1.1.c Resource pooling

• 1.1.d Metered service

• 1.1.e Ubiquitous network access (smartphone, tablet, mobility)

• 1.1.f Multi-tenancy

1.2 Describe Cloud Service Models

• 1.2.a Infrastructure as a Service (IaaS)

• 1.2.b Software as a Service (SaaS)

• 1.2.c Platform as a Service (PaaS)

2.0 Cloud Deployment 16%

2.1 Describe cloud deployment models

• 2.1.a Public

• 2.1.b Private

• 2.1.c Community

• 2.1.d Hybrid

2.2 Describe the Components of the Cisco Intercloud Solution

• 2.2.a Describe the benefits of Cisco Intercloud

• 2.2.b Describe Cisco Intercloud Fabric Services

3.0 Basic Knowledge of Cloud Compute 24%

3.1 Identify key features of Cisco UCS

• 3.1.a Cisco UCS Manager

• 3.1.b Cisco UCS Central

• 3.1.c B-Series

• 3.1.d C-Series

• 3.1.e Server identity (profiles, templates, pools)

3.2 Describe Server Virtualization

• 3.2.a Basic knowledge of different OS and hypervisors

4.0 Basic Knowledge of Cloud Networking 22%

4.1 Describe network architectures for the data center

• 4.1.a Cisco Unified Fabric

• 4.1.a.1 Describe the Cisco Nexus product family

• 4.1.a.2 Describe device virtualization

• 4.1.b SDN

• 4.1.b.1 Separation of control and data

• 4.1.b.2 Programmability

• 4.1.b.3 Basic understanding Open Daylight

• 4.1.c ACI

• 4.1.c.1 Describe how ACI solves the problem not addressed by SDN

• 4.1.c.2 Describe benefits of leaf/spine architecture

• 4.1.c.3 Describe the role of APIC Controller

4.2 Describe Infrastructure Virtualization

• 4.2.a Difference between vSwitch and DVS

• 4.2.b Cisco Nexus 1000V components

• 4.2.b.1 VSM

• 4.2.b.2 VEM

• 4.2.b.3 VSM appliance

• 4.2.c Difference between VLAN and VXLAN

• 4.2.d Virtual networking services

• 4.2.e Define Virtual Application Containers

• 4.2.e.1 Three-tier application container

• 4.2.e.2 Custom container

5.0 Basic Knowledge of Cloud Storage 24%

5.1 Describe storage provisioning concepts

• 5.1.a Thick

• 5.1.b Thin

• 5.1.c RAID

• 5.1.d Disk pools

5.2 Describe the difference between all the storage access technologies

• 5.2.a Difference between SAN and NAS; block and file

• 5.2.b Block technologies

• 5.2.c File technologies

5.3 Describe basic SAN storage concepts

• 5.3.a Initiator, target, zoning

• 5.3.b VSAN

• 5.3.c LUN

5.4 Describe basic NAS storage concepts

• 5.4.a Shares / mount points

• 5.4.b Permissions

5.5 Describe the various Cisco storage network devices

• 5.5.a Cisco MDS family

• 5.5.b Cisco Nexus family

• 5.5.c UCS Invicta (Whiptail)

5.6 Describe various integrated infrastructures

• 5.6.a FlexPod (NetApp)

• 5.6.b VBlock (VCE)

• 5.6.c VSPEX (EMC)

• 5.6.d OpenBlock (Red Hat)

1.0 Cloud Infrastructure Administration and Reporting 21%

1.1 Configure users/groups and role-based access control in the portal, including basic troubleshooting

• 1.1.a Describe default roles

• 1.1.b Configure new user with single role

• 1.1.c Describe multirole user profiles

• 1.1.d Configure a user profile

1.2 Perform virtual machine operations

• 1.2.a Configure live migrations of VMs from host to host

• 1.2.b Edit VM

• 1.2.c Configure VM snapshots

• 1.2.d Describe reverting a VM to a snapshot

1.3 Deploy virtual app containers

• 1.3.a Provide basic support and troubleshoot app container with firewall, networking, and load balancer

2.0 Chargeback and Billing Reports 10%

2.1 Describe the chargeback model

• 2.1.a Describe chargeback features

• 2.1.b Describe budget policy

• 2.1.c Describe cost models

• 2.1.d Describe adding a cost model to a tenant

2.2 Generate various reports for virtual and physical accounts

• 2.2.a Execute billing reports

• 2.2.b Execute a system utilization reporting

• 2.2.c Execute a snapshot report

3.0 Cloud Provisioning 26%

3.1 Describe predefined Cisco UCS Director-based services within the Cisco Prime Service Catalog

• 3.1.a Describe the configuration of service names and icons

• 3.1.b Describe order permissions

• 3.1.b (i) RBAC

• 3.1.c Describe template formats

• 3.1.c (i) Storage

• 3.1.c (ii) Compute

• 3.1.c (iii) Network

• 3.1.c (iv) Virtualization

3.2 Describe provisioning verification

• 3.2.a Describe how to place an order for a service from the Cisco Primer Service Catalog as an end-user

• 3.2.b Verify that provisioning is done correctly

• 3.2.c Access VMs and applications that have been provisioned

3.3 Deploy preconfigured templates and make minor changes to the service catalog offerings that do not affect workflows or services

• 3.3.a Describe the deployment of templates: storage, compute, network, and virtualization

• 3.3.b Describe differences between the templates

• 3.3.c Describe the need to convert between templates

4.0 Cloud Systems Management and Monitoring 26%

4.1 Identify the components of Cisco Prime Service Catalog

• 4.1.a End-user store front

• 4.1.b Stack designer

• 4.1.c Heat orchestration

4.2 Describe the components of Cisco UCS Director

• 4.2.a Describe infrastructure management and monitoring

• 4.2.b Describe orchestration

• 4.2.c Describe the portal

• 4.2.d Describe the Bare Metal Agent

4.3 Describe Cisco UCS Performance Manager

• 4.3.a Describe capacity planning

• 4.3.b Describe bandwidth monitoring

• 4.3.c Describe how host groups facilitate dynamic monitoring

4.4 Describe the components of Cisco IAC

• 4.4.a Describe Cisco Process Orchestrator

• 4.4.b Describe Cisco Prime Service Catalog

• 4.4.c Describe Cisco Server Provisioner

4.5 Perform cloud monitoring using Cisco Prime Service Catalog, Cisco UCS Director, Cisco Prime infrastructure

• 4.5.a Describe fault monitoring

• 4.5.b Describe performance monitoring

• 4.5.c Describe monitoring of provisioning outcomes

4.6 Create monitoring dashboards

• 4.6.a Configure custom dashboards

• 4.6.b Configure threshold settings

5.0 Cloud Remediation 17%

5.1 Configure serviceability options

• 5.1.a Configure syslog

• 5.1.b Configure NTP

• 5.1.c Configure DNS

• 5.1.d Configure DHCP

• 5.1.e Configure SMTP

5.2 Interpret Logs for root cause analysis

• 5.2.a Analyze fault logs

• 5.2.b Analyze admin logs

• 5.2.c Analyze application logs

5.3 Configure backups

• 5.3.a Configure database backup

• 5.3.b Configure database restore

III. Specialization Tracks:

10. Cyber Security

1.0 Network Concepts 12%

1.1 Describe the function of the network layers as specified by the OSI and the TCP/IP network models

1.2 Describe the operation of the following

• 1.2.a IP

• 1.2.b TCP

• 1.2.c UDP

• 1.2.d ICMP

1.3 Describe the operation of these network services

• 1.3.a ARP

• 1.3.b DNS

• 1.3.c DHCP

1.4 Describe the basic operation of these network device types

• 1.4.a Router

• 1.4.b Switch

• 1.4.c Hub

• 1.4.d Bridge

• 1.4.e Wireless access point (WAP)

• 1.4.f Wireless LAN controller (WLC)

1.5 Describe the functions of these network security systems as deployed on the host, network, or the cloud:

• 1.5.a Firewall

• 1.5.b Cisco Intrusion Prevention System (IPS)

• 1.5.c Cisco Advanced Malware Protection (AMP)

• 1.5.d Web Security Appliance (WSA) / Cisco Cloud Web Security (CWS)

• 1.5.e Email Security Appliance (ESA) / Cisco Cloud Email Security (CES)

1.6 Describe IP subnets and communication within an IP subnet and between IP subnets

1.7 Describe the relationship between VLANs and data visibility

1.8 Describe the operation of ACLs applied as packet filters on the interfaces of network devices

1.9 Compare and contrast deep packet inspection with packet filtering and stateful firewall operation

1.10 Compare and contrast inline traffic interrogation and taps or traffic mirroring

1.11 Compare and contrast the characteristics of data obtained from taps or traffic mirroring and NetFlow in the analysis of network traffic

1.12 Identify potential data loss from provided traffic profiles

2.0 Security Concepts 17%

2.1 Describe the principles of the defense in depth strategy

2.2 Compare and contrast these concepts

• 2.2.a Risk

• 2.2.b Threat

• 2.2.c Vulnerability

• 2.2.d Exploit

2.3 Describe these terms

• 2.3.a Threat actor

• 2.3.b Run book automation (RBA)

• 2.3.c Chain of custody (evidentiary)

• 2.3.d Reverse engineering

• 2.3.e Sliding window anomaly detection

• 2.3.f PII

• 2.3.g PHI

2.4 Describe these security terms

• 2.4.a Principle of least privilege

• 2.4.b Risk scoring/risk weighting

• 2.4.c Risk reduction

• 2.4.d Risk assessment

2.5 Compare and contrast these access control models

• 2.5.a Discretionary access control

• 2.5.b Mandatory access control

• 2.5.c Nondiscretionary access control

2.6 Compare and contrast these terms

• 2.6.a Network and host antivirus

• 2.6.b Agentless and agent-based protections

• 2.6.c SIEM and log collection

2.7 Describe these concepts

• 2.7.a Asset management

• 2.7.b Configuration management

• 2.7.c Mobile device management

• 2.7.d Patch management

• 2.7.e Vulnerability management

3.0 Cryptography 12%

3.1 Describe the uses of a hash algorithm

3.2 Describe the uses of encryption algorithms

3.3 Compare and contrast symmetric and asymmetric encryption algorithms

3.4 Describe the processes of digital signature creation and verification

3.5 Describe the operation of a PKI

3.6 Describe the security impact of these commonly used hash algorithms

• 3.6.a MD5

• 3.6.b SHA-1

• 3.6.c SHA-256

• 3.6.d SHA-512

3.7 Describe the security impact of these commonly used encryption algorithms and secure communications protocols

• 3.7.a DES

• 3.7.b 3DES

• 3.7.c AES

• 3.7.d AES256-CTR

• 3.7.e RSA

• 3.7.f DSA

• 3.7.g SSH

• 3.7.h SSL/TLS

3.8 Describe how the success or failure of a cryptographic exchange impacts security investigation

3.9 Describe these items in regards to SSL/TLS

• 3.9.a Cipher-suite

• 3.9.b X.509 certificates

• 3.9.c Key exchange

• 3.9.d Protocol version

• 3.9.e PKCS

4.0 Host-Based Analysis 19%

4.1 Define these terms as they pertain to Microsoft Windows

• 4.1.a Processes

• 4.1.b Threads

• 4.1.c Memory allocation

• 4.1.d Windows Registry

• 4.1.e WMI

• 4.1.f Handles

• 4.1.g Services

4.2 Define these terms as they pertain to Linux

• 4.2.a Processes

• 4.2.b Forks

• 4.2.c Permissions

• 4.2.d Symlinks

• 4.2.e Daemon

4.3 Describe the functionality of these endpoint technologies in regards to security monitoring

• 4.3.a Host-based intrusion detection

• 4.3.b Antimalware and antivirus

• 4.3.c Host-based firewall

• 4.3.d Application-level whitelisting/blacklisting

• 4.3.e Systems-based sandboxing (such as Chrome, Java, Adobe reader)

4.4 Interpret these operating system log data to identify an event

• 4.4.a Windows security event logs

• 4.4.b Unix-based syslog

• 4.4.c Apache access logs

• 4.4.d IIS access logs

5.0 Security Monitoring 19%

5.1 Identify the types of data provided by these technologies

• 5.1.a TCP Dump

• 5.1.b NetFlow

• 5.1.c Next-Gen firewall

• 5.1.d Traditional stateful firewall

• 5.1.e Application visibility and control

• 5.1.f Web content filtering

• 5.1.g Email content filtering

5.2 Describe these types of data used in security monitoring

• 5.2.a Full packet capture

• 5.2.b Session data

• 5.2.c Transaction data

• 5.2.d Statistical data

• 5.2.f Extracted content

• 5.2.g Alert data

5.3 Describe these concepts as they relate to security monitoring

• 5.3.a Access control list

• 5.3.b NAT/PAT

• 5.3.c Tunneling

• 5.3.d TOR

• 5.3.e Encryption

• 5.3.f P2P

• 5.3.g Encapsulation

• 5.3.h Load balancing

5.4 Describe these NextGen IPS event types

• 5.4.a Connection event

• 5.4.b Intrusion event

• 5.4.c Host or endpoint event

• 5.4.d Network discovery event

• 5.4.e NetFlow event

5.5 Describe the function of these protocols in the context of security monitoring

• 5.5.a DNS

• 5.5.b NTP

• 5.5.c SMTP/POP/IMAP

• 5.5.d HTTP/HTTPS

6.0 Attack Methods 21%

6.1 Compare and contrast an attack surface and vulnerability

6.2 Describe these network attacks

• 6.2.a Denial of service

• 6.2.b Distributed denial of service

• 6.2.c Man-in-the-middle

6.3 Describe these web application attacks

• 6.3.a SQL injection

• 6.3.b Command injections

• 6.3.c Cross-site scripting

6.4 Describe these attacks

• 6.4.a Social engineering

• 6.4.b Phishing

• 6.4.c Evasion methods

6.5 Describe these endpoint-based attacks

• 6.5.a Buffer overflows

• 6.5.b Command and control (C2)

• 6.5.c Malware

• 6.5.d Rootkit

• 6.5.e Port scanning

• 6.5.f Host profiling

6.6 Describe these evasion methods

• 6.6.a Encryption and tunneling

• 6.6.b Resource exhaustion

• 6.6.c Traffic fragmentation

• 6.6.d Protocol-level misinterpretation

• 6.6.e Traffic substitution and insertion

• 6.6.f Pivot

6.7 Define privilege escalation

6.8 Compare and contrast remote exploit and a local exploit

1.0 Endpoint Threat Analysis and Computer Forensics 15%

1.1 Interpret the output report of a malware analysis tool such as AMP Threat Grid and Cuckoo Sandbox

1.2 Describe these terms as they are defined in the CVSS 3.0:

• 1.2.a Attack vector

• 1.2.b Attack complexity

• 1.2.c Privileges required

• 1.2.d User interaction

• 1.2.e Scope

1.3 Describe these terms as they are defined in the CVSS 3.0

• 1.3.a Confidentiality

• 1.3.b Integrity

• 1.3.c Availability

1.4 Define these items as they pertain to the Microsoft Windows file system

• 1.4.a FAT32

• 1.4.b NTFS

• 1.4.c Alternative data streams

• 1.4.d MACE

• 1.4.e EFI

• 1.4.f Free space

• 1.4.g Timestamps on a file system

1.5 Define these terms as they pertain to the Linux file system

• 1.5.a EXT4

• 1.5.b Journaling

• 1.5.c MBR

• 1.5.d Swap file system

• 1.5.e MAC

1.6 Compare and contrast three types of evidence

• 1.6.a Best evidence

• 1.6.b Corroborative evidence

• 1.6.c Indirect evidence

1.7 Compare and contrast two types of image

• 1.7.a Altered disk image

• 1.7.b Unaltered disk image

1.8 Describe the role of attribution in an investigation

• 1.8.a Assets

• 1.8.b Threat actor

2.0 Network Intrusion Analysis 22%

2.1 Interpret basic regular expressions

2.2 Describe the fields in these protocol headers as they relate to intrusion analysis:

• 2.2.a Ethernet frame

• 2.2.b IPv4

• 2.2.c IPv6

• 2.2.d TCP

• 2.2.e UDP

• 2.2.f ICMP

• 2.2.g HTTP

2.3 Identify the elements from a NetFlow v5 record from a security event

2.4 Identify these key elements in an intrusion from a given PCAP file

• 2.4.a Source address

• 2.4.b Destination address

• 2.4.c Source port

• 2.4.d Destination port

• 2.4.e Protocols

• 2.4.f Payloads

2.5 Extract files from a TCP stream when given a PCAP file and Wireshark

2.6 Interpret common artifact elements from an event to identify an alert

• 2.6.a IP address (source / destination)

• 2.6.b Client and Server Port Identity

• 2.6.c Process (file or registry)

• 2.6.d System (API calls)

• 2.6.e Hashes

• 2.6.f URI / URL

2.7 Map the provided events to these source technologies

• 2.7.a NetFlow

• 2.7.b IDS / IPS

• 2.7.c Firewall

• 2.7.d Network application control

• 2.7.e Proxy logs

• 2.7.f Antivirus

2.8 Compare and contrast impact and no impact for these items

• 2.8.a False Positive

• 2.8.b False Negative

• 2.8.c True Positive

• 2.8.d True Negative

2.9 Interpret a provided intrusion event and host profile to calculate the impact flag generated by Firepower Management Center (FMC)

3.0 Incident Response 18%

3.1 Describe the elements that should be included in an incident response plan as stated in NIST.SP800-61 r2

3.2 Map elements to these steps of analysis based on the NIST.SP800-61 r2

• 3.2.a Preparation

• 3.2.b Detection and analysis

• 3.2.c Containment, eradication, and recovery

• 3.2.d Post-incident analysis (lessons learned)

3.3 Map the organization stakeholders against the NIST IR categories (C2M2, NIST.SP800-61 r2)

• 3.3.a Preparation

• 3.3.b Detection and analysis

• 3.3.c Containment, eradication, and recovery

• 3.3.d Post-incident analysis (lessons learned)

3.4 Describe the goals of the given CSIRT

• 3.4.a Internal CSIRT

• 3.4.b National CSIRT

• 3.4.c Coordination centers

• 3.4.d Analysis centers

• 3.4.e Vendor teams

• 3.4.f Incident response providers (MSSP)

3.5 Identify these elements used for network profiling

• 3.5.a Total throughput

• 3.5.b Session duration

• 3.5.c Ports used

• 3.5.d Critical asset address space

3.6 Identify these elements used for server profiling

• 3.6.a Listening ports

• 3.6.b Logged in users/service accounts

• 3.6.c Running processes

• 3.6.d Running tasks

• 3.6.e Applications

3.7 Map data types to these compliance frameworks

• 3.7.a PCI

• 3.7.b HIPPA (Health Insurance Portability and Accountability Act)

• 3.7.c SOX

3.8 Identify data elements that must be protected with regards to a specific standard (PCI-DSS)

4.0 Data and Event Analysis 23%

4.1 Describe the process of data normalization

4.2 Interpret common data values into a universal format

4.3 Describe 5-tuple correlation

4.4 Describe the 5-tuple approach to isolate a compromised host in a grouped set of logs

4.5 Describe the retrospective analysis method to find a malicious file, provided file analysis report

4.6 Identify potentially compromised hosts within the network based on a threat analysis report containing malicious IP address or domains

4.7 Map DNS logs and HTTP logs together to find a threat actor

4.8 Map DNS, HTTP, and threat intelligence data together

4.9 Identify a correlation rule to distinguish the most significant alert from a given set of events from multiple data sources using the firepower management console

4.10 Compare and contrast deterministic and probabilistic analysis

5.0 Incident Handling 22%

5.1 Classify intrusion events into these categories as defined by the Cyber Kill Chain Model

• 5.1.a Reconnaissance

• 5.1.b Weaponization

• 5.1.c Delivery

• 5.1.d Exploitation

• 5.1.e Installation

• 5.1.f Command and control

• 5.1.g Action on objectives

5.2 Apply the NIST.SP800-61 r2 incident handling process to an event

5.3 Define these activities as they relate to incident handling

• 5.3.a Identification

• 5.3.b Scoping

• 5.3.c Containment

• 5.3.d Remediation

• 5.3.e Lesson-based hardening

• 5.3.f Reporting

5.4 Describe these concepts as they are documented in NIST SP800-86

• 5.4.a Evidence collection order

• 5.4.b Data integrity

• 5.4.c Data preservation

• 5.4.d Volatile data collection

5.5 Apply the VERIS schema categories to a given incident

11. Internet of Things i.e. IoT

1.0 IP Networking 20%

1.1 Describe the difference between enterprise environments and industrial environments

1.2 Describe the components for making the data flow highly available and predictable in an industrial environment (QoS, IP addressing, protocol, and hardware resiliency)

1.3 Interpret and diagnose problems that are related to QoS

1.4 Describe the differences between redundancy and resiliency requirements / approaches between the Enterprise and the plant floor

1.5 Differentiate the capabilities of switch types

1.6 Describe the life cycle of a multicast group

1.7 Describe and configure the operation and use cases for NAT

1.8 Describe and configure the operation and use cases for static routing

1.9 Describe and configure VLAN trunking to a virtual switch

1.10 Describe and configure Layer 2 resiliency protocols (Spanning Tree, REP, Flex Links, and Etherchannels)

1.11 Configure switch ports ( macros, threshold alarms)

2.0 Common Industrial Protocol (CIP) Knowledge and Configuration 19%

2.1 Explain the CIP connection establishment process

2.2 Explain producer/consumer models and implicit/explicit message models

2.3 Recognize communication abilities and capacities in different hardware/hardware generations (revisions)

2.4 Identify and describe the technologies that enable CIP Motion and CIP Safety

2.5 Identify the applicability, limitations, and components of a DLR implementation

2.6 Implement multicast features for CIP within a LAN

2.7 Optimize RPI on a CIP connection given a set of parameters

2.8 Enable and configure IEEE 1588 PTP at the system level

2.9 Configure the Stratix using the Add On Profile (AOP) in Studio 5000

3.0 ProfiNET Knowledge and Configuration 19%

3.1 Describe the differences in ProfiNET support between Cisco catalyst and Cisco Industrial Ethernet (IE) switches

• 3.1.a Support for VLAN 0

• 3.1.b Support for ProfiNET LLDP

• 3.1.c Support for GSDs (integration into SIMATIC STEP 7)

3.2 Describe the operation and purpose of ProfiSAFE

3.3 Describe the three basic ProfiNET devices and conformanceclasses

3.4 Describe the ProfiNET application classes and communication channels

3.5 Describe DHCP and how it can be used for IP addressing of devices and configuration pushes

3.6 Describe ring network requirements for ProfiNET

3.7 Enable ProfiNET on the switch

3.8 Enable Layer 2 QoS to ensure ProfiNET is prioritized

3.9 Integrate the Cisco Industrial Ethernet Switch in SIMATIC STEP 7

3.10 Configure and monitor ProfiNET alarm profiles on IE switches

4.0 Security 12%

4.1 Describe the defense in-depth approach to securing the industrial zone

4.2 Identify how a security component (hardware/software) applies to a network device to meet the network security definition of defense in depth

4.3 Describe network device hardening

4.4 Describe the concept and mechanisms of implementing logical segmentation

4.5 Identify possible options to control traffic between zones (ACLs, firewalls, VLANs)

5.0 Wireless 10%

5.1 Describe the differences between 802.11a/b/g/n/ac

5.2 Describe the components that you need to build multiple wireless networks on a single access point

5.3 Describe the difference between autonomous and controller-based access points and wireless workgroup bridges

5.4 Demonstrate a typical switchport configuration for autonomous and controller-based access points

5.5 Describe the limitations of using a workgroup bridge with a control communication

6.0 Troubleshooting 20%

6.1 Troubleshoot advanced Layer 1 problems such as mechanical deterioration, electromagnetic noise issues, and infrastructure mismatches

6.2 Troubleshoot VLAN trunking

6.3 Troubleshoot an error disabled port

6.4 Troubleshoot basic spanning tree port state and root priority problems

6.5 Troubleshoot Layer 3 problems by inspecting route tables and NAT tables

6.6 Troubleshoot Layer 3 problems in a VRF-lite enabled environment

6.7 Demonstrate the ability to find the location of a device within a multi-switch network given an IP address

6.8 Identify methods for troubleshooting a communication problem in a CIP environment

6.9 Troubleshoot CIP using an Ethernet/IP browse tool, command line, and a web browser

6.10 Troubleshoot device communications performance

6.11 Identify the source of cable and device faults in a DLR

6.12 Identify methods for troubleshooting a communication problem in a ProfiNET environment

6.13 Troubleshoot ProfiNET using SIMATIC STEP 7 to view network topology, use the switch command line

12. Operating System Software Defined Networking i.e. SDN

1.0 Platform 21%

1.1 Power

• Recommend PDU as a function of facility

• Install appropriate PDU for chassis

• Monitor system power level

• Show power alarm values

1.2 Environmental

• Recommend environmental levels for system installation

• Verify system-detected environment is within tolerance levels

• Show environmental alarm values

• Clear environmental alarm

• Gather system envinronmental output

• Recommend rack space requirements

• Use proper grounding for installation

• Describe CRS air-flow

• Describe Cisco ASR 9000 air flow

1.3 Physical Architecture

• Identify CRS switch fabric

• Identfy components of CRS fabric

• Identify MSC

• Identify PLIM

• Identify RP CRS/ASR9000

• Identify management interface

• Identify cable management

• Differentiate between single and multi-chassis

• Identify ASR9000 line cards

• Identify ASR9000 RSP

• Identify ASR9000 PDU

• Identify ASR9000 SIP-700/SPA

• Identify CRS SIP/SPA

• Identify CRS chassis

• Identify ASR9000 chassis

• Describe ASR9000 fabric

1.4 Inventory

• Show card status via show platform

• Show cards via show diags

• Show inventory of the system

• Differentiate between admin versus executive plane for show platform

1.5 Environmental (Merge?)

• Show power usage

• Show fan status

• Diff between admin vs exec plane for show platform

1.6 Firmware

• Undertanding what is a FPD.PIE

• Configure Auto FPD

• Understand what is Parallel FPD

• Upgrade FPD and ROMMONUpgrade

• Understand FPD versus ROMMON

• Upgrading FPDs and ROMMONs

• Showing current FPD version information

2.0 Operating System 19%

2.1 Install

• Add a PIEs or SMUs

• Using TFTP, FTP, USB thumbdrive, and hard drive as the source

• With Activate flag

• Using Source flag

• Using TAR file

2.2 Licensing

• Activate PIEs or SMUs

• Initial or recovery software installation

• ROMMON Variables

• Turboboot Mini.VM file

• Deactivate PIEs or SMUs

• Remove inactive packages, PIEs, or SMUs

• Committing the Installation Path

• Check which packages are active

• Check which packages are committed

• Check installation log

• See what install requests are currently active

• Understanding security certificate in PIEs and SMUs

2.3 Packages

• Understanding types of packages

• Mini.PIE

• Mini.VM

• Optional PIEs

• SMUs

• Unstanding IOS-XR versioning and installation restrictions

• Understand P versus PX images and the hardware they support

2.4 Two-Stage Commit

• Understand what is Active Config

• Understand what is Target Config

• Understand when is a Syntax Check done

• Understand when is a Semantic Check done

• Going back to a previous configuration

• Showing configuration IDs and labels

• Show configuration history

• Loading configuration

• Committing the configuration

• Atomic versus best effort

• With labels and comments

• Replacing the configuration

• Using the commit confirm feature

• Show Config Fail

• Configure interfaces before the physical interface is available

2.5 Configuration Planes

• Understand what configuration is in the Admin plane

• Understand what configuration is in the Exec plane

• Understand differences between owner and non-owner SDR in access to Admin plane and Exec plane

• Understand the default VRF

2.6 Task-Based Authorization

• Assigning user privilege to root-system

• Assigning user privilege to root-lr

• Assigning user privilege to cisco-support

• Understand between admin user versus exec username

• Understanding how task based authorization work

2.7 Process

• How to perform process restart

• How to check processes like state, no. of restarts, job id, pid, tid

• Show where certain processes are running

• How to find a blocked process

• Check how much CPU a process is using

2.8 LPTS

• Understand what LPTS is

• Understand about LPTS Policer

• How to use Show LPTS Commands

• Show policer values and drop counts in LPTS

2.9 Memory

• How to look at the memory utilization on the route processor

• How to look at the memory utilization on the line card

• Understand protected memory space versus shared memory and which area uses it

• Check how much memory a process is using

2.10 Support

• How to use Show Tech Support commands

• Core file configuration locatioin including hard drive and FTP

• Debug commands and with ACL filtering

• Locate core files and moving them to a server

2.11 Parser (interacting with)

• Using the parser with pipe, include, exclude, begin, regex

2.12 EEM

• Base assumption of EEM knowledge - understand what is possible and not possible

3.0 Control Plane 21%

3.1 Configuring OSPF

• Configure interfaces to be part of the backbone area

• Configure additional interfaces to be part of non-backbone area

• Configure non-default metric on some interfaces

• Configure neighbor logging so adjacency changes can be monitored

3.2 Verify OSPF

• Determine status of OSPF interfaces

• Determine status of neighbors

• Display OSPF database and determine which links are present

3.3 Configure ISIS

• Configure the ISIS NET

• Enable ISIS for ipv4 unicast routing

• Configure interfaces for ISIS routing

• Enable ISIS for ipv6 unicast routing

• Enable some but not all of the ipv4 enabled interfaces for ipv6 routing

3.4 Verify ISIS

• Determine status if interfaces configured for ISIS

• Determine the status of the routing adjacencies

• Display the ipv4 unicast route table

• Turn and debugging for ISIS adjacencies and explain the information shown

• Display the topologies for IPv4 and IPv6. Why are they different?

3.5 Add Static Routes

• Configure static routes for IPv4 unicast in the global table

• Configure static routes in for IPv4 unicast in two different VRFs

3.6 Configure BGP

• Configure an autonomous system number for BGP to use

• Configure BGP to support IPv4 routing

• Configure BGP to support IPv6 routing

• Configure iBGP neighbors with the typical configuration to use loopback addresses for peering:

• Use neighbor-groups for identical configuration sections on multiple peers

• Configure one iBGP neighbor to exchange both IPv4 and IPv6 prefixes over an IPv4 session

• Configure one iBGP neighbor as an IPv6-only neighbor with IPv6 peer addresses

• Configure eBGP neighbors for IPv4 routing

• Configure a simple pass_all policy for those eBGP neighbors

• Add VPNv4 capability to one iBGP peer

• Add two VRFs into BGP and redistribute static routes into BGP for VPNv4

• Configure one iBGP peer to support 6PE type functionality by adding address-familiy IPv6 labeled-unicast

3.7 Verify BGP

• Display the peer summary status for IPv4 and IPv6

• Display the IPv4 BGP table

• Display a specific entry and explain AS path and next-hop information

• Determine how much memory the BGP process uses

3.8 Understanding RPL Concepts

• Configure RPL

• Define an AS-set for use in RPL

• Create a route policy that checks for an AS from the AS-set and adds a community for matching routes

• Create a route-policy that uses an inline prefix-set and changes the local preference when a match is found

• Create a route policy that adds a community where the community is used as a parameter when the policy is called

3.9 Verify RPL

• Verify that communities are added as expected

• Execute a show bgp… command using a route-policy to modify the output. Compare to regular show command.

3.10 MPLS LDP

• Configure router to run LDP

• Configure router to log neighbor events

• Enable LDP on interfaces

• Execute show command to verify status of LDP neighbors

3.11 MPLS TE

• Configure OSPF to support traffic engineering extensions

• Enable RSVP on interfaces

• Create an MPLS TE tunnel with two different path options:

• First path explicit

• Second path dynamic

3.12 Execute Show Command to Determine Tunnel Status at Tunnel Head

• Execute show command to determine tunnel midpoints traversing the router

3.13 Configure IP Multicast

• Configure PIM-SM, PIM-SSM, PIM-SSM range

• Configure static-RP, Auto-RP, and BSR for PIM-SM

• Confiigure Multicast NSF

• Configure Multicast VPN

• Configure MSDP for interconnecting PIM-SM domains

• Configure MoFRR

• Configure P2MP-TE for IP Multicast

4.0 Data Plane 20%

4.1 General Forwarding

• Understand and monitor interface counters

• Clear interface counters

• Modify interface counter load interval

• Understand the flow of packets through a router

• Describe the difference in processing of transit packets versus locally destined packets

• Understand the information stored in a forwarding table entry

• Troubleshoot packet drops

4.2 Access Control Lists (ACLs)

• Implement ACLs to filter traffic on an interface

• Monitor ACL counters

• Modify an existing applied ACL

• Apply ACLs in debug commands

• Resequence an ACL

4.3 Quality of Service (QoS)

• Implement a basic Quality of Service configuration

• Monitor Quality of Service statistics and behaviors

• Modify an existing QoS configuration

• What is the difference with QoS on IOS XR

4.4 NetFlow

• Describe NetFlow capabilities in IOS XR

• Implement NetFlow packet sampling

• Verify record export

• Monitor the NetFlow cache

4.5 Unicast Reverse Path Forwarding (uRPF)

• Implement uRPF on an interface

• Verify uRPF behavior

4.6 Interface IP addresses

• Configure IPv4 addresses on an interface

• Configure IPv6 addresses on an interface

• Resolve duplicate IP subnets configured on the router

4.7 IP Multicast

• Describe Multicast forwarding on XR platforms (egress and fabric replication, etc.)

• Monitor IP Multicast traffic

• Troubleshoot IP Multicast (RPF, mrib, mfib, olist, etc.)

5.0 Management Plane

19%

Hide Details

5.1 Implementing SNMP on Cisco IOS-XR

• Configuring SNMP (v1, v2c, v3) - Does everyone use SNMPv3?

• Configuring SNMP trap notifications

• Configuring SNMP views, SDRowner and Lrowner

• Configuring SNMP ifIndex persistence

• Verify SNMP configuration - e.g. using snmpget or snmpwalk

5.2 Implementing Logging Services on Cisco IOS-XR

• Configuring logging buffer

• Configuring syslog server host as logging destination

• Configuring terminals for logging display (term mon)

• Configuring logging facility

• Configuring local logging device and archiving

• Monitoring logging buffer and filtering messages

5.3 Implementing Physical and Virtual Terminals

• Configuring line templates, vty pools

• Configuring exec timeout

• Securing vty line and vty access

• Verify vty access-group configuration

5.4 Implementing SSH Access on Cisco IOS-XR

• Configuring SSH server (including crypto key generation)

• SSH client usage

• Verify SSH configuration

5.5 Implementing Telnet Access on Cisco IOS-XR

• Configuring telnet server on IOS-XR

5.6 Implementing XML Management on Cisco IOS-XR

• Describe XML management on IOS-XR

• Configuring XML agent on IOS-XR

• Configuring VRF access for XML agent on IOS-XR

5.7 Implementing TACACS+ Authentication, Authorization and Accounting

• Configuring AAA Authentication - Using TACACS+ and local as fallback

• Confguring AAA Command Authorization - Using TACACS+ and local as fallback

• Configuring AAA Command Accounting

• Implementing TACACS+ - Assigning task groups and privileges

• Verify AAA permissions upon command failure (i.e. debug aaa)

5.8 Configuring CDP on Cisco IOS-XR

• Enable CDP on IOS-XR

• Monitor CDP neighbors and parameters

5.9 Implementing Management Plane Protection (MPP) on Cisco IOS-XR

• Configuring MPP to restrict access from specific IP Addresses and protocols

• Configuring MPP to restrict access for out-of-band interface

5.10 Implementing NTP on Cisco IOS-XR

• Configuring NTP server

• Configuring NTP peer

• Securing NTP configurations (NTP access groups)

• Verifying NTP status

5.11 Implementing SDRs on IOS-XR

• Understand SDR

• Describe DSC

• Assigning SDR access priviledges

• Creating SDRs, adding nodes to non-owner SDRs

• Creating username and passwords for non-owner SDRs

• Rebooting non-owner SDRs

5.12 Chassis and Hardware Management

• Displaying installed modules, status of modules

• Displaying environmental status (fan, power, etc)

• Enabling and disabling power to a specific line card or module

• Reloading line card or module

• Displaying chassis and module serial numbers

• Reloading RP

• Reloading entire chassis

• Troubleshoot reason why PLIM/MSC is not booting up

5.13 Implementing EEM on Cisco IOS-XR

13. Network Programming

1.0 Programming Fundamentals 15%

1.1 Construct Python code

1.2 Construct Python code that properly handles exceptions