Archive for the ‘Cisco’ Category

08.17
17

300-170 DCVAI Implementing Cisco Data Center Virtualization and Automation

by admin ·

Exam Number 300-170 DCVAI
Associated Certifications CCNP Data Center
Duration 90 minutes (60-70 questions)
Available Languages English

This exam tests a candidate’s knowledge of implementing data center infrastructure including virtualization, automation, Cisco Application Centric Infrastructure (ACI), ACI network resources, and, ACI management and monitoring.

Exam Description
The Implementing Cisco Data Center Virtualization and Automation (DCVAI) exam (300-170) is a 90-minute, 60–70 question assessment. This exam is one of the exams associated with the CCNP Data Center Certification. This exam tests a candidate’s knowledge of implementing Cisco data center infrastructure including virtualization, automation, Application Centric Infrastructure, Application Centric Infrastructure network resources, and Application Centric Infrastructure management and monitoring. The course, Implementing Cisco Data Center Virtualization and Automation v6 (DCVAI), helps candidates to prepare for this exam because the content is aligned with the exam topics.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

1.0 Implement Infrastructure Virtualization 19%

1.1 Implement logical device separation

1.1.a VDC
1.1.b VRF

1.2 Implement virtual switching technologies

2.0 Implement Infrastructure Automation 16%

2.1 Implement configuration profiles

2.1.a Auto-config
2.1.b Port profiles
2.1.c Configuration synchronization

2.2 Implement POAP

2.3 Compare and contrast different scripting tools

2.3.a EEM
2.3.b Scheduler
2.3.c SDK

3.0 Implementing Application Centric Infrastructure 27%

3.1 Configure fabric discovery parameters

3.2 Implement access policies

3.2.a Policy groups
3.2.b Protocol policies
3.2.b [i[ LLDP, CDP, LCAP, and link-level
3.2.c AEP
3.2.d Domains
3.2.e Pools
3.2.f Profiles
3.2.f [i] Switch
3.2.f [ii] Interface

3.3 Implement VMM domain integrations

3.4 Implement tenant-based policies

3.4.a EPGs
3.4.a [i] Pathing
3.4.a [ii] Domains
3.4.b Contracts
3.4.b [i] Consumer
3.4.b [ii] Providers
3.4.b [iii] vzAny (TCAM conservation)
3.4.b [iv] Inter-tenant
3.4.c Private networks
3.4.c [i] Enforced/unenforced
3.4.d Bridge domains
3.4.d [i] Unknown unicast settings
3.4.d [ii] ARP settings
3.4.d [iii] Unicast routing

4.0 Implementing Application Centric Infrastructure Network Resources 25%

4.1 Implement external network integration

4.1.a External bridge network
4.1.b External routed network

4.2 Implement packet flow

4.2.a Unicast
4.2.b Multicast
4.2.c Broadcast
4.2.d Endpoint database

4.3 Describe service insertion and redirection

4.3.a Device packages
4.3.b Service graphs
4.3.c Function profiles

5.0 Implementing Application Centric Infrastructure Management and Monitoring 13%

5.1 Implement management

5.1.a In-band management
5.1.b Out-of-band management

5.2 Implement monitoring

5.2.a SNMP
5.2.b Atomic counters
5.2.c Health score evaluations

5.3 Implement security domains and role mapping

5.3.a AAA
5.3.b RBAC

5.4 Compare and contrast different scripting tools

5.4.a SDK
5.4.b API Inspector / XML

QUESTION 1
You have a Cisco Nexus 1000V Series Switch. When must you use the system VLAN?

A. to use VMware vMotion
B. to perform an ESXi iSCSI boot
C. to perform a VM iSCSI boot
D. to perform an ESXi NFS boot

Answer: A


QUESTION 2
Which option must be defined to apply a configuration across a potentially large number of switches in the most scalable way?

A. a configuration policy
B. a group policy
C. an interface policy
D. a switch profile

Answer: C


QUESTION 3
Which two options are benefits of using the configuration synchronization feature? (Choose two )

A. Supports the feature command
B. Supports existing session and port profile functionality
C. can be used by any Cisco Nexus switch
D. merges configurations when connectivity is established between peers O supports FCoE in vPC topologies

Answer: A,C

Click here to view complete Q&A of 300-170 exam
Certkingdom Review
, Certkingdom pdf torrent

MCTS Training, MCITP Trainnig

Best Cisco 300-170 Certification, Cisco 300-170 Training at certkingdom.com

08.15
17

300-175 DCUCI Implementing Cisco Data Center Unified Computing

by admin ·

Exam Number 300-175 DCUCI
Associated Certifications CCNP Data Center
Duration 90 minutes (60-70 questions)
Available Languages English
Register Pearson VUE

This exam tests a candidate’s knowledge of implementing data center technologies including unified computing, unified computing maintenance and operations, automation, unified computing security, and unified computing storage.

Exam Description
The Implementing Cisco Data Center Unified Computing (DCUCI) exam (300-175) is a 90-minute, 60–70 question assessment. This exam is one of the exams associated with the CCNP Datacenter Certification. This exam tests a candidate’s knowledge of implementing Cisco data center technologies including unified computing, unified computing maintenance and operations, automation, unified computing security, and unified computing storage. The course, Implementing Cisco Data Center Unified Computing v6 (DCUCI), helps candidates to prepare for this exam because the content is aligned with the exam topics.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

1.0 Implement Cisco Unified Computing 28%

1.1 Install Cisco Unified Computing platforms
1.1.a Stand-alone computing
1.1.b Chassis / blade
1.1.c Modular / server cartridges
1.1.d Server integration

1.2 Implement server abstraction technologies
1.2.a Service profiles
1.2.a [i] Pools
1.2.a [ii] Policies
1.2.a [ii].1 Connectivity
1.2.a [ii].2 Placement policy
1.2.a [ii].3 Remote boot policies
1.2.a [iii] Templates
1.2.a [iii].1 Policy hierarchy
1.2.a [iii].2 Initial vs updating

2.0 Unified Computing Maintenance and Operations 20%

2.1 Implement firmware upgrades, packages, and interoperability

2.2 Implement backup operations

2.3 Implement monitoring

2.3.a Logging
2.3.b SNMP
2.3.c Call Home
2.3.d NetFlow
2.3.e Monitoring session

3.0 Automation 12%

3.1 Implement integration of centralized management

3.2 Compare and contrast different scripting tools

3.2.a SDK
3.2.b XML

4.0 Unified Computing Security 13%

4.1 Implement AAA and RBAC

4.2 Implement key management

5.0 Unified Computing Storage 27%

5.1 Implement iSCSI

5.1.a Multipath
5.1.b Addressing schemes

5.2 Implement Fibre Channel port channels

5.3 Implement Fibre Channel protocol services

5.3.a Zoning
5.3.b Device alias
5.3.c VSAN

5.4 Implement FCoE

5.4.a FIP
5.4.b FCoE topologies
5.4.c DCB

5.5 Implement boot from SAN

5.5.a FCoE / Fiber Channel
5.5.b iSCSI

QUESTION 3 – (Topic 1)
Which two statements are true concerning authorization when using RBAC in a Cisco Unified Computing System? (Choose two.)

A. A locale without any organizations, allows unrestricted access to system resources in all organizations.
B. When a user has both local and remote accounts, the roles defined in the remote user account override those in the local user account.
C. A role contains a set of privileges which define the operations that a user is allowed to take.
D. Customized roles can be configured on and downloaded from remote AAA servers.
E. The logical resources, pools and policies, are grouped into roles.

Answer: C,E

QUESTION 4 – (Topic 1)
Which actions must be taken in order to connect a NetApp FCoE storage system to a Cisco UCS system?

A. Ensure that the Fibre Channel switching mode is set to Switching, and use the Fibre Channel ports on the Fabric Interconnects.
B. Ensure that the Fibre Channel switching mode is set to Switching, and reconfigure the port to a FCoE Storage port.
C. Ensure that the Fibre Channel switching mode is set to End-Host, and use the Ethernet ports on the Fabric interconnects.
D. Ensure that the Fibre Channel switching mode is set to Switching, and use the Ethernet ports on the Fabric Interconnects.

Answer: A

QUESTION 5 – (Topic 1)
Which two protocols are accepted by the Cisco UCS Manager XML API? (Choose two.)

A. SMASH
B. HTTPS
C. HTTP
D. XMTP
E. SNMP

Answer: A,E

QUESTION 6 – (Topic 1)
An Cisco UCS Administrator is planning to complete a firmware upgrade using Auto install. Which two options are prerequisites to run Auto Install? (Choose two.)

A. minor fault fixing
B. configuration backup
C. service profiles unmounted from the blade servers
D. time synchronization
E. fault suppression started on the blade servers

Answer: A,B

QUESTION 7 – (Topic 1)
Which two prerequisites are required to configure a SAN boot from the FCoE storage of a Cisco UCS system? (Choose two.)

A. The Cisco UCS domain must be able to communicate with the SAN storage device that hosts the operating system image.
B. A boot policy must be created that contains a local disk, and the LVM must be configured correctly.
C. There must be iVR-enabled FCoE proxying between the Cisco UCS domain and the SAN storage device that hosts the operating system image.
D. There must be a boot target LUN on the device where the operating system image is
located.
E. There must be a boot target RAID on the device where the operating system image is located.

Answer: C,D

Click here to view complete Q&A of 300-175 exam
Certkingdom Review
, Certkingdom pdf torrent

MCTS Training, MCITP Trainnig

Best Cisco 300-175 Certification, Cisco 300-175 Training at certkingdom.com

 

04.25
17

200-150 DCICN Introducing Cisco Data Center Networking

by admin ·

Exam Number 200-150 DCICN
Associated Certifications CCNA Data Center
Duration 90 minutes (55 – 65 questions)
Available Languages English

This exam tests a candidate’s knowledge of data center physical infrastructure, data center networking concepts, and data center storage networking. The course, Introducing Cisco Data Center Networking v6 (DCICN), will help candidates prepare for this exam, as the content is aligned with the exam topics.

Exam Description
The Introducing Cisco Data Center Networking (DCICN) exam (200-150) is a 90-minute, 55–65 question assessment. This exam is one of the exams associated with the CCNA Data Center Certification. This exam tests a candidate’s knowledge of data center physical infrastructure, data center networking concepts, and data center storage networking. The course, Introducing Cisco Data Center Networking v6 (DCICN), will help candidates prepare for this exam, as the content is aligned with the exam topics.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

1.0 Data Center Physical Infrastructure 15%
1.1 Describe different types of cabling, uses, and limitations
1.2 Describe different types of transceivers, uses, and limitations
1.3 Identify physical components of a server and perform basic troubleshooting
1.4 Identify physical port roles
1.5 Describe power redundancy modes

2.0 Basic Data Center Networking Concepts 23%
2.1 Compare and contrast the OSI and the TCP/IP models

2.2 Describe classic Ethernet fundamentals
2.2.a Forward
2.2.b Filter
2.2.c Flood
2.2.d MAC address table

2.3 Describe switching concepts and perform basic configuration

2.3.a STP
2.3.b 802.1q
2.3.c Port channels
2.3.d Neighbor discovery
2.3.d [i] CDP
2.3.d [ii] LLDP
2.3.e Storm control

3.0 Advanced Data Center Networking Concepts 23%

3.1 Basic routing operations

3.1.a Explain and demonstrate IPv4/IPv6 addressing
3.1.b Compare and contrast static and dynamic routing
3.1.c Perform basic configuration of SVI/routed interfaces

3.2 Compare and contrast the First Hop Redundancy Protocols
3.2.a VRRP
3.2.b GLBP
3.2.c HSRP

3.3 Compare and contrast common data center network architectures
3.3.a 2 Tier
3.3.b 3 Tier
3.3.c Spine-leaf

3.4 Describe the use of access control lists to perform basic traffic filtering

3.5 Describe the basic concepts and components of authentication, authorization, and accounting

4.0 Basic Data Center Storage 19%

4.1 Differentiate between file and block based storage protocols

4.2 Describe the roles of FC/FCoE port types

4.3 Describe the purpose of a VSAN

4.4 Describe the addressing model of block based storage protocols
4.4.a FC
4.4.b iSCSI

5.0 Advanced Data Center Storage 20%

5.1 Describe FCoE concepts and operations

5.1.a Encapsulation
5.1.b DCB
5.1.c vFC
5.1.d Topologies
5.1.d [i] Single hop
5.1.d [ii] Multihop
5.1.d [iii] Dynamic

5.2 Describe Node Port Virtualization

5.3 Describe zone types and their uses

5.4 Verify the communication between the initiator and target
5.4.a FLOGI
5.4.b FCNS
5.4.c active zone set

QUESTION: No: 1
Which two options describe Junctions of the data center aggregation layer? (Choose two)

A. services layer
B. high-speed packet switching O repeater
C. access control
D. QoS marking

Answer: AC


QUESTION: No: 2
Which two options are valid VTP commands? {Choose two)

A. feature vtp
B. vtp client mode
C. vtp VLAN
D. vtp version
E. vtp static

Answer: A,D


QUESTION: No: 3
Which two features must be licensed on a Cisco Nexus 7000 Switch? (Choose two)

A. Virtual Port Channel
B. Layer 3
C. Virtual Device Contexts
D. iSCSI
E. Fibre Channel

Answer: BC


QUESTION: No: 4
Which two options are multicast addresses? (Choose two.)

A. FD00::2
B. 192.168.2.2
C. FF05::2
D. 226.10.10.10
E. 240.1.0.1

Answer: CE


QUESTION: No: 5
What is the minimum number of fabric modules that should be installed in the Cisco Ne*js 7000 chassis for N 1 redundancy using Ml-Series line card?

A. 3
B. 4
C. 5
D. 6

Answer: A

Click here to view complete Q&A of 200-150 exam
Certkingdom Review

MCTS Training, MCITP Trainnig

Best Cisco 200-150 Certification, Cisco 200-150 Training at certkingdom.com

03.10
17

200-125 CCNA Cisco Certified Network Associate Exam

by admin ·

Exam Number 200-125 CCNA
Associated Certifications CCNA Routing and Switching
Duration 90 Minutes (50-60 questions)
Available Languages English, Japanese

This exam tests a candidate’s knowledge and skills related to network fundamentals, LAN switching technologies, IPv4 and IPv6 routing technologies, WAN technologies, infrastructure services, infrastructure security, and infrastructure management.

The Cisco Certified Network Associate (CCNA) Routing and Switching composite exam (200-125) is a 90-minute, 50–60 question assessment that is associated with the CCNA Routing and Switching certification. This exam tests a candidate’s knowledge and skills related to network fundamentals, LAN switching technologies, IPv4 and IPv6 routing technologies, WAN technologies, infrastructure services, infrastructure security, and infrastructure management.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

Subscribe to Cisco Learning Network Premium and access the most comprehensive e-learning training, resources and tools you’ll need to prepare for your CCENT, CCNA and CCNP Routing and Switching certifications.

1.0 Network Fundamentals 15%

1.1 Compare and contrast OSI and TCP/IP models

1.2 Compare and contrast TCP and UDP protocols

1.3 Describe the impact of infrastructure components in an enterprise network

1.3.a Firewalls
1.3.b Access points
1.3.c Wireless controllers

1.4 Describe the effects of cloud resources on enterprise network architecture

1.4.a Traffic path to internal and external cloud services
1.4.b Virtual services
1.4.c Basic virtual network infrastructure

1.5 Compare and contrast collapsed core and three-tier architectures

1.6 Compare and contrast network topologies

1.6.a Star
1.6.b Mesh
1.6.c Hybrid

1.7 Select the appropriate cabling type based on implementation requirements

1.8 Apply troubleshooting methodologies to resolve problems

1.8.a Perform and document fault isolation
1.8.b Resolve or escalate
1.8.c Verify and monitor resolution

1.9 Configure, verify, and troubleshoot IPv4 addressing and subnetting

1.10 Compare and contrast IPv4 address types

1.10.a Unicast
1.10.b Broadcast
1.10.c Multicast

1.11 Describe the need for private IPv4 addressing

1.12 Identify the appropriate IPv6 addressing scheme to satisfy addressing requirements in a LAN/WAN environment

1.13 Configure, verify, and troubleshoot IPv6 addressing

1.14 Configure and verify IPv6 Stateless Address Auto Configuration

1.15 Compare and contrast IPv6 address types

1.15.a Global unicast
1.15.b Unique local
1.15.c Link local
1.15.d Multicast
1.15.e Modified EUI 64
1.15.f Autoconfiguration
1.15.g Anycast

2.0 LAN Switching Technologies 21%

2.1 Describe and verify switching concepts

2.1.a MAC learning and aging
2.1.b Frame switching
2.1.c Frame flooding
2.1.d MAC address table

2.2 Interpret Ethernet frame format

2.3 Troubleshoot interface and cable issues (collisions, errors, duplex, speed)

2.4 Configure, verify, and troubleshoot VLANs (normal/extended range) spanning multiple switches

2.4.a Access ports (data and voice)
2.4.b Default VLAN

2.5 Configure, verify, and troubleshoot interswitch connectivity

2.5.a Trunk ports
2.5.b Add and remove VLANs on a trunk
2.5.c DTP, VTP (v1&v2), and 802.1Q
2.5.d Native VLAN

2.6 Configure, verify, and troubleshoot STP protocols

2.6.a STP mode (PVST+ and RPVST+)
2.6.b STP root bridge selection

2.7 Configure, verify and troubleshoot STP related optional features

2.7.a PortFast
2.7.b BPDU guard

2.8 Configure and verify Layer 2 protocols

2.8.a Cisco Discovery Protocol
2.8.b LLDP

2.9 Configure, verify, and troubleshoot (Layer 2/Layer 3) EtherChannel

2.9.a Static
2.9.b PAGP
2.9.c LACP

2.10 Describe the benefits of switch stacking and chassis aggregation

3.0 Routing Technologies 23%

3.1 Describe the routing concepts

3.1.a Packet handling along the path through a network
3.1.b Forwarding decision based on route lookup
3.1.c Frame rewrite

3.2 Interpret the components of a routing table

3.2.a Prefix
3.2.b Network mask
3.2.c Next hop
3.2.d Routing protocol code
3.2.e Administrative distance
3.2.f Metric
3.2.g Gateway of last resort

3.3 Describe how a routing table is populated by different routing information sources

3.3.a Admin distance

3.4 Configure, verify, and troubleshoot inter-VLAN routing

3.4.a Router on a stick
3.4.b SVI

3.5 Compare and contrast static routing and dynamic routing

3.6 Compare and contrast distance vector and link state routing protocols

3.7 Compare and contrast interior and exterior routing protocols

3.8 Configure, verify, and troubleshoot IPv4 and IPv6 static routing

3.8.a Default route
3.8.b Network route
3.8.c Host route
3.8.d Floating static

3.9 Configure, verify, and troubleshoot single area and multi-area OSPFv2 for IPv4 (excluding authentication, filtering, manual summarization, redistribution, stub, virtual-link, and LSAs)

3.10 Configure, verify, and troubleshoot single area and multi-area OSPFv3 for IPv6 (excluding authentication, filtering, manual summarization, redistribution, stub, virtual-link, and LSAs)

3.11 Configure, verify, and troubleshoot EIGRP for IPv4 (excluding authentication, filtering, manual summarization, redistribution, stub)

3.12 Configure, verify, and troubleshoot EIGRP for IPv6 (excluding authentication, filtering, manual summarization, redistribution, stub)

3.13 Configure, verify, and troubleshoot RIPv2 for IPv4 (excluding authentication, filtering, manual summarization, redistribution)

3.14 Troubleshoot basic Layer 3 end-to-end connectivity issues

4.0 WAN Technologies 10%

4.1 Configure and verify PPP and MLPPP on WAN interfaces using local authentication

4.2 Configure, verify, and troubleshoot PPPoE client-side interfaces using local authentication

4.3 Configure, verify, and troubleshoot GRE tunnel connectivity

4.4 Describe WAN topology options

4.4.a Point-to-point
4.4.b Hub and spoke
4.4.c Full mesh
4.4.d Single vs dual-homed

4.5 Describe WAN access connectivity options

4.5.a MPLS
4.5.b Metro Ethernet
4.5.c Broadband PPPoE
4.5.d Internet VPN (DMVPN, site-to-site VPN, client VPN)

4.6 Configure and verify single-homed branch connectivity using eBGP IPv4 (limited to peering and route advertisement using Network command only)

4.7 Describe basic QoS concepts

4.7.a Marking
4.7.b Device trust
4.7.c Prioritization
4.7.c. [i] Voice
4.7.c. [ii] Video
4.7.c. [iii] Data
4.7.d Shaping
4.7.e Policing
4.7.f Congestion management

5.0 Infrastructure Services 10%

5.1 Describe DNS lookup operation

5.2 Troubleshoot client connectivity issues involving DNS

5.3 Configure and verify DHCP on a router (excluding static reservations)

5.3.a Server
5.3.b Relay
5.3.c Client
5.3.d TFTP, DNS, and gateway options

5.4 Troubleshoot client- and router-based DHCP connectivity issues

5.5 Configure, verify, and troubleshoot basic HSRP

5.5.a Priority
5.5.b Preemption
5.5.c Version

5.6 Configure, verify, and troubleshoot inside source NAT

5.6.a Static
5.6.b Pool
5.6.c PAT

5.7 Configure and verify NTP operating in a client/server mode

6.0 Infrastructure Security 11%

6.1 Configure, verify, and troubleshoot port security

6.1.a Static
6.1.b Dynamic
6.1.c Sticky
6.1.d Max MAC addresses
6.1.e Violation actions
6.1.f Err-disable recovery

6.2 Describe common access layer threat mitigation techniques

6.2.a 802.1x
6.2.b DHCP snooping
6.2.c Nondefault native VLAN

6.3 Configure, verify, and troubleshoot IPv4 and IPv6 access list for traffic filtering

6.3.a Standard
6.3.b Extended
6.3.c Named

6.4 Verify ACLs using the APIC-EM Path Trace ACL analysis tool

6.5 Configure, verify, and troubleshoot basic device hardening

6.5.a Local authentication
6.5.b Secure password
6.5.c Access to device
6.5.c. [i] Source address
6.5.c. [ii] Telnet/SSH
6.5.d Login banner

6.6 Describe device security using AAA with TACACS+ and RADIUS

7.0 Infrastructure Management 10%

7.1 Configure and verify device-monitoring protocols

7.1.a SNMPv2
7.1.b SNMPv3
7.1.c Syslog

7.2 Troubleshoot network connectivity issues using ICMP echo-based IP SLA

7.3 Configure and verify device management

7.3.a Backup and restore device configuration
7.3.b Using Cisco Discovery Protocol or LLDP for device discovery
7.3.c Licensing
7.3.d Logging
7.3.e Timezone
7.3.f Loopback

7.4 Configure and verify initial device configuration

7.5 Perform device maintenance

7.5.a Cisco IOS upgrades and recovery (SCP, FTP, TFTP, and MD5 verify)
7.5.b Password recovery and configuration register
7.5.c File system management

7.6 Use Cisco IOS tools to troubleshoot and resolve problems

7.6.a Ping and traceroute with extended option
7.6.b Terminal monitor
7.6.c Log events
7.6.d Local SPAN

7.7 Describe network programmability in enterprise network architecture

7.7.a Function of a controller
7.7.b Separation of control plane and data plane
7.7.c Northbound and southbound APIs
QUESTION: No: 1
Which layer in the OSI reference model is responsible for determining the availability of the receMng
program and checking to see if enough resources exist for that communication?

A. transport
B. network
C. presentation
D. session
E. application

Answer: E


QUESTION: No: 2
Which of the following describes the roles of devices in a WAN? (Choose three.)

A. A CSU/DSU terminates a digital local loop.
B. A modem terminates a digital local loop.
C. A CSU/DSU terminates an analog local loop.
D. A modem terminates an analog local loop.
E. A router is commonly considered a DTE device.
F. A router is commonly considered a DCE device.

Answer: A, D, E


QUESTION: No: 3
A network interface port has collision detection and carrier sensing enabled on a shared twisted pair
network. From this statement, what is known about the network interface port?

A. This is a 10 Mb/s switch port.
B. This is a 100 Mb/s switch port.
C. This is an Ethernet port operating at half duplex.
D. This is an Ethernet port operating at full duplex.
E. This is a port on a network interface card in a PC.

Answer: C


QUESTION: No: 4
A receMng host computes the checksum on a frame and determines that the frame is damaged. The
frame is then discarded. At which OSI layer did this happen?

A. session
B. transport
C. network
D. data link
E. physical

Answer: D


QUESTION: No: 5
Which of the following correctly describe steps in the OSI data encapsulation process? (Choose two.)

A. The transport layer dMdes a data stream into segments and may add reliability and flow control
information.
B. The data link layer adds physical source and destination addresses and an FCS to the segment.
C. Packets are created when the network layer encapsulates a frame with source and destination host
addresses and protocol-related control information.
D. Packets are created when the network layer adds Layer 3 addresses and control information to a
segment.
E. The presentation layer translates bits into voltages for transmission across the physical link.

Answer: A, D

Click here to view complete Q&A of 200-125 exam
Certkingdom Review

MCTS Training, MCITP Trainnig

Best Cisco 200-125 Certification, Cisco 200-125 Training at certkingdom.com

03.8
17

400-251 CCIE Security

by admin ·

Exam Number 400-251 CCIE Security
Associated Certifications CCIE Security
Duration 120 minutes (90 – 110 questions)
Available Languages English

The written exam validates experts who have the knowledge and skills to architect, engineer, implement, troubleshoot, and support the full suite of Cisco security technologies and solutions using the latest industry best practices to secure systems and environments against modern security risks, threats, vulnerabilities, and requirements.

Topics include network functionality and security-related concepts and best practices, as well as Cisco network security products, solutions, and technologies in areas such as next generation intrusion prevention, next generation firewalls, identity services, policy management, device hardening, and malware protection.

The written exam utilizes the unified exam topics which includes emerging technologies, such as Cloud, Network Programmability (SDN), and Internet of Things (IoT).

The CCIE Security Version 5.0 exam unifies written and lab exam topics documents into a unique curriculum, while explicitly disclosing which domains pertain to which exam, and the relative weight of each domain.

The Cisco CCIE Security Written Exam (400-251) version 5.0 is a two-hour test with 90–110 questions that validate professionals who have the expertise to describe, design, implement, operate, and troubleshoot complex security technologies and solutions. Candidates must understand the requirements of network security, how different components interoperate, and translate it into the device configurations. The exam is closed book and no outside reference materials are allowed.

The Cisco CCIE Security Lab Exam version 5.0 is an eight-hour, hands-on exam that requires a candidate to plan, design, implement, operate, and troubleshoot complex security scenarios for a given specification. Knowledge of troubleshooting is an important skill and candidates are expected to diagnose and solve issues as part of the CCIE lab exam.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

1.0 Perimeter Security and Intrusion Prevention 21%

1.1 Describe, implement, and troubleshoot HA features on Cisco ASA and Cisco FirePOWER Threat Defense (FTD)

1.2 Describe, implement, and troubleshoot clustering on Cisco ASA and Cisco FTD

1.3 Describe, implement, troubleshoot, and secure routing protocols on Cisco ASA and Cisco FTD

1.4 Describe, implement, and troubleshoot different deployment modes such as routed, transparent, single, and multicontext on Cisco ASA and Cisco FTD

1.5 Describe, implement, and troubleshoot firewall features such as NAT (v4,v6), PAT, application inspection, traffic zones, policy-based routing, traffic redirection to service modules, and identity firewall on Cisco ASA and Cisco FTD

1.6 Describe, implement, and troubleshoot IOS security features such as Zone-Based Firewall (ZBF), application layer inspection, NAT (v4,v6), PAT and TCP intercept on Cisco IOS/IOS-XE

1.7 Describe, implement, optimize, and troubleshoot policies and rules for traffic control on Cisco ASA, Cisco FirePOWER and Cisco FTD

1.8 Describe, implement, and troubleshoot Cisco Firepower Management Center (FMC) features such as alerting, logging, and reporting

1.9 Describe, implement, and troubleshoot correlation and remediation rules on Cisco FMC

1.10 Describe, implement, and troubleshoot Cisco FirePOWER and Cisco FTD deployment such as in-line, passive, and TAP modes

1.11 Describe, implement, and troubleshoot Next Generation Firewall (NGFW) features such as SSL inspection, user identity, geolocation, and AVC (Firepower appliance)

1.12 Describe, detect, and mitigate common types of attacks such as DoS/DDoS, evasion techniques, spoofing, man-in-the-middle, and botnet

2.0 Advanced Threat Protection and Content Security 17%

2.1 Compare and contrast different AMP solutions including public and private cloud deployment models

2.2 Describe, implement, and troubleshoot AMP for networks, AMP for endpoints, and AMP for content security (CWS, ESA, and WSA)

2.3 Detect, analyze, and mitigate malware incidents

2.4 Describe the benefit of threat intelligence provided by AMP Threat GRID

2.5 Perform packet capture and analysis using Wireshark, tcpdump, SPAN, and RSPAN

2.6 Describe, implement, and troubleshoot web filtering, user identification, and Application Visibility and Control (AVC)

2.7 Describe, implement, and troubleshoot mail policies, DLP, email quarantines, and SenderBase on ESA

2.8 Describe, implement, and troubleshoot SMTP authentication such as SPF and DKIM on ESA

2.9 Describe, implement, and troubleshoot SMTP encryption on ESA

2.10 Compare and contrast different LDAP query types on ESA

2.11 Describe, implement, and troubleshoot WCCP redirection

2.12 Compare and contrast different proxy methods such as SOCKS, Auto proxy/WPAD, and transparent

2.13 Describe, implement, and troubleshoot HTTPS decryption and DLP

2.14 Describe, implement, and troubleshoot CWS connectors on Cisco IOS routers, Cisco ASA, Cisco AnyConnect, and WSA

2.15 Describe the security benefits of leveraging the OpenDNS solution.

2.16 Describe, implement, and troubleshoot SMA for centralized content security management

2.17 Describe the security benefits of leveraging Lancope

3.0 Secure Connectivity and Segmentation 17%

3.1 Compare and contrast cryptographic and hash algorithms such as AES, DES, 3DES, ECC, SHA, and MD5

3.2 Compare and contrast security protocols such as ISAKMP/IKEv1, IKEv2, SSL, TLS/DTLS, ESP, AH, SAP, and MKA

3.3 Describe, implementc and troubleshoot remote access VPN using technologies such as FLEXVPN, SSL-VPN between Cisco firewalls, routers, and end hosts

3.4 Describe, implement, and troubleshoot the Cisco IOS CA for VPN authentication

3.5 Describe, implement, and troubleshoot clientless SSL VPN technologies with DAP and smart tunnels on Cisco ASA and Cisco FTD

3.6 Describe, implement, and troubleshoot site-to-site VPNs such as GETVPN, DMVPN and IPsec

3.7 Describe, implement, and troubleshoot uplink and downlink MACsec (802.1AE)

3.8 Describe, implement, and troubleshoot VPN high availability using Cisco ASA VPN clustering and dual-hub DMVPN deployments

3.9 Describe the functions and security implications of cryptographic protocols such as AES, DES, 3DES, ECC, SHA, MD5, ISAKMP/IKEv1, IKEv2, SSL, TLS/DTLS, ESP, AH, SAP, MKA, RSA, SCEP/EST, GDOI, X.509, WPA, WPA2, WEP, and TKIP

3.10 Describe the security benefits of network segmentation and isolation

3.11 Describe, implement, and troubleshoot VRF-Lite and VRF-Aware VPN

3.12 Describe, implement, and troubleshoot microsegmentation with TrustSec using SGT and SXP

3.13 Describe, implement, and troubleshoot infrastructure segmentation methods such as VLAN, PVLAN, and GRE

3.14 Describe the functionality of Cisco VSG used to secure virtual environments

3.15 Describe the security benefits of data center segmentation using ACI, EVPN, VXLAN, and NVGRE

4.0 Identity Management, Information Exchange, and Access Control 22%

4.1 Describe, implement, and troubleshoot various personas of ISE in a multinode deployment

4.2 Describe, implement, and troubleshoot network access device (NAD), ISE, and ACS configuration for AAA

4.3 Describe, implement, and troubleshoot AAA for administrative access to Cisco network devices using ISE and ACS

4.4 Describe, implement, verify, and troubleshoot AAA for network access with 802.1X and MAB using ISE.

4.5 Describe, implement, verify, and troubleshoot cut-through proxy/auth-proxy using ISE as the AAA server

4.6 Describe, implement, verify, and troubleshoot guest life cycle management using ISE and Cisco network infrastructure

4.7 Describe, implement, verify, and troubleshoot BYOD on-boarding and network access flows with an internal or external CA

4.8 Describe, implement, verify, and troubleshoot ISE and ACS integration with external identity sources such as LDAP, AD, and external RADIUS

4.9 Describe ISE and ACS integration with external identity sources such as RADIUS Token, RSA SecurID, and SAML

4.10 Describe, implement, verify, and troubleshoot provisioning of AnyConnect with ISE and ASA

4.11 Describe, implement, verify, and troubleshoot posture assessment with ISE

4.12 Describe, implement, verify, and troubleshoot endpoint profiling using ISE and Cisco network infrastructure including device sensor

4.13 Describe, implement, verify, and troubleshoot integration of MDM with ISE

4.14 Describe, implement, verify, and troubleshoot certificate based authentication using ISE

4.15 Describe, implement, verify, and troubleshoot authentication methods such as EAP Chaining and Machine Access Restriction (MAR)

4.16 Describe the functions and security implications of AAA protocols such as RADIUS, TACACS+, LDAP/LDAPS, EAP (EAP-PEAP, EAP-TLS, EAP-TTLS, EAP-FAST, EAP-TEAP, EAP- MD5, EAP-GTC), PAP, CHAP, and MS-CHAPv2

4.17 Describe, implement, and troubleshoot identity mapping on ASA, ISE, WSA and FirePOWER

4.18 Describe, implement, and troubleshoot pxGrid between security devices such as WSA, ISE, and Cisco FMC

5.0 Infrastructure Security, Virtualization, and Automation 13%

5.1 Identify common attacks such as Smurf, VLAN hopping, and SYNful knock, and their mitigation techniques

5.2 Describe, implement, and troubleshoot device hardening techniques and control plane protection methods, such as CoPP and IP Source routing.

5.3 Describe, implement, and troubleshoot management plane protection techniques such as CPU and memory thresholding and securing device access

5.4 Describe, implement, and troubleshoot data plane protection techniques such as iACLs, uRPF, QoS, and RTBH

5.5 Describe, implement, and troubleshoot IPv4/v6 routing protocols security

5.6 Describe, implement, and troubleshoot Layer 2 security techniques such as DAI, IPDT, STP security, port security, DHCP snooping, and VACL

5.7 Describe, implement, and troubleshoot wireless security technologies such as WPA, WPA2, TKIP, and AES

5.8 Describe wireless security concepts such as FLEX Connect, wIPS, ANCHOR, Rogue AP, and Management Frame Protection (MFP)

5.9 Describe, implement, and troubleshoot monitoring protocols such as NETFLOW/IPFIX, SNMP, SYSLOG, RMON, NSEL, and eSTREAMER

5.10 Describe the functions and security implications of application protocols such as SSH, TELNET, TFTP, HTTP/HTTPS, SCP, SFTP/FTP, PGP, DNS/DNSSEC, NTP, and DHCP

5.11 Describe the functions and security implications of network protocols such as VTP, 802.1Q, TCP/UDP, CDP, LACP/PAgP, BGP, EIGRP, OSPF/OSPFv3, RIP/RIPng, IGMP/CGMP, PIM, IPv6, and WCCP

5.12 Describe the benefits of virtualizing security functions in the data center using ASAv, WSAv, ESAv, and NGIPSv

5.13 Describe the security principles of ACI such as object models, endpoint groups, policy enforcement, application network profiles, and contracts

5.14 Describe the northbound and southbound APIs of SDN controllers such as APIC-EM

5.15 Identify and implement security features to comply with organizational security policies, procedures, and standards such as BCP 38, ISO 27001, RFC 2827, and PCI-DSS

5.16 Describe and identify key threats to different places in the network (campus, data center, core, edge) as described in Cisco SAFE

5.17 Validate network security design for adherence to Cisco SAFE recommended practices

5.18 Interpret basic scripts that can retrieve and send data using RESTful API calls in scripting languages such as Python

5.19 Describe Cisco Digital Network Architecture (DNA) principles and components.

6.0 Evolving Technologies 10%

6.1 Cloud

6.1.a Compare and contrast Cloud deployment models
6.1.a [i] Infrastructure, platform, and software services (XaaS)
6.1.a [ii] Performance and reliability
6.1.a [iii] Security and privacy
6.1.a [iv] Scalability and interoperability
6.1.b Describe Cloud implementations and operations
6.1.b [i] Automation and orchestration
6.1.b [ii] Workload mobility
6.1.b [iii] Troubleshooting and management
6.1.b [iv] OpenStack components

6.2 Network Programmability (SDN)

6.2.a Describe functional elements of network programmability (SDN) and how they interact
6.2.a [i] Controllers
6.2.a [ii] APIs
6.2.a [iii] Scripting
6.2.a [iv] Agents
6.2.a [v] Northbound vs. Southbound protocols
6.2.b Describe aspects of virtualization and automation in network environments
6.2.b [i] DevOps methodologies, tools and workflows
6.2.b [ii] Network/application function virtualization (NFV, AFV)
6.2.b [iii] Service function chaining
6.2.b [iv] Performance, availability, and scaling considerations

6.3 Internet of Things (IoT)

6.3.a Describe architectural framework and deployment considerations for Internet of Things
6.3.a [i] Performance, reliability and scalability
6.3.a [ii] Mobility
6.3.a [iii] Security and privacy
6.3.a [iv] Standards and compliance
6.3.a [v] Migration
6.3.a [vi] Environmental impacts on the network

QUESTION: No: 2
According IS027001 ISIVIS, which of the following are mandatory documents? (Choose 4)

A. ISNIS Policy
B. Corrective Action Procedure
C. IS Procedures
D. Risk Assessment Reports
E. Complete Inventory of all information assets

Answer: A, B, C, D


QUESTION: No: 3
Which two statements describe the Cisco TrustSec system correctly? (Choose two.)

A. The Cisco TrustSec system is a partner program, where Cisco certifies third-party security products as
extensions to the secure infrastructure.
B. The Cisco TrustSec system is an approach to certifying multimedia and collaboration applications as secure.
C. The Cisco TrustSec system is an Advanced Network Access Control System that leverages
enforcement intelligence in the network infrastructure.
D. The Cisco TrustSec system tests and certifies all products and product versions that make up the
system as working together in a validated manner.

Answer: C, D


QUESTION: No: 4
Which three attributes may be configured as part of the Common Tasks panel of an authorization profile in
the Cisco ISE solution? (Choose three.)

A. VLAN
B. voice VLAN
C. dACL name
D. voice domain permission
E. SGT

Answer: A, C, D


QUESTION: No: 5
Which three statements about Cisco Flexible NetFIow are true? (Choose three.)

A. The packet information used to create flows is not configurable by the user.
B. It supports IPv4 and IPv6 packet fields.
C. It tracks all fields of an IPv4 header as well as sections of the data payload.
D. It uses two types of flow cache, normal and permanent.
E. It can be a useful tool in monitoring the network for attacks.

Answer: B, C, E


QUESTION: No: 6
Which three statements are true regarding RFC 5176 (Change of Authorization)? (Choose three.)

A. It defines a mechanism to allow a RADIUS server to initiate a communication inbound to a NAO.
B. It defines a wide variety of authorization actions, including “reauthenticate.”
C. It defines the format for a Change of Authorization packet.
D. It defines a DIVI.
E. It specifies that TCP port 3799 be used for transport of Change of Authorization packets.

Answer: A, C, D

Click here to view complete Q&A of 400-251 exam
Certkingdom Review

MCTS Training, MCITP Trainnig

Best Cisco 400-251 Certification, Cisco 400-251 Training at certkingdom.com

01.21
17

700-260 Advanced Security Architecture for Account Manager

by admin ·

QUESTION: No: 1
Increased employee productivity, confidence in data confidentiality, and increased visibility are features
that demonstrate which Cisco business value?

A. Cost effectiveness
B. Protection
C. Control
D. Flexibility
E. Completeness

Answer: C


QUESTION: No: 2
Which licensing feature enables customers to better manage their software assets and optimize their IT
spending?

A. Cisco ONE
B. Smart Accounts
C. Enterprise License Agreements
D. License Bundling

Answer: B


QUESTION: No: 3
Which Cisco network security solution helps protect against threats by monitoring and responding to any
network anomalies, continually analyzing for potential threats and reacting to them in real time?

A. Cisco Security Manager
B. Cisco ASA Firewall Senrices
C. Cisco ASA Next-Generation Firewall Services
D. Cisco Next-Generation Intrusion Prevention System
E. Cisco Web Security Appliance
F. Cisco Email Security Appliance
G. Cisco Identity Services Engine
H. Cisco Site-to-Site VPN

Answer: D


QUESTION: No: 4
Which Cisco security technology delivers the best real-time threat intelligence?

A. Cisco Security Intelligence Operations
B. Cisco ASA Next-Generation Firewall Services
C. Cisco Identity Senrices Engine
D. Cisco Security Manager
E. Cisco TrustSec

Answer: A

Click here to view complete Q&A of 700-260 exam
Certkingdom Review

MCTS Training, MCITP Trainnig

Best Cisco 700-260 Certification, Cisco 700-260 Training at certkingdom.com

01.13
16

648-247 CCPS2 Implementing Cisco Connected Physical Security 2 Exam

by admin ·

648-247 CCPS2
Implementing Cisco Connected Physical Security 2 Exam

Exam Number 648-247
Duration 60 minutes (50-60 questions)
Available Languages English, Japanese
Register Pearson VUE
Exam Policies Read current policies and requirements
Exam Tutorial Review type of exam questions

This exam tests the Sales and Field Engineer’s knowledge of the Cisco Physical Access Control solution. Candidates will be tested on knowledge of the basics of physical access control and the Cisco Physical Access Manager software solution. In addition, the candidate will also be asked questions regarding the PAC hardware components consisting of the MSP server platform, Access Control gateway and I/O modules, and 3rd party devices. Candidates can prepare for this exam by taking the CPAM course offered by Cisco Advance Services Education.

Exam Topics
The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

Access control basics, legacy vs Cisco architectures
Hardware/software
Integration with 3rd party data systems
CPAM configuration workflow
High availability
Users, badges, I/O, edge policies, and maps
Schedules, backup, and troubleshooting

QUESTION 1
When a 24 VDC fail safe lock is being used to secure a door, how should power be supplied to the lock from the control source?

A. connected +24 VDC directly to the lock
B. connected +24 VDC through common and normally close
C. connected +24 VDC through common and normally open
D. connected +5 VDC binary control signaling


QUESTION 2
What are the three common methods that are used for authentication with an access control system?

A. badge card, key fob, and keypad PIN
B. badge card, keypad PIN, and password
C. something you know, something you have, and something you are
D. something you know, something you have, and something you did


QUESTION 3
Refer to the exhibit.

One or more expansion modules is connected to the Cisco Access Gateway via a CAN bus. How
should the CAN bus wires be connected after the last module in the chain?

A. The CAN bus wires should be looped back to the Cisco Access Gateway.
B. The CAN bus wires should be twisted together and tucked away.
C. The CAN bus wires should be plugged into a Layer 2 Ethernet switch.
D. The CAN bus wires should be terminated with a high-impedance resistor.

Answer: D

Explanation:


QUESTION 4
What are the four main components of a typical logical door?

A. door, door knob, door jam, and hinges
B. lock, reader, tailgate sensor, and motion detector
C. lock, request to exit, door position switch, and swing arm
D. lock, reader, request to exit, and door position switch

Explanation:


QUESTION 5
Cisco Physical Access Manager (Cisco PAM) is an appliance-based solution. The Cisco PAM
1.3.2 appliance is available on which of the following server platforms?

A. CIVS-MSP-1RU-K9
B. CPS-MSP-1RU-K9
C. CPS-MSP-2RU-K9
D. CIAC-PAME-1125-K9

 

Certkingdom 20% Discount Promotion Coupon Code: 45K2D47FW4

Click here to view complete Q&A of 648-247 exam

MCTS Training, MCITP Trainnig

Best Cisco 648-247 Certification, Cisco 648-247 Training at certkingdom.com

05.27
14

Is Cisco Back (as an enterprise security leader)?

by admin ·

Sourcefire, architecture, and services place Cisco in the catbird seat for emerging enterprise cybersecurity requirements if Cisco remains aggressive

It wasn’t too long ago that Cisco was a dominant force in information security technology. The company was a market leader in firewalls, IDS/IPS, and email security and was actively pushing products for endpoint security and SIEM as well as security “blades” for Catalyst switches. Heck, Cisco even articulated a bold vision of “self-defending networks” with security policy, enforcement, and intelligence all baked into the network.

Somewhere around 2008 however, Cisco security went into a prolonged slump. Cisco security products didn’t offer the performance of rivals like Crossbeam (now Blue Coat), Juniper, or McAfee. Cisco missed markets like next-generation firewalls, opening the door for savvy startups like FireEye, Palo Alto Networks, and Stonesoft. Cisco products such as the Cisco Security Agent (Okena) and MARS (Protego) were abject failures and discontinued by the company. Finally, Cisco’s security team itself imploded as management and engineering leaders fled San Jose for greener valley pastures.

Cisco recognized its cybersecurity death spiral and began executing on a comeback strategy around 2011, building a new team, innovating, and acquiring a market leader in Sourcefire. Based upon what I saw the week at CiscoLive, I believe that the company has turned a corner. Cisco can now return to a leadership role in enterprise security technology because:

1. Its security architecture is just about ready for primetime. Cisco deserves kudos for the way it integrated Sourcefire products and people into its security division. For example, Cisco has a “FireAMP everywhere” strategy that will place advanced malware detection technology on Cisco email and web security products and various endpoint devices. Additionally, Cisco is actively filling architecture holes with acquisitions like ThreatGRID for network and cloud “sandboxing” to detect malware threats. Finally, Cisco has momentum in other areas like TrustSec and ISE. Its soon-to-be-released pxGrid completes these granular network access control offerings with a middleware repository for publish-and-subscribe data about endpoints and users. All of the puzzle pieces are in place today or arriving soon.

2. Cisco is investing in services. New security requirements are challenging to all organizations – even those with deep security skills and resources. Cisco recognizes this gap and is building a global services organization to offer help. As of now the professional services staff is relatively small but it is highly-skilled and growing. In the meantime, Cisco is also jumping into the managed security services market with both feet. For example, it now offers a big data security analytics managed service for incident detection, investigations, and forensics. While Cisco uses a physical Hadoop cluster on the customer premise, the service is fully managed by Cisco security analysts and customers pay for it on an annual subscription basis. Cisco will continue to expand upon managed security solutions moving forward.

3. Cisco is well positioned to align security with IT transformation. As a large IT provider, Cisco is in the middle of numerous IT initiatives around cloud computing, data center transformation, mobile computing, and the Internet of Things (IoT). This gives Cisco a great opportunity to integrate its security portfolio everywhere. For example, Cisco can work with large customers to add Application-Centric Infrastructure (ACI) functionality to their data center networks. Once customers are comfortable with Cisco’s software-based network control for configuration, provisioning, and segmentation, Cisco can introduce a host of L4-7 security functionality as part of an overall transformation project. Given its role in these other ongoing IT initiatives, Cisco has a clear advantage over pure-play security technology vendors.

Aside from these advances, Cisco also (author’s comment: Finally!) created an overlay salesforce focused on security sales alone. This could give Cisco the right skill set to sell security architecture technologies and services at the CISO level.

In my humble opinion, Cisco is moving in the right direction and the company certainly has the resources to continue to acquire point products and invest in its organization. That said, Cisco still has some work ahead. To continue on the comeback trail, Cisco must:

1. Compete at the product and solution layer. CISOs want to build enterprise security architectures, but this transition will take time as point tools are replaced with new security technology components built for integration. This means that vendors will need best-of-breed tactical products, integration middleware, and project management skills to build an architecture over time. As a networking vendor, Cisco doesn’t have much street credibility in areas like endpoint security, middleware, or security analytics – especially since it walked away from some of these areas over the last few years, hanging some of its customers out to dry. Cisco’s done a lot of work on the product side, now it must convince the market that it offers leading architectural and services skills for the long-term. Finally, Cisco needs to be able to work at the CISO level on detailed security architecture implementation plans that fit their security, financial, and industry needs.

2. Play the “open” card. Those of us with grey hair remember Cisco’s “embrace and extend” attitude toward industry standards. Cisco was onboard as long as it controlled the standard, tweaked them for its own feature set, and maintained proprietary ownership of the code. Surprisingly, Cisco has become much more flexible about opening up its security software strategy. For example, Cisco’s acquisition of Sourcefire made the company the steward of SNORT and ClamAV and it continues to encourage and support each community. Cisco’s big data security analytics services is based upon open source tools like Hadoop, MapR, and Mahout that can be customized by customers with open source tools. Finally, Cisco is an active member of the Trusted Computing Group (TCG) and is working to align its pxGrid with future plans for IF-MAP. Cisco could greatly benefit by going further and becoming a visible champion of open security standards henceforth. To do so, Cisco should promote promoting standards, become a visible contributor to open source projects, trumpet the community benefits of open security standards, and encourage other vendors to join in.

3. Deliver a real security management portal. Cisco’s Achilles heel has always been management software that was too complex, required too many management consoles, and was geared toward CCIEs with CLI chops. This simply won’t fly for an integrated enterprise security architecture. Without a simple but powerful GUI-based management portal for central command-and-control, Cisco product and architecture progress will all go for naught.

Cisco still faces real competition as FireEye, IBM, McAfee, Palo Alto Networks, and Trend Micro are building their own enterprise security architectures that span networks and endpoints. Others like HP and Symantec could easily acquire their way in. To truly succeed, Cisco must remain humble, execute flawlessly, and continue to recruit top talent. A difficult but achievable strategy.

 


Cisco CCNA Training, Cisco CCNA Certification

Best CCNA Training and CCNA Certification and more Cisco exams log in to Certkingdom.com