Scribd
Upload
205 views13 pages

CLC CCIE Sec Real Lab1 M1 Lab1.2.0 Demo

Uploaded by

Robin Hombrebueno
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
205 views13 pages

CLC CCIE Sec Real Lab1 M1 Lab1.2.0 Demo

Uploaded by

Robin Hombrebueno
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 13

CCIE Lab Center

CLC - CCIE Security v6:


Real Lab1 - Design
CLC

Website Forum CCIE Security


https://ccielabcenter.com https://forum.ccielabcenter.com Real Lab1: Module1
Module 1: Design-1.2.0 CLC CCIE Security v6.0 Real Lab 1 - Design Released: Demo

CLC
CCIE Security
Real Lab1: Design

Web: https://ccielabcenter.com | Mail: [email protected] | Telegram: t.me/cciestudygroup Page 1


Module 1: Design-1.2.0 CLC CCIE Security v6.0 Real Lab 1 - Design Released: Demo

Workbook Description

Author: CCIE Lab Center (CLC)


Focus: Exam
Level: Expert (CCIE)
Stream: CCIE Security
Lab Version: Lab 1: Design
Document Revision: 1.2.0: Demo Version
Document Revision Date: December 06, 2022
Content: Topology, Question, Resources
Format: PDF
Protection: N/A
Website: https://ccielabcenter.com

Web: https://ccielabcenter.com | Mail: [email protected] | Telegram: t.me/cciestudygroup Page 2


Module 1: Design-1.2.0 CLC CCIE Security v6.0 Real Lab 1 - Design Released: Demo

CCIE Security Lab1: Module1: Design

Web: https://ccielabcenter.com | Mail: [email protected] | Telegram: t.me/cciestudygroup Page 3


Module 1: Design-1.2.0 CLC CCIE Security v6.0 Real Lab 1 - Design Released: Demo

Design 1.2.0

1 of 34

Welcome!

Please read all the available resources before starting the scenario by clicking ‘Next item’

Web: https://ccielabcenter.com | Mail: [email protected] | Telegram: t.me/cciestudygroup Page 4


Module 1: Design-1.2.0 CLC CCIE Security v6.0 Real Lab 1 - Design Released: Demo

x of 34

Refer to the new resource(s) available.

Which four statements correctly represents Sales and Finance organization traffic flows? (Choose four).

A. Sales and Finance traffic requires integrity but not confidentiality.


B. Sales and Finance traffic requires confidentiality and integrity.
C. DC5 is hosting Sales web services and DC4 is hosting Finance web services.
D. Sales and Finance traffic requires confidentiality but not integrity.
E. Sales traffic is destined for DC4 and Finance traffic is destined for DC5.
F. The Sales and Finance web service port is at UDP 80.
G. The Sales and Finance web service porthttps://ccielabcenter.com
is at TCP 80.
H. Sales traffic is destined for DC5 and Finance traffic is destined for DC4.

Resource(s):-
Email: Design Recommendation

Mario: Based on the business requirements to protect the traffic flows, my recommendations are as
follows for the remote access VPN solution:

1. Connections must be highly available


2. Any changes to the reachability of the servers must be dynamically learned and authenticated.
That said, we need a static routing mechanism at the traffic tunnel terminal point.
3. Remote connection must allow access only to specific network services.
4. Traffic segmentation must be implemented for the traffic flows at HQ.
5. Remote users must be authenticated by a centralized identity source.
6. Access polices for remote users must be dynamic. --CoA.
7. Real address of web servers must be hidden from the outside access.
8. Network devices that are part of the design must use existing management domain for OOB
access.
9. Network devices that are part of the design must by synchronized with existing network NTP
source.
10. DNS protection must be incorporated in the design.
11. Traffic flow monitoring must be incorporated in the design for threat detection.
12. Threat mitigation must be incorporated in the design as part of rapid threat containment

Take a look at it and let me know if you have any question or concerns. I will set up a kickoff meeting
with your operations team to formally start the project.

John: Thanks for the recommendations. They seem like a good starting point and will definitely server
well to scope the future conversations. I will look for the meeting invite

Web: https://ccielabcenter.com | Mail: [email protected] | Telegram: t.me/cciestudygroup Page 5


Module 1: Design-1.2.0 CLC CCIE Security v6.0 Real Lab 1 - Design Released: Demo

x of 34

Which architecture represents the correct flow for the design?


Architecture 1 Architecture 2

Architecture 3 Architecture 4

Web: https://ccielabcenter.com | Mail: [email protected] | Telegram: t.me/cciestudygroup Page 6


Module 1: Design-1.2.0 CLC CCIE Security v6.0 Real Lab 1 - Design Released: Demo

x of 34

Refer to the new resource(s) available.

Which technology components map to the design categories to realize the initial logical solution?
(Choose all that apply)

Technology Components
Active- Centralized
Design Active Posture DNS https://ccielabcenter.com
User
Categories NTP DHCP Segmentation ISE Failover Assessment Protection OSPF Database DNS
Identity
☐ ☐ ☐ ☐ ☐ ☐ ☐ ☐ ☐ ☐
Management
Network
☐ ☐ ☐ ☐ ☐ ☐ ☐ ☐ ☐ ☐
Security
Network
☐ ☐ ☐ ☐ ☐ ☐ ☐ ☐ ☐ ☐
Reachability
Network
☐ ☐ ☐ ☐ ☐ ☐ ☐ ☐ ☐ ☐
Availability
Endpoint
☐ ☐ ☐ ☐ ☐ ☐
https://ccielabcenter.com ☐ ☐ ☐ ☐
Security
Network
☐ ☐ ☐ ☐ ☐ ☐ ☐ ☐ ☐ ☐
Management

Web: https://ccielabcenter.com | Mail: [email protected] | Telegram: t.me/cciestudygroup Page 7


Module 1: Design-1.2.0 CLC CCIE Security v6.0 Real Lab 1 - Design Released: Demo

x of 34

Which type of flow and design functional control defines Sales and Finance traffic flows?
https://ccielabcenter.com

A. External business flow that provides secure remote access with single point of failure
B. External business flow that provides secure local access with single point of failure
C. Internal business flow that provides secure remote access with high availability
D. Internal business flow that provides secure local access with single point of failure
E. Internal business flow thathttps://ccielabcenter.com
provides secure local access with high availability
F. External business flow that provides secure remote access with high availability
G. External business flow that provides secure local access with high availability
H. Internal business flow that provides secure remote access with single point of failure

Web: https://ccielabcenter.com | Mail: [email protected] | Telegram: t.me/cciestudygroup Page 8


Module 1: Design-1.2.0 CLC CCIE Security v6.0 Real Lab 1 - Design Released: Demo

x of 34

Refer to the new resource(s) available

Drag and drop the security capabilities from the left onto the corresponding attack surfaces on the right.

NAS HAS DAS AAS

Identity Label 1 Label 1 Label 1 Label 1

Client-Based
Label 2 Label 2 Label 2
Security

Posture Label 3
Label 3
Assessment

Firewall Label 4

Intrusion
Label 5
Detection

TrustSec

https://ccielabcenter.com
Web Security

Email Security

Malware Sandbox

Application
Visibility Control

Server-Based
Security

Web: https://ccielabcenter.com | Mail: [email protected] | Telegram: t.me/cciestudygroup Page 9


Module 1: Design-1.2.0 CLC CCIE Security v6.0 Real Lab 1 - Design Released: Demo

x of 34

Refer to the new resource(s) available.


Which config line correctly maps to its functionality in the ASA1v configuration provided to the
customer?
Key cisco It identifies to which group ISE belongs

aaa-server ccie protocol radius ISE receives Sales and Finance session
accounting updates every 60 minutes.

Interim-accounting-update periodic 1 Listen for policy updates from ISE as part of


CoA.

aaa-server ccie (mgmt) host 150.1.7.218 Use the management interface for
https://ccielabcenter.com Communication with ISE.

dynamic-authorization The maximum allowed length is 64 characters.

authorization-server-group ccie The ISE with the session tunnel-group


attributes.

Resource(s)
Email: Email Progress update 3

John: Just so you know. We have completed the current phase of design. The new phase will be the last
in which we will design, implement and validation technical consists of Identity management and
information exchange components of the solution. I have attached the outcome of the current phase.

Let me know if you have any questions. I will keep you posted on the final phase.

Mario: Thanks for keeping us I the loop and sending the document. I am very pleased that we have
made significant process and

Web: https://ccielabcenter.com | Mail: [email protected] | Telegram: t.me/cciestudygroup Page 10


Module 1: Design-1.2.0 CLC CCIE Security v6.0 Real Lab 1 - Design Released: Demo

Web: https://ccielabcenter.com | Mail: [email protected] | Telegram: t.me/cciestudygroup Page 11


Module 1: Design-1.2.0 CLC CCIE Security v6.0 Real Lab 1 - Design Released: Demo

Module1: Design - 1.2.0: Demo


CLC CCIE Security Lab1
*****************The End*****************

100% Real | 100% Pass


Visit: www.ccielabcenter.com

Web: https://ccielabcenter.com | Mail: [email protected] | Telegram: t.me/cciestudygroup Page 12

You might also like