Preparing for the CCNA certification: Security Fundamentals

2021-08-06 15:53:22 SPOTO Club CCNA 232


Security is not an afterthought in today's networks. From the start, you must understand how to create secure networks. Security must be embedded into the network's basic fabric.

The 200-301 CCNA test covers a wide range of networking subjects, including security foundations. This article explains what you need to know to pass the CCNA security fundamentals exam.

Get 100% real dumps now

How much of the exam is devoted to security fundamentals?

Security principles account for 15% of the CCNA test content. Fundamentals is the crucial term here. Many security systems and protocols require you to understand the fundamentals. Configuration and verification information are also supplied for a few topics.

What subjects are covered in this exam section?

Under security foundations, the CCNA test covers the following important topics:

1. The fundamentals of security and the components of a security program
2. Passwords, remote access and VPNs, and access control lists are all examples of access control.
3. Security features at Layer 2
4. Security procedures for wireless networks (WPA, WPA2 and WPA3)

The following section explains what each of these things entails.

An introduction of security foundational subjects at a high level

As stated in the following sections, the CCNA covers the principles of a variety of network security technologies and protocols.
Security ideas and software aspects that are essential (including authentication, authorization and accounting)

As a network administrator, your major concern is usually ensuring that traffic can flow from point A to point B and that users can access the apps they want. However, you must make certain that programs can be utilized safely.

You need to know what security terminology like vulnerability, exploit, and threat mean. You should be aware of the available mitigation measures for preventing malicious network activity.

AAA (authentication, authorization, and accounting), sometimes known as triple-A, allows users to access systems and applications in a secure and controlled manner. While local device accounts can be used to implement AAA, using AAA servers that employ Radius or TACACS+ is a more scalable method.

Authentication establishes a user's identity in order to provide only privileged users access to systems and applications.

Authorization specifies what a user who has been authenticated is or is not permitted to do.

Accounting is the process of keeping track of what an authenticated user has done. It holds users accountable for their actions while allowing them to connect to services that they have permission to utilize.

Passwords, remote access and VPNs, and access control lists are all examples of access control (ACLs)

In this section, we'll go over three crucial network security topics briefly.


Local console, remote telnet, and SSH (Secure Shell) connections are used by network administrators to access the CLI (command-line interface) of routers and switches. Passwords should be able to be used to secure management access to the router or switch CLI.

VPNs and remote access

Any traffic sent over the Internet that isn't encrypted can be viewed by others. VPNs (virtual private networks) can be used to create a private WAN over the public internet. Site-to-site and remote access internet VPNs are covered by the CCNA.

Get more ccie id verification click there.

VPNs that connect all devices at one site to all devices at another site are known as site-to-site VPNs. Remote access VPNs link a single user to a corporate data center. Both types of VPNs have principles and protocols that you should understand without having to know about configuration and verification.

Access control lists (ACLs) define a filter that can be applied to any interface, whether incoming or outbound. The filter instructs the router or switch as to which packets should be permitted to pass and which should be rejected. ACLs are divided into two categories: standard and extended. The CCNA covers both conventional and extended ACL ideas, configuration, and verification.

Features of Layer 2 security (DHCP snooping, dynamic ARP inspection, port security)

End-user devices such as PCs and laptops have wired network connection thanks to LAN switches. To launch an attack, an attacker could get remote or even physical access to a genuine end-user device. Cisco switches provide with a number of handy capabilities for preventing network access layer assaults. We go over a couple of the tools that will be covered on the CCNA exam.

Snooping on DHCP

DHCP snooping detects and discards DHCP communications that are not related to the normal operation of the protocol. It also creates a table of valid DHCP leases that other switch functions can access. DHCP snooping is covered in both principles and configuration in the CCNA.

ARP inspection that is dynamic

ARP messages that fall outside of regular ARP operation or do not match authentic network addresses are identified by Dynamic ARP Inspection (DAI). You must be familiar with the ideas and setup of DAI's mandatory and optional features.

Port safety is paramount.

If you know which device will connect to a switch interface, you can use port security to restrict access to that device alone. You must be familiar with port security concepts, configuration, and verification.

Protocols for wireless security (WPA, WPA2, WPA3)

Anyone within range of a wireless network has the potential to access it. As a result, client authentication is required. Wireless data travels over the air and is susceptible to interception. Encryption is required to preserve data privacy and integrity.
In wireless networks, there are numerous approaches for achieving authentication and data privacy/integrity. You must choose an approach that combines several of them. This can be perplexing.

Through its WPA (Wi-Fi Protected Access) certifications, the Wi-Fi Alliance has taken on the mission of making wireless security simple. WPA, WPA2, and WPA3 are the three versions. If a wireless client device is approved for the same WPA version as the AP (access point) and its associated WLC, you may ensure interoperability (wireless LAN controller). Client authentication is supported by all three WPA versions: personal mode and enterprise mode. In the personal mode, a pre-shared key (PSK) is used, while in the business mode, 802.1x is used.

The three WPA versions should be able to be compared and contrasted. You should also be able to use the GUI to configure a wireless LAN with WPA2 PSK.


In 2003, the Wi-Fi Alliance released the first version of certification, known simply as WPA. It was encrypted using TKIP (Temporal Key Integrity Protocol).
WPA2 was released in 2004. Instead of the outdated TKIP from WPA, it used the improved AES (Advanced Encryption Standard) with CCMP (Counter/CBC-MAC Protocol) encryption methods.

WPA3 is a future replacement for WPA2 that was introduced in 2018. WPA3 employs AES GCMP (Galois/Counter Mode Protocol) for greater encryption.
Where should I spend my study time?

A high-level covering of network security with a focus on specific areas is included in the security fundamentals. Some topics require only a basic understanding of concepts. Others will require knowledge of configuration and verification. More work should be spent on topics involving configuration and verification. Learn how to use passwords to safeguard routers and switches. Know your access control lists like the back of your hand.

With port security, DHCP spying, and dynamic ARP inspection, you should be able to secure wired network access. To secure wireless network access, you must also grasp the authentication and encryption technologies available.


Many network security technologies and protocols are covered at a high level in security fundamentals. Some areas are given special attention, such as network device security, wired/wireless network access, and access control lists. If you want to learn more about the CCNA exam, you should get CCNA exam dumps to pass CCNA exam in the first try!


Get 100% real dumps now