A Closer Look at CCNP Security 300-206 (SENSS) Exam
As we mentioned earlier, Cisco kicked off the year with updating its security certifications, especially CCNP Security, and the launch of Cisco Cybersecurity Specialist certification. These changes, along with others, are meant to step up Cisco’s security certifications, putting them in line with the latest security trends. They also validate the skills that employers are searching for in their staff.
Today, we take a closer look at the 300-206 (SENSS) exam: Implementing Cisco Edge Network Security Solutions. It validates the candidates’ knowledge required to configure and implement security on Cisco network perimeter edge devices such as a Cisco Switch, Cisco Router, and Cisco ASA Firewall. The 300-206 exam focuses on the technologies used to secure the perimeter of a network such as Network Address Translation (NAT), ASA policy and application inspect, and Zone-Based Firewall on Cisco routers. Like most Cisco exams, this is a closed book exam, with the usual Cisco types of questions: Multiple-Choice Single Key, Multiple-Choice Multiple Key, Drag-and-Drop, Fill-in-the-Blank, Router Simulation, Testlet Queries, Simlet.
According to Cisco, the current version of the 300-206 exam includes the following topics.
Threat Defense (25%)
• 1.1 Implement Firewall
• 1.1.a Implement ACLs
• 1.1.b Implement static/dynamic NAT/PAT
• 1.1.c Implement object groups
• 1.1.d Describe threat detection features
• 1.1.e Implement Botnet traffic filtering
• 1.2 Implement Layer 2 security
• 1.2.a Configure DHCP snooping
• 1.2.b Describe dynamic ARP inspection
• 1.2.c Describe storm control
• 1.2.d Configure port security
• 1.2.e Describe common layer 2 threats and attacks and mitigation
• 1.2.f Describe private VLAN
• 1.2.g Describe MACSec
• 1.3 Configure device hardening per best practices
• 1.3.a Routers
• 1.3.b Switches
• 1.3.c Firewalls
• 1.4 Implement Firewalls
• 1.4.a Configure application filtering and protcol inspection
• 1.4.b Describe virtualized firewalls
Cisco Security Devices GUIs and Secured CLI Management (25%)
• 2.1 Implement SSHv2, SSL, SNMPv3 access on the network devices
• 2.2 Implement RBAC on the ASA/IOS CLI and on ASDM
• 2.3 Describe Cisco Prime Infrastructure
• 2.4 Describe CSM
• 2.5 Implement device managers
Management Services on Cisco Devices (12%)
• 3.1 Implement NetFlow exporter
• 3.2 Implement SNMPv3
• 3.3 Implement logging
• 3.4 Implement NTP with authentication
• 3.5 Describe CDP, DNS, SCP, SFTP, and DHCP
Troubleshooting, Monitoring and Reporting Tools (10%)
• Monitor firewall using analysis of packet tracer, packet capture, and syslog
Threat Defense Architectures (16%)
• 5.1 Design a firewall solution
• 5.2 Design Layer 2 security solution
Security Components and Considerations (12%)
• 6.1 Describe security operations management architecture
• 6.2 Describe Data Center Security components and considerations
• 6.3 Describe Collaboration security components and considerations
• 6.4 Describe common IPv6 security considerations
