Cisco IINS 2.0: Threat Control, Mitigation, and Firewalls

Network designers, administrators, engineers, and managers; systems engineers; individuals seeking the Implementing Cisco IOS Network Security (IINS) v2.0 640-554 certification, which is associated with the CCNA Security certification exam. Knowledge and skills equivalent to those learned in Interconnecting Cisco Networking Devices Part 1 (ICND1) are required, and a working knowledge of the Windows operating system and Cisco IOS networking and concepts is recommended.

Please contact us for information about prerequisites.

Expected Duration
110 minutes

Current trends in security threat vectors require a carefully planned threat control strategy. Trends that affect security include persistent application-layer threats that use social engineering to exploit the trust architecture of the enterprise, the pervasiveness of mobility and consumerization, and the insidious motivations behind the behavior of the attacker. All these trends result in the need for dynamic security intelligence gathering and distribution, early warning systems, and application layer inspection for mobile services where data and applications are hosted in the cloud. This course suggests design principles to plan a threat control and containment strategy using firewalls and intrusion prevention systems (IPSs) in Cisco IOS environments.

Cisco provides basic traffic filtering capabilities with access control lists (ACLs). You can configure ACLs for all routed network protocols to filter packets as the packets pass through a router or security appliance. There are many reasons to configure ACLs. For example, you can use ACLs to restrict the contents of routing updates or to provide traffic flow control. One of the most important reasons to configure ACLs is to provide security for your network. This course outlines the types of ACLs that are available and offers guidelines on creating ACLs to provide network security in IP version 4 (IPv4) and IP version 6 (IPv6) environments.
A firewall protects network devices from intentional hostile intrusion that could threaten information assurance (that is, availability, confidentiality, and integrity) or lead to a denial of service (DoS) attack. A firewall can protect a hardware device or a software program running on a secure host computer. This course ends with an introduction to the firewall technologies that Cisco uses in routers and security appliances.


Threat Control

  • identify design guidelines for threat control and containment architecture
  • identify Cisco IPS threat control solutions
  • describe the security benefits of ACLs
  • match command parameters for a numbered extended ACL with their descriptions
  • identify the IP address and wildcard mask required to filter IP subnets in an example
  • identify ACL configuration considerations
  • match types of rules in Cisco Configuration Professional to their descriptions
  • recognize steps in the procedure to configure an access rule for generating log entries
  • recognize the steps required to create an ACL that can permit or deny traffic to the configured object groups
  • Not Applicable
  • Understanding Firewall Fundamentals

  • describe benefits of different types of firewalls
  • match NAT modes to criteria for selecting them
  • match types of firewall access rules to examples
  • describe guidelines for creating firewall rules




    Multi-license discounts available for Annual and Monthly subscriptions.