保護(hù)思科無線企業(yè)網(wǎng)絡(luò)考試要點(diǎn)

　　保護(hù)思科無線企業(yè)網(wǎng)絡(luò)(300-375)是獲得思科CCNP認(rèn)證需要通過的一項(xiàng)考試。考試時間為90分鐘，包括60-70道考題。WISECURE(300-375)考試證明通過的`考生具備實(shí)施客戶端設(shè)備安全，基于身份認(rèn)證和服務(wù)，以及保護(hù)和監(jiān)控企業(yè)無線基礎(chǔ)設(shè)施。

　　以下是保護(hù)思科無線企業(yè)網(wǎng)絡(luò)(300-375)考試的主要內(nèi)容和考點(diǎn)。

　　1.0 Integrate Client Device Security19%Hide Details

　　1.1. Describe Extensible Authentication Protocol (EAP) authentication process

　　1.2. Configure client for secure EAP authentication

　　1.2.a. Native OS (iOS, Android, Windows, MAC OS, year 2013+) or AnyConnect client

　　1.3. Describe the impact of security configurations on application and client roaming

　　1.3.a. Key caching

　　1.3.b. 802.11r

　　1.4. Implement 802.11w Protected Management Frame (PMF) on the WLAN

　　1.4.a. Client support

　　1.4.b. PMF modes

　　1.4.c. Relevant timer settings

　　1.5. Implement Cisco Management Frame Protection (MFP)

　　1.5.a. Cisco Compatible Extensions (CCX)

　　1.5.b. Infrastructure mode

　　1.5.c. Client and infrastructure mode

　　1.6. Describe and configure client profiling

　　1.6.a. ISE

　　1.6.b. WLC

　　2.0 Implement Secure Distribution System Connectivity Services on the Wireless Infrastructure24%Hide Details

　　2.1. Describe the impact of BYOD on wireless security

　　2.1.a Additional security risks

　　2.1.b Loss of device control

　　2.1.c Increased complexity of policy enforcement

　　2.2. Implement BYOD policies

　　2.2.a. Single vs dual SSID

　　2.2.b.Self registration

　　2.2.c. mDNS sharing

　　2.2.d.Wi-Fi Direct

　　2.3. Implement AAA based Layer 3 security on the controller

　　2.3.a. Local Web Auth (LWA)

　　2.3.a.[i] External authentication)

　　2.3.a.[ii] Locally significant certificates

　　2.3.a.[iii] Pre-authentication ACL

　　2.3.a.[iv] Pass through configuration

　　2.4. Describe regulatory compliance considerations for protecting data and access and providing accountability

　　2.4.a. PCI

　　2.5. Utilize security audit tools for Distribution Systems

　　2.5.a. PI reports

　　2.5.b. PCI audit

　　3.0 Implement Secure Client Connectivity Services on the Wireless Infrastructure27%Hide Details

　　3.1. Implement 802.1x wireless client authentication

　　3.1.a. AireOS

　　3.1.a.[i] Local

　　3.1.a.[ii] Central

　　3.1.b. IOS-XE

　　3.1.c. Autonomous

　　3.1.c.[i] Local authentication

　　3.1.c.[ii] Remote authentication

　　3.1.d. FlexConnect

　　3.1.d.[i] Local authentication

　　3.1.d.[ii] Remote authentication

　　3.2. Implement Identity Based Networking (IBN)

　　3.2.a. AireOS

　　3.2.a.[i] VLANs

　　3.2.a.[ii] QoS

　　3.2.a.[iii] ACLs

　　3.2.b. IOS-XE

　　3.2.b.[i] VLANs

　　3.2.b.[ii] QoS

　　3.2.b.[iii] ACLs

　　3.2.c. Autonomous

　　3.2.c.[i] VLAN

　　3.2.d. FlexConnect

　　3.2.d.[i] VLAN

　　3.2.d.[ii] ACLs

　　3.2.d.[iii] QoS

　　3.3. Implement ISE AAA parameters for integration with the wireless network

　　3.3.a. Network device

　　3.3.b. IBN profile

　　3.4. Implement AAA based Layer 3 security using ISE

　　3.4.a. Utilizing ISE as AAA service

　　3.4.a.[i] Locally significant certificates on ISE

　　3.4.a.[ii] Using captive portal capabilities for guest access

　　3.4.b. Central Web Auth (CWA

　　3.4.b.[i] Returned values and overrides

　　3.4.b.[ii] Access accept

　　3.4.b.[iii] AAA override statement

　　3.5. Configure MSE based web authentication

　　3.6. Utilize security audit tools for client connectivity

　　3.6.a. PI reports

　　3.6.b. PCI audit

　　4.0 Implement Secure Management Access on the WLAN Infrastructure14%Hide Details

　　4.1. Controlling administrative access to the wireless infrastructure

　　4.1.a. RADIUS

　　4.1.b. TACACS

　　4.1.c. Controller and ISE integration

　　4.1.d. Access point administration credentials

　　4.2. Configure APs and switches for 802.1x access to the wired infrastructure

　　4.2.a. Controller based

　　4.2.b. Autonomous

　　4.3. Implement SNMPv3 on the wireless infrastructure

　　4.3.a. AireOS

　　4.3.b. IOS-XE

　　4.3.c. Autonomous

　　5.0 Monitoring Security on the WLAN Infrastructure16%Hide Details

　　5.1. Execute Security reports on PI

　　5.2. Perform Rogue Management

　　5.2.a. Rogue Containment on WLC and PI

　　5.2.b. RLDP on WLC and PI

　　5.2.c. SwitchPort tracing on PI

　　5.2.d. Location on PI

　　5.2.e. Rogue Rules on WLC and PI

　　5.3. Monitor rogue APs and clients

　　5.3.a. PI Maps

　　5.3.b. Controller

　　5.4. Monitor Alarms

　　5.4.a. 2 items

　　5.4.b. PI Security Tab

　　5.4.c. Controller Trap Logs

　　5.5. Identify RF related Security interferers on WLC and PI Maps

　　5.5.a. Jammers

　　5.5.b. Inverted Wi-Fi

　　5.5.c. Wi-Fi invalid channel

　　5.6. Implement wIPS

　　5.6.a. Enhanced Local Mode (ELM)

【保護(hù)思科無線企業(yè)網(wǎng)絡(luò)考試要點(diǎn)】相關(guān)文章：

保護(hù)思科無線企業(yè)網(wǎng)絡(luò)考試要點(diǎn)（最新）10-18

部署思科無線企業(yè)網(wǎng)絡(luò)考試要點(diǎn)11-01

2017部署思科無線企業(yè)網(wǎng)絡(luò)考試要點(diǎn)10-18

故障排除思科無線企業(yè)網(wǎng)絡(luò)考試概述和要點(diǎn)11-01

故障排除思科無線企業(yè)網(wǎng)絡(luò)考試大綱10-18

WIFUND實(shí)施思科無線網(wǎng)絡(luò)基礎(chǔ)考試要點(diǎn)10-15

設(shè)計(jì)思科無線企業(yè)網(wǎng)絡(luò)考試主要內(nèi)容11-01

思科認(rèn)證網(wǎng)絡(luò)工程師CCNA無線認(rèn)證考試要點(diǎn)10-11

實(shí)施思科統(tǒng)一無線語音網(wǎng)絡(luò)IUWVN考試要點(diǎn)11-01