Implementing Cisco Secure Access Solutions (300-208)

ccna-banner

The 300-208 Implementing Cisco Secure Access Solutions (SISAS) exam tests whether a network security engineer knows the components and architecture of secure access by utilizing 802.1X and Cisco TrustSec. This 90-minute exam consists of 55 – 65 questions. It tests on Cisco Identity Services Engine (ISE) architecture, solution, and components as an overall network threat mitigation and endpoint control solutions. It also includes the fundamental concepts of BYOD using posture and profiling services of ISE. Candidates can prepare for this exam by taking the Implementing Cisco Secure Access Solutions (SISAS) course. The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

Identity Management/Secure Access

  • Implement Device Administration
  • Compare and select AAA options
  • TACACS+
  • RADIUS
  • Describe Native AD and LDAP
  • Describe Identity Management v
  • Describe features and functionality of authentication and authorization
  • Describe identity store options (i.e., LDAP, AD, PKI, OTP, Smart Card, local)
  • Implement accounting
  • Implement Wired/Wireless 802.1x
  • Describe RADIUS flows
  • AV pairs
  • EAP types
  • Describe supplicant, authenticator, server
  • Supplicant options
  • 802.1X phasing (monitor mode, low impact, closed mode)
  • AAA server
  • Network access devices
  • Implement MAB
  • Implement Network Authorization Enforcement
  • dACL
  • Dynamic VLAN assignment
  • Describe SGA
  • Named ACL
  • CoA
  • Implement central web authorization
  • Implement profiling
  • Implement guest services
  • Implement posturing
  • Implement BYOD access
  • Describe elements of a BYOD policy
  • Device registration
  • My devices portal
  • Describe supplicant provisioning

Threat Defense

  • Implement firewall
  • Describe SGA ACLs

Troubleshooting, Monitoring, and Reporting Tools

  • Troubleshoot identity management solutions

Threat Defense Architectures

  • Design highly secure wireless solution

Identity Management Architectures

  • Design AAA security solution
  • Design profiling security solution
  • Design posturing security solution
  • Design BYOD security solution
  • Design device admin security solution
  • Design guest services security solution