StuartMurraySmith.GitHub.io

Skills Matrix

	Email	Stuart.Murray.Smith@gmail.com
	GitHub projects page	https://GitHub.com/stuartmurraysmith
	LinkedIn	https://LinkedIn.com/in/stuartmurraysmith
	Tech training material	https://CBTNuggets.com/
	Cisco training material	https://LearningNetwork.Cisco.com/
	This page last updated	2024.02.26
	This page preferred resolution	1024 x 768 and higher

Cisco Network Associate (the below is a loose rewording of the 200-301 CCNA Exam Topics found here: https://LearningNetwork.Cisco.com/s/ccna-exam-topics)

	Network Fundamentals
	Roles and functions of network components		routers, layer 2 and layer 3 switches, next-generation firewalls and IPS, access points, controllers, endpoints, servers, power over ethernet (PoE)
	Network topology architectures		two-tier, three-tier, spine-leaf, WAN, small office/home office (SOHO), on-premise and cloud
	Physical interface and cabling types		single-mode fiber, multimode fiber, copper connections (ethernet shared media and point-to-point)
	Interface and cable issues		collisions, errors, mismatch duplex and/or speed
	Configure IPv4 addressing and subnetting		public and private IPv4 addressing
	Configure IPv6 addressing and prefixing		unicast (global, unique local, and link local), anycast, multicast, modified EUI 64
	IP parameters for client OS		Windows, MacOS, Linux
	Wireless first principles		nonoverlapping wi-fi channels, SSID, RF, encryption
	Virtualization fundamentals		server virtualization, containers, and virtual routing and forwarding (VRFs)
	Switching concepts		MAC address learning and aging, frame switching, frame flooding, MAC address table

	Network Access
	VLANs (normal range) spanning multiple switches		access ports (data and voice), default VLAN, interVLAN connectivity
	Interswitch connectivity		trunk ports, 802.1Q protocol, native VLAN
	Layer 2 discovery protocols		CDP (Cisco Discovery Protocol) and LLDP (Link Layer Discovery Protocol)
	Layer 2 and layer 3 EtherChannel		Link Aggregation Control Protocol (LACP)
	Rapid PVST+ Spanning Tree Protocol		root port, root bridge (primary/secondary) and other port names, port states (forwarding/blocking), PortFast
	Cisco wireless architectures and AP modes
	Physical infrastructure connections of WLAN components		AP, WLC (wireless LAN controller), access/trunk ports, and LAG (link aggregation)
	AP and WLC management access connections		Telnet, SSH, HTTP, HTTPS, console, and TACACS+/RADIUS
	Wireless LAN GUI configuration for client connectivity		WLAN creation, security settings, QoS profiles, and advanced settings

	IP Connectivity
	Routing tables		routing protocol codes, prefixing, network masking, next hop, administrative distance, metrics, gateways of last resort
	Router forwarding decision-makin by default		longest prefix matches, administrative distance, routing protocol metrics
	IPv4 and IPv6 static routing		default routes,network routes, host routes, floating statics
	Single area OSPFv2		neighbor adjacencies, point-to-point, broadcast (DR/BDR selection), router ID
	First hop redundancy protocols

	IP Services
	Inside source NAT using static and pools
	NTP operating in a client and server mode
	DHCP and DNS within the network		DHCP client and relay
	SNMP in network operations
	Syslog features including facilities and levels
	Forwarding per-hop behavior (PHB) for QoS		classification, marking, queuing, congestion, policing, and shaping
	Configure network devices for remote access using SSH
	Capabilities and functions of TFTP/FTP in the network

	Security Fundamentals
	Security concepts		threats, vulnerabilities, exploits, and mitigation techniques
	Security program elements		user awareness, training, and physical access control
	Configure and verify device access control using local passwords
	Security password policies elements		management, complexity, and password alternatives (multifactor authentication, certificates, and biometrics)
	IPsec remote access and site-to-site VPNs
	Configure and verify access control lists
	Layer 2 security features		DHCP snooping, dynamic ARP inspection, and port security
	Authentication, authorization, and accounting (AAA)
	Wireless security protocols		WPA, WPA2, and WPA3
	Configure WLAN using WPA2 PSK using the GUI

	Automation and Programmability
	Controller-based, software defined architecture		overlay, underlay, and fabric; separation of control plane and data plane, Northbound and Southbound APIs
	REST-based APIs		CRUD, HTTP verbs, and data encoding
	Configuration management mechanisms		Puppet, Chef, and Ansible
	Recognise components of JSON-encoded data

Cisco Security Core (the below is a loose rewording of the 350-701 SCOR Exam Topics found here: https://LearningNetwork.Cisco.com/s/scor-exam-topics)

	Security Concepts
	Common threats against on-premises, hybrid, and cloud environments		on-premises: viruses, trojans, DoS/DDoS attacks, phishing, rootkits, man-in-themiddle attacks, SQL injection, cross-site scripting, malware cloud: data breaches, insecure APIs, DoS/DDoS, compromised credentials
	Common security vulnerabilities		software bugs, weak and/or hardcoded passwords, OWASP top ten, missing encryption ciphers, buffer overflow, path traversal, cross-site scripting/forgery
	Functions of the cryptography components		hashing, encryption, PKI, SSL, IPsec, NAT-T IPv4 for IPsec, preshared key, and certificate-based authorisation
	Site-to-site and remote access VPN deployment types and components		virtual tunnel interfaces, standards-based IPsec, DMVPN, FlexVPN, and Cisco Secure Client including high availability considerations
	Security intelligence		authoring, sharing, and consumption
	Controls used to protect against phishing and social engineering attacks
	North Bound and South Bound APIs		in the SDN architecture
	Cisco DNA Center APIs		for network provisioning, optimization, monitoring, and troubleshooting
	Python scripts		used to call Cisco Security appliances APIs

	Network Security
	Network security solutions that provide intrusion prevention and firewall capabilities
	Deployment models of network security solutions and architectures that provide intrusion prevention and firewall capabilities
	Components, capabilities, and benefits of NetFlow and Flexible NetFlow records
	Network infrastructure security methods		Layer 2 methods (network segmentation using VLANs; Layer 2 and port security; DHCP snooping; Dynamic ARP inspection; storm control; PVLANs to segregate network traffic; and defenses against MAC, ARP, VLAN hopping, STP, and DHCP rogue attacks), device hardening of network infrastructure security devices (control plane, data plane, and management plane)
	Segmentation, access control policies, AVC, URL filtering, malware protection, and intrusion policies
	Implement management options for network security solutions		single vs multidevice manager, in-band vs out-of-band, cloud vs on-premises
	Configure AAA for device and network access		TACACS+ and RADIUS
	Secure network management of perimeter security and infrastructure devices		SNMPv3, NetConf, RestConf, APIs, secure syslog, and NTP with authentication
	Site-to-site and remote access VPN		site-to-site VPN using Cisco routers and IOS, remote access VPN using Cisco AnyConnect Secure Mobility client, debug commands to view IPsec tunnel establishment and troubleshooting

	Securing the Cloud
	Identify security solutions for cloud environments		public, private, hybrid, and community clouds, cloud service models: SaaS, PaaS, IaaS (NIST 800-145)
	Security responsibility for the different cloud service models		patch management in the cloud, security assessment in the cloud
	DevSecOps		CI/CD pipeline, container orchestration, and secure software development
	Application and data security in cloud environments
	Security capabilities, deployment models, and policy management to secure the cloud
	Cloud logging and monitoring methodologies
	Describe application and workload security concepts

	Content Security
	Implement traffic redirection and capture methods for web proxy
	Web proxy identity and authentication including transparent user identification
	Components, capabilities, and benefits of on-premises, hybrid, and cloudbased email and web solutions		Cisco Secure Email Gateway, Cisco Secure Email Cloud Gateway, and Cisco Secure Web Appliance
	Configure and verify web and email security deployment methods		to protect onpremises, hybrid, and remote users
	Configure and verify email security features		SPAM filtering, antimalware filtering, DLP, blocklisting, and email encryption
	Configure and verify Cisco Umbrella Secure Internet Gateway and web security features		blocklisting, URL filtering, malware scanning, URL categorization, web application filtering, and TLS decryption
	Components, capabilities, and benefits of Cisco Umbrella
	Configure and verify web security controls on Cisco Umbrella		identities, URL content settings, destination lists, and reporting

	Endpoint Protection and Detection
	Compare Endpoint Protection Platforms (EPP) and Endpoint Detection & Response (EDR) solutions
	Configure endpoint antimalware protection using Cisco Secure Endpoint
	Configure and verify outbreak control and quarantines to limit infection
	Justifications for endpoint-based security
	Endpoint device management and asset inventory systems such as MDM
	Uses and importance of a multifactor authentication (MFA) strategy
	Endpoint posture assessment solutions to ensure endpoint security
	Endpoint patching strategies

	Secure Network Access, Visibility, and Enforcement
	Identity management and secure network access		guest services, profiling, posture assessment and BYOD
	Configure and verify network access control mechanisms		802.1X, MAB, WebAuth
	Network access with CoA		RADIUS Change of Authorization
	Device compliance and application control
	Exfiltration techniques		DNS tunneling, HTTPS, email, FTP/SSH/SCP/SFTP, ICMP, Messenger, IRC, and NTP
	Network telemetry
	Components, capabilities, and benefits of security products and solutions		Cisco Secure Network Analytics, Cisco Secure Cloud Analytics, Cisco pxGrid, Cisco Umbrella Investigate, Cisco Cognitive Intelligence, Cisco Encrypted Traffic Analytics, Cisco Secure Client Network Visibility Module (NVM)