SIDEBAR
»
S
I
D
E
B
A
R
«

CCIE RS Workbook | CCIE Security Workbook | CCIE SP Workbook| CCIE Voice Workbook

CCNP Wireless IAUWS 642-736 Exam topics

642-736 IAUWS Exam Topics (Blueprint)

Exam Description

The 642-736 IAUWS Implementing Advanced Cisco Unified Wireless Security exam is the exam associated with the CCNP Wireless certification. This exam assesses a candidate’s capability to secure the wireless network from security threats via appropriate security policies and best practices, to properly implement security standards, and to properly configure wireless security components. Candidates can prepare for this exam by taking the IAUWS Implementing Advanced Cisco Unified Wireless Security course.

Exam Topics

The following information provides general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes the guidelines below may change at any time without notice.

I.  Integrate client device security

A.  Configure client for secure EAP authentication (EAP-FAST, TLS, PEAP, two factor authentication)
B.  Configure the CSSC.
C.  Understand impact of security configurations on application and client roaming.
D.  Troubleshoot client wireless connectivity issues (packet analyzers, debugs, logs, WCS, ACS)
  • Understand client security risks (driver update, MS hot fixes)

II. Design and integrate wireless network with NAC

A.  Understand the architectures; inband, out-of-band
  • Agent vs. agent less
B.  Describe the high level authentication process flow
  • NAC Appliance Server
  • NAC Appliance Manager
  • WLC
C.  Configure the WLC for NAC

III.Implement secure wireless connectivity services

A.  Configure authentication
  • Controller with or without external LDAP database
  • H-REAP APs for WAN failure
  • 802.1X authentication for APs
B.  Configure management frame protection on clients and controllers
C.  Configure IBN (RADIUS based VLAN and ACLs,  AAA override)
D.  Configure ACS for integration with wireless network
E.  Configure client and server side digital certificate services
F.  Implement ACLs on controller
  • CPU ACLs
  • WLAN,  interface, client identity ACLs
G.  Troubleshoot secure wireless connectivity services:
  • Packet analyzers, debugs, logs, WCS, ACS
  • Firewall ports

IV.Design and implement Guest Access services

A.  Understand the architectures for guest access services
  • VLAN-based
  • Anchor/DMZ/redundancy/scaling
  • Wired guest access
  • Bandwidth limiting
B.  Configure guest access accounts
  • Lobby ambassador (controller, WCS-based)
  • Static
  • NAC guest server
C.  Configure controller web auth
  • Pass through
  • Internal/external
  • Authentication
  • Email
  • Custom splash page (internal/external/per WLAN)
  • Understand design considerations (DNS, proxy)
  • Pre-authentication ACL
  • Wired guest access
D.  Configure the anchor and internal controllers
E.  Troubleshoot guest access issues:
  • Debugs, logs, WCS, ACS
  • Firewall ports
  • Mping and eping
  • Proxies

V.Translate organizational and regulatory security policies and enforce security compliances

A.  Describe regulatory compliance considerations, such as: HIPAA, PCI, SOX
  • PCI Audit
B.  Segment traffic into different VLANS, based upon:
  • Security
  • Application
  • QoS
C.  Configure admin security on controller:
  • TACACS+
  • Local
  • Radius
  • Access point admin credential
D.  Manage WLC/WCS alarms:
  • SNMP/Trap receivers
  • Syslog
  • SMTP
  • MARS
  • ACS log
E.  Describe security audit tools
  • AirMagnet
  • Penetration testing

VI.Configure native WLC security feature sets – IPS/IDS

A.  Utilize WCS or controller for IDS and threat mitigation strategies, such as:
  • Signature
  • Custom signature
  • Rogue classification management/(auto) containment
  • Rogue reporting/location (WCS only)
  • Switchport tracing (WCS only)
  • Integrate Cisco spectrum expert to WCS
  • Client exclusion
B.  Categorize and mitigate wireless vulnerabilities, such as:
  • 802.11 client driver fuzzing (can’t be mitigated)
  • Client misconfiguration
  • DoS (RF jamming)
  • Anomalous behavior attacks (i.e. association/authentication attacks)
  • Signature attacks (i.e. NetStumbler – undetectable at this time)
  • Eavesdropping (i.e. wild packets, Honeypot)
  • High jacking (mimicry) (i.e. evil Twin, HoneyPotting)
  • Social engineering (i.e. human attack)

VII.Integrate wireless network with advanced security platforms – IPS/IDS

A.  Understand Cisco’s end-to-end security solutions and how they integrate with Cisco’s wireless solutions, such as:
  • CS-Mars
  • NAC appliance
  • NAC guest server
  • Wired IPS
  • ACS, CSA,  etc.
B.  Understand the CUWN firewall port configuration requirements
  • ACLs
  • IP port pass-through
  • DMZ
C.  Configure the controller for wired IPS/IDS
  • Including adaptive IDS (MSE)
D.  Configure CSA

Get your CCNP Wireless IAUWS 642-736 Exam dumps

Free cisco study workbook download.

 As cisco instructors we provide this free offer to help any one who is interested in being a cisco certificate engineer .
All the below tips are FREE!!!.

  • Latest cisco certification information.
  • Free advice for any cisco exam.
  • Free tips on how to become a cisco network engineer.
  • Free guides lead to you download any stuff listed on our website.



Powered by WPSubscribers
Your privacy will never be compromised

Comments are closed

Free cisco study workbook download.
SIDEBAR
»
S
I
D
E
B
A
R
«
copyright by nextccie.com