Copy and paste from the following data to produce each assessment task. Write these in plain English and spell out how, when and where the task is to be carried out, under what conditions, and what resources are needed. Include guidelines about how well the candidate has to perform a task for it to be judged satisfactory.
Required skills
analytical skills to analyse network information and plan approaches to technical problems or management requirements
communication skills to:
convey and clarify complex information
liaise with clients
literacy skills to interpret and prepare technical documentation, including recording security incidents and developing security policies
planning skills to plan deployment of the perimeter solution
problem-solving skills to:
design perimeter solution to meet security requirements
resolve technical problems
technical skills to:
configure firewalls
configure routers
deploy perimeter devices to a network
test performance of security perimeter to current industry standards.
Required knowledge
overview knowledge of:
emerging security issues
emerging security policies
detailed knowledge of:
auditing and penetration testing techniques
capabilities of software and hardware perimeter solutions
logging analysis techniques
organisational network infrastructure
security technologies, according to perimeter design
weaknesses of installed perimeter design.
The range statement relates to the unit of competency as a whole. It allows for different work environments and situations that may affect performance. Bold italicised wording, if used in the performance criteria, is detailed below. Essential operating conditions that may be present with training and assessment (depending on the work situation, needs of the candidate, accessibility of the item, and local industry and regional contexts) may also be included.
Perimeter topology may include: | 3 legged back-to-back private back-to-back public. |
Basic functionality may include: | access control lists (ACLs) dynamic host configuration protocol (DHCP) routing secure network address translation (NAT). |
Devices may include: | Cisco PIX Cisco router ACLs ClearOS Linux iptables Microsoft ISA Firewall SmoothWall Untangle. |
Advanced functions may include: | automated web-client configuration content filtering demilitarised zone (DMZ) hosting firewall policies forward and reverse caching load balancing port forward rules quality of service (QOS) server publishing stateful packet inspection. |
VPN tunnel may include: | IPSec layer 2 tunnelling protocol (L2TP) point-to-point tunnelling protocol (PPTP) secure socket tunnelling protocol (SSTP). |
Copy and paste from the following performance criteria to create an observation checklist for each task. When you have finished writing your assessment tool every one of these must have been addressed, preferably several times in a variety of contexts. To ensure this occurs download the assessment matrix for the unit; enter each assessment task as a column header and place check marks against each performance criteria that task addresses.
Observation Checklist