CCNP Security (VPN) Written Exam v1.0 642-647 (Last day to test May 28, 2012), Written Exam v2.0 642-648 Now Available. Candidates that have scheduled the written exam on June 1, 2012 or later should prepare using the 642-648 VPN Exam Topics v2.0.
642-648 VPN Exam Topics v2.0
Exam Description
Deploying Cisco ASA VPN Solutions (VPN v2.0) exam is associated with the CCNP Security and Cisco VPN Specialist certifications. This exam tests a candidate’s knowledge and skills needed to deploy Cisco ASA-based VPN solutions. Successful graduates will be able to reduce risk to the IT infrastructure and applications using Cisco ASA VPN features, and provide detailed operations support for the Cisco ASA. Candidates can prepare for this exam by taking the Deploying Cisco ASA VPN Solutions course.
Exam Topics
The following information provides general guidelines for the content likely to be included on the VPN v2.0 exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes the guidelines below may change at any time without notice.
Common Cisco ASA adaptive security appliance VPN Configurations Components
- Identify ASA VPN licensing requirements
- Identify the components and features of AnyConnect 3.0 Mobility (VPN, NAM, Web Sec (ScanSafe), an Telemetry)
- Implement ASA VPN connection profiles, group policies, and user policies
- Implement Simple Certificate Enrollment Protocol (SCEP) proxy operations using Cisco Adaptive Security Device Manager (ASDM)
- Implement local and external VPN authorization using ASDM
- Implement VPN session accounting using ASDM
- Implement Cisco Secure Desktop and Independent Host Scan operations using ASDM
- Implement DAP operations using ASDM
- Implement LOCAL CA operations for Secure Sockets Layer (SSL) VPNs using ASDM
- Implement certificate maps using ASDM
- Identify the ASA IPv6 VPN capabilities
- Monitor and verify the resulting CLI commands resulting from the various VPN configurations on the ASA
ASA IP SEC S2S VPN
- Implement a security high-level design according to policy and environmental requirements by identifying Cisco ASA IPSec S2S VPN features and supporting technologies
- Implement basic IPSEC S2S VPN operations with PSK and digital certificates using ASDM
- Implement basic IKEv2 based IPSEC S2S VPN operations using ASDM
- Troubleshoot the initial provisioning IPSec S2S VPN applications due to misconfiguration
ASA EZVPN
- Implement a security high level design according to policy and environmental requirements by identifying Cisco ASA VPN client features and supporting technologies
- Implement basic EZVPN server operations on the ASA using ASDM
Basic EZVPN remote operations on the ASA 5505 using ASDM
- Implement AnyConnect 3.0 IKEv2 RA VPN operations
- Implement Client Services Server (CSS) feature
- Troubleshoot the initial provisioning IPSec RA VPN applications due to misconfiguration
ASA AnyConnect SSL VPNs
- Implement a security high-level design according to policy and environmental requirements by identifying Cisco ASA AnyConnect client features and supporting technologies
- Implement DTLS operations using ASDM
- Implement basic AnyConnect 3.0 full tunnel SSL VPN operations
- Troubleshoot AnyConnect SSL VPN operations using DART
- Implement AnyConnect Profiles using ASDM
- Implement advanced authentication in AnyConnect Full Tunnel SSL VPNs (certificate and multi-authentication) using ASDM
- Troubleshoot the initial provisioning client-based SSL VPN applications due to misconfiguration
ASA Clientless SSL VPNs
- Implement a security high level design according to policy and environmental requirements by identifying Cisco ASA clientless SSL VPN features and supporting technologies
- Implement basic Clientless SSL VPN operations using ASDM
- Implement advanced applications access using ASDM
- Implement the SSO features on the ASA in a clientless SSL VPN environment
- Implement advanced authentication in clientless SSL VPNs (certificate and multi-authentication) using ASDM
- Manage the clientless SSL VPN user interface and portal using ASDM
- Implement basic portal customization
- Troubleshoot the initial provisioning of Clientless SSL VPN applications due to misconfiguration
SSL VPN High Availability
- Implement SSL and IPSEC VPN high availability features