b. Implementing Cisco Edge Network Security Solutions (SENSS)
The Implementing Cisco Edge Network Security (SENSS) (300-206) exam tests the knowledge of a network security engineer to configure and implement security on Cisco network perimeter edge devices such as a Cisco switch, Cisco router, and Cisco ASA firewall. This 90-minute exam consists of 65-75 questions and focuses on the technologies used to strengthen security of a network perimeter such as Network Address Translation (NAT), ASA policy and application inspect, and a zone-based firewall on Cisco routers. Candidates can prepare for this exam by taking the Cisco Edge Network Security (SENSS)
• Understanding and implementing Cisco modular Network Security Architectures such as SecureX and TrustSec.
• Deploy Cisco Infrastructure management and control plane security controls.
• Configuring Cisco layer 2 and layer 3 data plane security controls.
• Implement and maintain Cisco ASA Network Address Translations (NAT).
• Implement and maintain Cisco IOS Software Network Address Translations (NAT).
• Designing and deploying Cisco Threat Defense solutions on a Cisco ASA utilizing access policy and application and identity based inspection.
• Implementing Botnet Traffic Filters.
• Deploying Cisco IOS Zone-Based Policy Firewalls (ZBFW).
• Configure and verify Cisco IOS ZBFW Application Inspection Policy.
Implementing Cisco Edge Network Security Solutions (SENSS) v1.0 is a newly created five-day instructor-led training course that is part of the curriculum path leading to the Cisco Certified Network Professional Security (CCNP Security) certification. Additionally, it is designed to prepare security engineers with the knowledge and hands-on experience to prepare them to configure Cisco perimeter edge security solutions utilizing Cisco Switches, Cisco Routers, and Cisco Adaptive Security Appliance (ASA) Firewalls. The goal of the course is to provide students with foundational knowledge and the capabilities to implement and managed security on Cisco ASA firewalls, Cisco Routers with the firewall feature set, and Cisco Switches. The student will gain hands-on experience with configuring various perimeter security solutions for mitigating outside threats and securing network zones. At the end of the course, students will be able to reduce the risk to their IT infrastructures and applications using Cisco Switches, Cisco ASA, and Router security appliance feature and provide detailed operations support for these products.
2.1 Implement SSHv2, HTTPS, and SNMPv3 access on the network devices
2.2 Implement RBAC on the ASA/IOS using CLI and ASDM
2.3 Describe Cisco Prime Infrastructure
2.3.a Functions and use cases of Cisco Prime
2.3.b Device Management
2.4 Describe Cisco Security Manager (CSM)
2.4.a Functions and use cases of CSM
2.4.b Device Management
2.5 Implement Device Managers
2.5.a Implement ASA firewall features using ASDM
3.1 Configure NetFlow exporter on Cisco Routers, Switches, and ASA
3.2 Implement SNMPv3
3.2.a Create views, groups, users, authentication, and encryption
3.3 Implement logging on Cisco Routers, Switches, and ASA using Cisco best practices
3.4 Implement NTP with authentication on Cisco Routers, Switches, and ASA
3.5 Describe CDP, DNS, SCP, SFTP, and DHCP
3.5.a Describe security implications of using CDP on routers and switches
3.5.b Need for dnssec
4.1 Monitor firewall using analysis of packet tracer, packet capture, and syslog
4.1.a Analyze packet tracer on the firewall using CLI/ASDM
4.1.b Configure and analyze packet capture using CLI/ASDM
4.1.c Analyze syslog events generated from ASA
5.1 Design a Firewall Solution
5.1.b Basic concepts of security zoning
5.1.c Transparent & Routed Modes
5.1.d Security Contexts
5.2 Layer 2 Security Solutions
5.2.a Implement defenses against MAC, ARP, VLAN hopping, STP, and DHCP rogue attacks
5.2.b Describe best practices for implementation
5.2.c Describe how PVLANs can be used to segregate network traffic at Layer 2
6.1 Describe security operations management architectures
6.1.a Single device manager vs. multi-device manager
6.2 Describe Data Center security components and considerations
6.2.a Virtualization and Cloud security
6.3 Describe Collaboration security components and considerations
6.3.a Basic ASA UC Inspection features
6.4 Describe common IPv6 security considerations
6.4.a Unified IPv6/IPv4 ACL on the ASA
• Practice Activities
• Case Studies
• Pre test
• Post test
This course is designed to prepare security engineers with the knowledge to configure Cisco perimeter edge security solutions utilizing Cisco Switches, Cisco Routers, and Cisco Adaptive Security Appliance (ASA) Firewalls. It is also perfect for students interested in pursuing their Cisco Certified Network Professional Security (CCNP Security) certification.
About Telkom Professional Certification Center
Sebagai perwujudan dedikasi PT. Telekomunikasi Indonesia, Tbk (PT. TELKOM) terhadap
pendidikan, dan melalui Yayasan Pendidikan Telkom (YPT), maka pada tanggal 15 Agustus 2008
didirikan Telkom Professional Development Center (Telkom PDC) dan Telkom Professional
Certification Center (TelkomPCC) pada tanggal 27 Agustus 2012.
Untuk meningkatkan layanan maka dilakukan penggabungan antara Telkom PDC dan TelkomPCC
menjadi Telkom Professional Certification Center (TelkomPCC) pada tanggal 1 Maret 2016.
TelkomPCC berada dibawah pengelolaan Telkom Foundation untuk melaksanakan fungsi sebagai
Center of Certification & Center of Competence Development melalui layanan pelatihan,
sertifikasi & konsultasi dibidang Information, Communication, Technology, Business &
TelkomPCC bukan hanya melayani Telkom Group namun juga melayani perusahaan lain &
masyarakat umum yang membutuhkan peningkatan kompetensinya.