Exam Description
The 640-554 Implementing Cisco IOS Network Security (IINS) exam is associated with the CCNA Security certification. This exam tests a candidate's knowledge of securing Cisco routers and switches and their associated networks. It leads to validated skills for installation, troubleshooting and monitoring of network devices to maintain integrity, confidentiality and availability of data and devices and develops competency in the technologies that Cisco uses in its security infrastructure.
Exam Topics
The following topics are general guidelines for the content likely to be included on the Implementing Cisco IOS Network Security (IINS) exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.
Common Security Threats
Describe common security threats
Security and Cisco Routers
Implement security on Cisco routers
Describe securing the control, data, and management plane
Describe Cisco Security Manager
Describe IPv4 to IPv6 transition
AAA on Cisco Devices
Implement AAA (authentication, authorization, and accounting)
Describe TACACS+
Describe RADIUS
Describe AAA
Verify AAA functionality
IOS ACLs
Describe standard, extended, and named IP IOS access control lists (ACLs) to filter packets
Describe considerations when building ACLs
Implement IP ACLs to mitigate threats in a network
Secure Network Management and Reporting
Describe secure network management
Implement secure network management
Common Layer 2 Attacks
Describe Layer 2 security using Cisco switches
Describe VLAN security
Implement VLANs and trunking
Implement spanning tree
Cisco Firewall Technologies
Describe operational strengths and weaknesses of the different firewall technologies
Describe stateful firewalls
Describe the types of NAT used in firewall technologies
Implement zone-based policy firewall using CCP
Implement the Cisco Adaptive Security Appliance (ASA)
Implement Network Address Translation (NAT) and Port Address Translation (PAT)
Cisco IPS
Describe Cisco Intrusion Prevention System (IPS) deployment considerations
Describe IPS technologies
Configure Cisco IOS IPS using CCP
VPN Technologies
Describe the different methods used in cryptography
Describe VPN technologies
Describe the building blocks of IPSec
Implement an IOS IPSec site-to-site VPN with pre-shared key authentication
Verify VPN operations
Implement Secure Sockets Layer (SSL) VPN using ASA device manager
This course will give the student the knowledge and skills necessary to select, connect, configure, and troubleshoot various Cisco networking devices. Cisco CCNA certified professionals can extend switched networks with virtual local area networks, determine Internet Protocol IP routes, manage IP traffic with access lists, and establish point-to-point and Frame Relay connections.