5.0 Security Fundamentals
Accounting for 15% of the CCNA exam, this domain is your bridge to the CompTIA Security+. Master device hardening, traffic filtering via ACLs, and cryptographic network tunnels.
Domain Readiness
Complete all 6 sub-modules to unlock the Domain 5.0 assessment.
Critical Path: The Implicit Deny
Access Control Lists (ACLs) process rules top-to-bottom. The most critical concept to remember for the exam (and the real world) is the invisible "Implicit Deny Any" at the end of every ACL. If you apply an ACL to an interface without explicitly permitting traffic, you will immediately drop all communication.
Study Modules
5.1 Threat Landscape & Concepts
PlannedDefine key security concepts: threats, vulnerabilities, exploits, and mitigation techniques. Understand the principles of least privilege and defense-in-depth.
5.2 Access Control Lists (ACLs)
PlannedThe core of network filtering. Configure and verify Standard (Source IP only) and Extended (Source, Dest, Port, Protocol) IPv4 ACLs.
5.3 AAA & Device Administration
PlannedSecure device access using local databases, and implement centralized Authentication, Authorization, and Accounting using RADIUS and TACACS+.
5.4 Layer 2 Mitigation Techniques
PlannedProtect the switch edge. Master DHCP Snooping, Dynamic ARP Inspection (DAI), and Port Security to prevent Rogue DHCP and ARP poisoning attacks.
5.5 VPNs & Cryptography
PlannedUnderstand the mechanics of secure tunnels. Compare Remote Access VPNs vs. Site-to-Site IPsec architectures.
5.6 Wireless Security Protocols
PlannedCompare WPA, WPA2, and WPA3. Understand the difference between Pre-Shared Key (PSK) and Enterprise 802.1X Extensible Authentication Protocol (EAP).