RE: Security Lab Exam Blueprint, year 2007

From: Scott Morris (swm@emanon.com)
Date: Wed Sep 27 2006 - 11:59:00 ART

• Next message: sheherezada@gmail.com: "Re: Passed in San Jose 9/25/06"
• Previous message: Jung-I Lin: "Re: OSPF virtual-link down due to "max-metric" command"
• Maybe in reply to: Petr Lapukhov: "Security Lab Exam Blueprint, year 2007"
• Next in thread: Petr Lapukhov: "Re: Security Lab Exam Blueprint, year 2007"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I think you've noticed the dilemma of the security lab changes!

Layer 2 Transparent firewalls are specifically mentioned under PIX/ASA
Firewalls, NOT the IOS Firewall.

For NAC, the reference is quite generic and what I would therefore
anticipate is that the PIX and/or ASAs will be your choke point for NAC
testing. NAC commands were introduced in 7.2(1), which certainly falls in
that "7.x" specified on the web page.

http://www.cisco.com/en/US/products/ps6120/products_configuration_guide_chap
ter09186a008066ebb8.html

On the VPN Concentrator, 4.7 introduced NAC features (4.7, 4.71, 4.72) and
those are on that list of OS versions as well.

http://www.cisco.com/warp/public/471/vpn3k-nac-config-471.html

So my thought is that IOS will not be doing NAC at this point in time.

HTH,

 
Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713, JNCIE
#153, CISSP, et al.
CCSI/JNCI-M/JNCI-J
IPExpert VP - Curriculum Development
IPExpert Sr. Technical Instructor
smorris@ipexpert.com
http://www.ipexpert.com
 

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Petr
Lapukhov
Sent: Wednesday, September 27, 2006 5:25 AM
To: ccielab; security@groupstudy.com
Subject: Security Lab Exam Blueprint, year 2007

Hello group,

I'm sorry to bother you guys with a minor question, but has anyone noted
some discrepancy in new security blueprint and lab equipment software
versions?

<lab equipment>
 Software Versions Cisco IOS Software Version 12.2T
Enterprise/IPSec/FW/IDS*feature set is used on all routers

< /lab equipment>

IOS version is 12.2T.
And, for instance, lab exam topic:

<blueprint2007>
...
Network Admission Control (NAC Framework solution) ...
</blueprint2007>

NAC is supported in IOS only since 12.3(8)T

Does anyone have more information on the subject. I'm especially worried
with IOS versions, which *really* make big difference (e.g. IPS, L2
transparent firewall, VTI, etc, etc, etc).

I also sent a letter to ccie-lab@cisco.com but Cisco guys are usually slow
in response and probably too busy to answer such questions ;)

Thanks in advance,

--
Petr Lapukhov, CCIE #16379
petr@internetworkexpert.com
Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987
Outside US: 775-826-4344

• Next message: sheherezada@gmail.com: "Re: Passed in San Jose 9/25/06"
• Previous message: Jung-I Lin: "Re: OSPF virtual-link down due to "max-metric" command"
• Maybe in reply to: Petr Lapukhov: "Security Lab Exam Blueprint, year 2007"
• Next in thread: Petr Lapukhov: "Re: Security Lab Exam Blueprint, year 2007"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Oct 01 2006 - 16:55:41 ART