Professional Documents
Culture Documents
Purpose
Cisco CCNA® Security is the second major release of the Cisco Networking Academy® CCNA Security curriculum.
CCNA Security aligns with the certification exam Implementing Cisco® Network Security (IINS) (210-260). These
notes provide detailed information about this release, including curriculum content, known issues, and support
information.
Component Description
Skills Assessment 1 skills assessment using equipment to verify the development of course skills
Cisco® Packet Tracer 13 Packet Tracer activities
Activities PT version 6.2.x or above is required
Pre-Test 1 pre-test that covers prerequisite and pre-existing knowledge This can be used to understand what students
know before starting the course to direct planning and customization of the curriculum.
Chapter Quizzes 11 modifiable chapter quizzes
Chapter Exams 11 chapter exams containing simulation-based, multiple choice, and fill-in-the-blank questions
Accessibility 11 chapters containing accessible text and media text Videos provide closed captioning (CC)
Text Area Sizing After resizing the text area of a page, subsequent pages retain the same text area size. The text area size will
return to default when the browser session ends.
Form-Fillable PDFs Open these documents in Adobe Reader to help ensure the form-fillable fields load properly.
Opening these documents in a web browser is not recommended.
Syntax Checker This tool is limited in functionality to the specific instructions provided in a Syntax Checker activity.
© 2018 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 6
Certification Exam Alignment
Differences between the IINS 640-554 and the IINS 210-260.
2.1.b CCP One Step Lockdown Feature 1.2.b Describe Social Engineering
2.4 Describe IPv4 to IPv6 transition 1.2.d Classify the vectors of Data Loss/Exfiltration
2.4.a Reasons for IPv6
2.4.b Understanding IPv6 addressing
2.4.c Assigning IPv6 addresses
2.4.d Routing considerations for IPv6
4.1.c Types of ACLs (dynamic, reflexive, time-based ACLs) 2.1.c Configure and verify secure access through SNMP v3 using an ACL
4.1.j VLSM 2.4.b Describe the function of Mobile Device Management (MDM)
4.3.g VACLs 5.5 Firewall features on the Cisco Adaptive Security Appliance (ASA) 9.x
5.2.g CCP 7.1.a SPAM Filtering, Anti-Malware Filtering, DLP, Blacklisting, Email Encryption
7.4 Implement Zone-Based Firewall Using CCP 7.2.b Blacklisting, URL-Filtering, Malware Scanning, URL Categorization, Web
Application Filtering, TLS/SSL Decryption
1.1.a Describe Confidentiality, Integrity, Availability (CIA) Section 1.2 Network Threats
1.1.d Identify common network security zones Section 4.2 Firewall Technologies
1.2.d Classify the vectors of Data Loss/Exfiltration Section 11.2 Developing a Comprehensive Security Policy
© 2018 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 2 of 6
IINS 210-260 Exam Objectives CCNAS v2.0 Coverage Location(s)
1.3 Cryptography Concepts Chapter 7 Cryptographic Systems
1.3.a Describe Key Exchange Section 7.2 Basic Integrity and Authenticity
1.3.c Compare & Contrast Symmetric and Asymmetric Encryption Section 7.4 Public Key Cryptography
1.4.b Cloud, Wide Area Network (WAN) Section 1.2 Network Threats
2.1.a Compare In-band and out of band Section 2.1 Securing Device Access
2.1.b Configure secure network management Section 2.3 Monitoring and Managing Devices
2.1.c Configure and verify secure access through SNMP v3 using an ACL
2.2.a Describe RADIUS & TACACS+ technologies Section 3.3 Server-Based AAA
2.2.b Configure administrative access on a Cisco router using TACACS+ Section 3.4 Server-Based AAA Authentication
2.3.a Identify the functions 802.1x components Section 3.5 Server-Based AAA Authorization and Accounting
2.4.a Describe the BYOD architecture framework Section 1.1 Securing Networks
3.1.a Describe IPSec Protocols and Delivery Modes (IKE, ESP, AH, Section 8.2 IPsec VPN Components and Operation
Tunnel mode, Transport mode)
3.2 Remote Access VPN Chapter 10 Advanced Cisco Adaptive Security Appliance
3.2.a Implement basic Clientless SSL VPN using ASDM Section 10.2 ASA VPN Configuration
© 2018 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 3 of 6
IINS 210-260 Exam Objectives CCNAS v2.0 Coverage Location(s)
3.2.e Identify Endpoint Posture Assessment
3.3.a Implement an IPSec site-to-site VPN with pre-shared key Section 10.2 ASA VPN Configuration
authentication on Cisco routers and ASA firewalls
4.1.a Configure multiple privilege levels Section 2.2 Assigning Administrative Roles
4.1.b Configure IOS Role-based CLI Access Section 2.3 Monitoring and Managing Devices
4.2.a Implement routing update authentication on OSPF Section 2.5 Securing the Control Plane
4.3.a Explain the function of Control Plane Policing Section 2.5 Securing the Control Plane
4.4 Common Layer 2 Attacks Chapter 6 Securing the Local Area Network
4.6.a Describe the security implications of a PVLAN Section 6.2 Layer 2 Security Considerations
5.1 Describe operational strengths and weaknesses of the different Chapter 4 Implementing Firewall Technologies
firewall technologies
Section 4.2 Firewall Technologies
5.1.a Proxy firewalls
Chapter 6 Securing the Local Area Network
5.1.b Application firewall
Section 6.1 Endpoint Security
5.1.c Personal firewall
5.2 Compare Stateful vs. Stateless Firewalls Chapter 4 Implementing Firewall Technologies
© 2018 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 4 of 6
IINS 210-260 Exam Objectives CCNAS v2.0 Coverage Location(s)
5.2.b Function of the state table
5.3 Implement NAT on Cisco ASA 9.x Chapter 9 Implementing the Cisco Adaptive Security Appliance
5.5 Firewall features on the Cisco Adaptive Security Appliance (ASA) 9.x Chapter 9 Implementing the Cisco Adaptive Security Appliance
5.5.a Configure ASA Access Management Section 9.1 Introduction to the ASA
5.5.b Configure Security Access Policies Section 9.2 ASA Firewall Configuration
6.1.a Network Based IPS vs. Host Based IPS Section 5.1 IPS Technologies
6.1.b Modes of deployment (Inline, Promiscuous - SPAN, tap) Section 5.2 IPS Signatures
7.1 Describe Mitigation Technology for Email-based Threats Chapter 6 Securing the Local Area Network
7.1.a SPAM Filtering, Anti-Malware Filtering, DLP, Blacklisting, Email Section 6.1 Endpoint Security
Encryption
7.2 Describe Mitigation Technology for Web-based Threats Chapter 6 Securing the Local Area Network
7.2.a Local & Cloud Based Web Proxies Section 6.1 Endpoint Security
© 2018 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 5 of 6
IINS 210-260 Exam Objectives CCNAS v2.0 Coverage Location(s)
7.3 Describe Mitigation Technology for Endpoint Threats Chapter 5 Implementing Intrusion Prevention
Support
For general assistance with curriculum, classroom, or program issues, please contact the Networking Academy™
Support Desk by signing into the Cisco NetSpace learning environment and clicking Help > Contact Support at
the top of the page.
© 2018 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 6 of 6