4.1 Security on Cisco routers
- 4.1.a Configure multiple privilege levels
- 4.1.b Configure Cisco IOS role-based CLI access
- 4.1.c Implement Cisco IOS resilient configuration
4.2 Securing routing protocols
- 4.2.a Implement routing update authentication on OSPF
4.3 Securing the control plane
- 4.3.a Explain the function of control plane policing
4.4 Common Layer 2 attacks
- 4.4.a Describe STP attacks
- 4.4.b Describe ARP spoofing
- 4.4.c Describe MAC spoofing
- 4.4.d Describe CAM table (MAC address table) overflows
- 4.4.e Describe CDP/LLDP reconnaissance
- 4.4.f Describe VLAN hopping
- 4.4.g Describe DHCP spoofing
4.5 Mitigation procedures
- 4.5.a Implement DHCP snooping
- 4.5.b Implement Dynamic ARP Inspection
- 4.5.c Implement port security
- 4.5.d Describe BPDU guard, root guard, loop guard
- 4.5.e Verify mitigation procedures
4.6 VLAN security
- 4.6.a Describe the security implications of a PVLAN
- 4.6.b Describe the security implications of a native VLAN