实施思科安全访问解决方案考试要点

实施思科安全访问解决方案考试要点

　　实施思科安全访问解决方案(SISAS)主要检验考生作为网络安全工程师是否能够使用802.1X和TrustSec来掌握安全访问的.组件和架构。下面是小编整理的考试要点：

　　该考试涵盖思科身份服务引擎(ISE)架构、整体网络威胁缓解的解决方案和组件以及终点控制解决方案。同时考试考察使用ISE的posture和profiling 服务来掌握基础BYOD概念。

　　Exam Description:

　　The first paragraph is the exam description that is followed by a second paragraph with standard copy that appears on all exam topics.

　　The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

　　1.0 Identity Management/Secure Access

　　1.1 Implement Device Administration

　　1.1.a Compare and select AAA options

　　1.1.b TACACS+

　　1.1.c RADIUS

　　1.1.d Describe Native AD and LDAP

　　1.2 Describe Identity Management

　　1.2.a Describe Features and functionality of Authentication and authorization

　　1.2.b Describe identity store options (i.e., LDAP, AD, PKI, OTP, Smart Card, local)

　　1.2.c Implement accounting

　　1.3 Implement Wired/Wireless 802.1x

　　1.3.a Describe RADIUS Flows

　　1.3.b AV Pairs

　　1.3.c EAP types

　　1.3.d Describe Supplicant, Authenticator, Server

　　1.3.e Supplicant options

　　1.3.f 802.1X phasing (monitor mode, low impact, closed mode)

　　1.3.g AAA server

　　1.3.h Network access devices

　　1.4 Implement MAB

　　1.5 Implement Network Authorization Enforcement

　　1.5.a dACL

　　1.5.b Dynamic VLAN Assignment

　　1.5.c Describe SGA

　　1.5.d Named ACL

　　1.5.e CoA

　　2.0 Threat Defense

　　2.1 Implement Firewall

　　2.1.a Describe SGA ACLs

　　3.0 Identity Management/Secure Access

　　3.1 Implement Central Web Auth

　　3.2 Implement Profiling

　　3.3 Implement Guest Services

　　3.4 Implement Posturing

　　3.5 Implement BYOD

　　3.5.a Describe elements of a BYOD policy

　　3.5.b Device registration

　　3.5.c My devices portal

　　3.5.d Describe supplicant provisioning

　　4.0 Troubleshooting, Monitoring and Reporting Tools

　　4.1 Troubleshoot Identity Management Solutions

　　5.0 Threat Defense Architectures

　　5.1 Design Secure wireless solution

　　6.0 Identity Management Architectures

　　6.1 Design AAA security solution

　　6.2 Design Profiling security solution

　　6.3 Design Posturing security solution

　　6.4 Design BYOD security solution

　　6.5 Design Device admin security solution

　　6.6 Design Guest services security solution