The following topics are general guidelines for the content likely to be included on the lab exam. However, other related topics may also appear on any specific delivery of the exam. In order to reflect better the contents of the exam and for clarity purposes, the exam topics may change at any time without notice. Candidates may be required to perform implementation, optimization and troubleshooting actions in each of the exam topics sections and should also be comfortable with both IPv4 and IPv6 concepts and application.CCIE Security Lab Exam Topics v4.0 System Hardening and AvailabilityRouting plane security features (e.g. protocol authentication, route filtering)Control Plane PolicingControl Plane Protection and Management Plane ProtectionBroadcast control and switchport securityAdditional CPU protection mechanisms (e.g. options drop, logging interval)Disable unnecessary servicesControl device access (e.g. Telnet, HTTP, SSH, Privilege levels)Device services (e.g. SNMP, Syslog, NTP)Transit Traffic Control and Congestion Management Threat Identification and MitigationIdentify and protect against fragmentation attacksIdentify and protect against malicious IP option usageIdentify and protect against network reconnaissance attacksIdentify and protect against IP spoofing attacksIdentify and protect against MAC spoofing attacksIdentify and protect against ARP spoofing attacksIdentify and protect against Denial of Service (DoS) attacksIdentify and protect against Distributed Denial of Service (DDoS) attacksIdentify and protect against Man-in-the-Middle (MiM) attacksIdentify and protect against port redirection attacksIdentify and protect against DHCP attacksIdentify and protect against DNS attacksIdentify and protect against MAC Flooding attacksIdentify and protect against VLAN hopping attacksIdentify and protect against various Layer2 and Layer3 attacksNBARNetFlowCapture and utilize packet captures Intrusion Prevention and Content SecurityIPS 4200 Series Sensor Appliance(a) Initialize the Sensor Appliance(b) Sensor Appliance management(c) Virtual Sensors on the Sensor Appliance(d) Implementing security policies(e) Promiscuous and inline monitoring on the Sensor Appliance(f) Tune signatures on the Sensor Appliance(g) […]