Home > Store > Cisco > CCNA Security

CCNA Security 210-260 Official Cert Guide

Register your product to gain access to bonus material or receive a coupon.

CCNA Security 210-260 Official Cert Guide

Best Value Purchase

Book + eBook Bundle

  • Your Price: $57.49
  • List Price: $99.98
  • About Premium Edition eBooks
  • The Premium Edition eBook and Practice Test is a digital-only certification preparation product combining an eBook with enhanced Pearson IT Certification Practice Tests. Click on the "Premium Edition" tab (on the left side of this page) to learn more about this product.

    Your purchase will deliver:

    • Link to download the enhanced Pearson IT Certification Practice Test exam engine
    • Access code for question database
    • eBook in the following formats, accessible from your Account page after purchase:

    ePub EPUB The open industry format known for its reflowable content and usability on supported mobile devices.

    MOBI MOBI The eBook format compatible with the Amazon Kindle and Amazon Kindle applications.

    Adobe Reader PDF The popular standard, used most often with the free Adobe® Reader® software.

    The eBooks require no passwords or activation to read. We customize your eBook by discreetly watermarking it with your name, making it uniquely yours.

    Watermarked eBook FAQ

    eBook Download Instructions

More Purchase Options

Book

  • Your Price: $39.99
  • List Price: $49.99
  • Usually ships in 24 hours.

Premium Edition eBook

  • Your Price: $39.99
  • List Price: $49.99
  • About Premium Edition eBooks
  • The Premium Edition eBook and Practice Test is a digital-only certification preparation product combining an eBook with enhanced Pearson IT Certification Practice Tests. Click on the "Premium Edition" tab (on the left side of this page) to learn more about this product.

    Your purchase will deliver:

    • Link to download the enhanced Pearson IT Certification Practice Test exam engine
    • Access code for question database
    • eBook in the following formats, accessible from your Account page after purchase:

    ePub EPUB The open industry format known for its reflowable content and usability on supported mobile devices.

    MOBI MOBI The eBook format compatible with the Amazon Kindle and Amazon Kindle applications.

    Adobe Reader PDF The popular standard, used most often with the free Adobe® Reader® software.

    The eBooks require no passwords or activation to read. We customize your eBook by discreetly watermarking it with your name, making it uniquely yours.

    Watermarked eBook FAQ

    eBook Download Instructions

About

Features

  • Book covers the official exam preparation text for the CCNA Security certification
  • Includes exam-realistic questions on CD
  • Includes tools to help readers remember the most important details for the exam

Description

  • Copyright 2016
  • Dimensions: 7-3/8" x 9-1/8"
  • Pages: 608
  • Edition: 1st
  • Book
  • ISBN-10: 1-58720-566-1
  • ISBN-13: 978-1-58720-566-8

CCNA Security 210-260 Official Cert Guide


CCNA Security 210-260 Official Cert Guide is a best-of-breed Cisco exam study guide that focuses specifically on the objectives for the CCNA Security Implementing Cisco Network Security (IINS) 210-260 exam. Cisco Security experts Omar Santos and John Stuppi share preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.


CCNA Security 210-260 Official Cert Guide presents you with an organized test-preparation routine through the use of proven series elements and techniques. “Do I Know This Already?” quizzes open each chapter and enable you to decide how much time you need to spend on each section. A list of official exam topics makes referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly.


The companion CD-ROM contains the powerful Pearson IT Certification Practice Test engine that enables you to focus on individual topic areas or take complete, timed exams. The assessment engine also tracks your performance and provides feedback on a chapter-by-chapter basis, laying out a complete assessment of your knowledge to help you focus your study where it is needed most. The CD also contains 90 minutes of video training on CCP, NAT, object groups, ACLs, port security on a Layer 2 switch, CP3L, and zone-based firewalls.


Well regarded for its level of detail, assessment features, and challenging review questions and exercises, this official study guide helps you master the concepts and techniques that will enable you to succeed on the exam the first time.


CCNA Security 210-260 Official Cert Guide is part of a recommended learning path from Cisco that includes simulation and hands-on training from authorized Cisco Learning Partners and self-study products from Cisco Press. To find out more about instructor-led training, e-learning, and hands-on instruction offered by authorized Cisco Learning Partners worldwide, please visit http://www.cisco.com/web/learning/index.html.


The official study guide helps you master all the topics on the CCNA Security Implementing Cisco Network Security (IINS) 210-260 exam, including

·         Security concepts and threats

·         Implementing AAA using IOS and ISE

·         Bring Your Own Device (BYOD)

·         VPN technology and cryptography

·         IP security

·         Implementing IPsec site-to-site VPNs

·         Implementing SSL remote-access VPNs using Cisco ASA

·         Securing Layer 2 technologies

·         Network Foundation Protection (NFP)

·         Securing the management, data, and control planes

·         Understand, implement, and configure Cisco firewall technologies

·         Cisco IPS fundamentals

·         Mitigation technologies for e-mail, web-based, and endpoint threats

The CD-ROM contains two free, complete practice exams and 90 minutes of video training.

Includes Exclusive Offer for 70% Off Premium Edition eBook and Practice Test


Pearson IT Certification Practice Test minimum system requirements:

Windows XP (SP3), Windows Vista (SP2), Windows 7, or Windows 8; Microsoft .NET Framework 4.0 Client; Pentium class 1GHz processor (or equivalent); 512MB RAM; 650MB disk space plus 50MB for each downloaded practice exam; access to the Internet to register and download the exam databases


Category: Cisco Press–Cisco Certification

Covers: CCNA Security 210-260

Premium Edition

CCNA Security 210-260 Official Cert Guide Premium Edition eBook and Practice Test
 
The exciting new CCNA Security 210-260 Official Cert Guide, Premium Edition eBook and Practice Test is a digital-only certification preparation product combining an eBook with enhanced Pearson IT Certification Practice Test. The Premium Edition eBook and Practice Test contains the following items:

--The CCNA Security 210-260 Premium Edition Practice Test, including four full practice exams and enhanced practice test features
--PDF and EPUB formats of the CCNA Security 210-260 Official Cert Guide from Cisco Press, which are accessible via your PC, tablet, and smartphone

About the Premium Edition Practice Test

This Premium Edition contains an enhanced version of the Pearson IT Certification Practice Test (PCPT) software with four full practice exams. In addition, it contains all the chapter-opening assessment questions from the book. This integrated learning package

--Enables you to focus on individual topic areas or take complete, timed exams
--Includes direct links from each question to detailed tutorials to help you understand the concepts behind the questions
--Provides unique sets of exam-realistic practice questions
--Tracks your performance and provides feedback on a module-by-module basis, laying out a complete assessment of your knowledge to help you focus your study where it is needed most

Pearson IT Certification Practice Test minimum system requirements:
Windows Vista (SP2), Windows 7, or Windows 8.1 (desktop UI only); Microsoft .NET Framework 4.5 Client; Pentium class 1GHz processor (or equivalent); 512MB RAM; 650MB hard disk space plus 50MB for each exam download; access to the Internet to register and download exam databases

About the Premium Edition eBook
CCNA Security 210-260 Official Cert Guide focuses specifically on the objectives for the Cisco CCNA Security 210-260 exam. Networking security experts Omar Santos and John Stuppi share preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.
 
CCNA Security 210-260 Official Cert Guide presents you with an organized test-preparation routine through the use of proven series elements and techniques. “Do I Know This Already?” quizzes open each chapter and enable you to decide how much time you need to spend on each section. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly.
 
Well regarded for its level of detail, assessment features, and challenging review questions and exercises, this official study guide helps you master the concepts and techniques that will enable you to succeed on the exam the first time.
 
This official study guide helps you master all the topics on the CCNA Security exam, including
--Networking security concepts
--Common security threats
--Implementing AAA using IOS and ISE
--Bring Your Own Device (BYOD)
--Fundamentals of VPN technology and cryptography
--Fundamentals of IP security
--Implementing IPsec site-to-site VPNs
--Implementing SSL remote-access VPNs using Cisco ASA
--Securing Layer 2 technologies
--Network Foundation Protection (NFP)
--Securing the management plane on Cisco IOS devices
--Securing the data plane
--Securing routing protocols and the control plane
--Understanding firewall fundamentals
--Implementing Cisco IOS zone-based firewalls
--Configuring basic firewall policies on Cisco ASA
--Cisco IPS fundamentals
--Mitigation technologies for e-mail- and web-based threats
--Mitigation technology for endpoint threats

 

Sample Content

Online Sample Chapter

Mitigation Technologies for E-mail-Based and Web-Based Threats

Sample Pages

Download the sample pages (includes Chapter 18 and Index)

Table of Contents

Introduction xxvi

Part I Fundamentals of Network Security

Chapter 1 Networking Security Concepts 3

“Do I Know This Already?” Quiz 3

Foundation Topics 6

Understanding Network and Information Security Basics 6

    Network Security Objectives 6

    Confidentiality, Integrity, and Availability 6

    Cost-Benefit Analysis of Security 7

    Classifying Assets 8

    Classifying Vulnerabilities 10

    Classifying Countermeasures 10

    What Do We Do with the Risk? 11

Recognizing Current Network Threats 12

    Potential Attackers 12

    Attack Methods 13

    Attack Vectors 14

    Man-in-the-Middle Attacks 14

    Other Miscellaneous Attack Methods 15

Applying Fundamental Security Principles to Network Design 16

    Guidelines 16

    Network Topologies 17

    Network Security for a Virtual Environment 20

    How It All Fits Together 22

Exam Preparation Tasks 23

Review All the Key Topics 23

Complete the Tables and Lists from Memory 23

Define Key Terms 23

Chapter 2 Common Security Threats 25

“Do I Know This Already?” Quiz 25

Foundation Topics 27

Network Security Threat Landscape 27

Distributed Denial-of-Service Attacks 27

Social Engineering Methods 28

    Social Engineering Tactics 29

    Defenses Against Social Engineering 29

Malware Identification Tools 30

    Methods Available for Malware Identification 30

    Data Loss and Exfiltration Methods 31

Summary 32

Exam Preparation Tasks 33

Review All the Key Topics 33

Complete the Tables and Lists from Memory 33

Define Key Terms 33

Part II Secure Access

Chapter 3 Implementing AAA in Cisco IOS 35

“Do I Know This Already?” Quiz 35

Foundation Topics 38

Cisco Secure ACS, RADIUS, and TACACS 38

    Why Use Cisco ACS? 38

    On What Platform Does ACS Run? 38

    What Is ISE? 39

    Protocols Used Between the ACS and the Router 39

    Protocol Choices Between the ACS Server and the Client (the Router) 40

Configuring Routers to Interoperate with an ACS Server 41

Configuring the ACS Server to Interoperate with a Router 51

Verifying and Troubleshooting Router-to-ACS Server Interactions 60

Exam Preparation Tasks 67

Review All the Key Topics 67

Complete the Tables and Lists from Memory 67

Define Key Terms 67

Command Reference to Check Your Memory 67

Chapter 4 Bring Your Own Device (BYOD) 71

“Do I Know This Already?” Quiz 71

Foundation Topics 73

Bring Your Own Device Fundamentals 73

BYOD Architecture Framework 74

    BYOD Solution Components 74

Mobile Device Management 76

    MDM Deployment Options 76

        On-Premise MDM Deployment 77

        Cloud-Based MDM Deployment 78

Exam Preparation Tasks 80

Review All the Key Topics 80

Complete the Tables and Lists from Memory 80

Define Key Terms 80

Part III Virtual Private Networks (VPN)

Chapter 5 Fundamentals of VPN Technology and Cryptography 83

“Do I Know This Already?” Quiz 83

Foundation Topics 87

Understanding VPNs and Why We Use Them 87

    What Is a VPN? 87

    Types of VPNs 88

        Two Main Types of VPNs 88

    Main Benefits of VPNs 89

        Confidentiality 89

        Data Integrity 90

        Authentication 90

        Antireplay Protection 90

Cryptography Basic Components 91

    Ciphers and Keys 91

        Ciphers 91

        Keys 92

    Block and Stream Ciphers 92

        Block Ciphers 92

        Stream Ciphers 92

    Symmetric and Asymmetric Algorithms 92

        Symmetric 93

        Asymmetric 93

    Hashes 94

    Hashed Message Authentication Code 95

    Digital Signatures 95

        Digital Signatures in Action 95

    Key Management 96

        Next-Generation Encryption Protocols 97

    IPsec and SSL 97

        IPsec 97

        SSL 98

Public Key Infrastructure 99

    Public and Private Key Pairs 99

    RSA Algorithm, the Keys, and Digital Certificates 99

        Who Has Keys and a Digital Certificate? 100

        How Two Parties Exchange Public Keys 100

        Creating a Digital Signature 100

    Certificate Authorities 100

    Root and Identity Certificates 101

        Root Certificate 101

        Identity Certificate 102

        Using the Digital Certificates to Get the Peer’s Public Key 103

        X.500 and X.509v3 Certificates 103

    Authenticating and Enrolling with the CA 104

    Public Key Cryptography Standards 105

    Simple Certificate Enrollment Protocol 105

    Revoked Certificates 105

    Uses for Digital Certificates 106

    PKI Topologies 106

        Single Root CA 107

        Hierarchical CA with Subordinate CAs 107

        Cross-Certifying CAs 107

Putting the Pieces of PKI to Work 107

    ASA’s Default Certificate 108

    Viewing the Certificates in ASDM 108

    Adding a New Root Certificate 109

    Easier Method for Installing Both Root and Identity Certificates 111

Exam Preparation Tasks 116

Review All the Key Topics 116

Complete the Tables and Lists from Memory 117

Define Key Terms 117

Command Reference to Check Your Memory 117

Chapter 6 Fundamentals of IP Security 119

“Do I Know This Already?” Quiz 119

Foundation Topics 122

IPsec Concepts, Components, and Operations 122

    The Goal of IPsec 122

    The Internet Key Exchange (IKE) Protocol 123

    The Play by Play for IPsec 124

        Step 1: Negotiate the IKEv1 Phase 1 Tunnel 124

        Step 2: Run the DH Key Exchange 125

        Step 3: Authenticate the Peer 126

        What About the User’s Original Packet? 126

        Leveraging What They Have Already Built 126

        Now IPsec Can Protect the User’s Packets 127

        Traffic Before IPsec 127

        Traffic After IPsec 127

    Summary of the IPsec Story 128

Configuring and Verifying IPsec 129

    Tools to Configure the Tunnels 129

    Start with a Plan 129

    Applying the Configuration 129

    Viewing the CLI Equivalent at the Router 137

    Completing and Verifying IPsec 139

Exam Preparation Tasks 146

Review All the Key Topics 146

Complete the Tables and Lists from Memory 146

Define Key Terms 146

Command Reference to Check Your Memory 147

Chapter 7 Implementing IPsec Site-to-Site VPNs 149

“Do I Know This Already?” Quiz 149

Foundation Topics 152

Planning and Preparing an IPsec Site-to-Site VPN 152

    Customer Needs 152

    Planning IKEv1 Phase 1 154

    Planning IKEv1 Phase 2 154

Implementing and Verifying an IPsec Site-to-Site VPN in Cisco IOS Devices 155

    Troubleshooting IPsec Site-to-Site VPNs in Cisco IOS 164

Implementing and Verifying an IPsec Site-to-Site VPN in Cisco ASA 179

    Troubleshooting IPsec Site-to-Site VPNs in Cisco ASA 193

Exam Preparation Tasks 199

Review All the Key Topics 199

Complete the Tables and Lists from Memory 199

Define Key Terms 199

Command Reference to Check Your Memory 199

Chapter 8 Implementing SSL VPNs Using Cisco ASA 203

“Do I Know This Already?” Quiz 203

Foundation Topics 206

Functions and Use of SSL for VPNs 206

    Is IPsec Out of the Picture? 206

    SSL and TLS Protocol Framework 207

    The Play by Play of SSL for VPNs 207

    SSL VPN Flavors 208

Configuring Clientless SSL VPNs on ASA 209

    Using the SSL VPN Wizard 209

    Digital Certificates 211

    Accessing the Connection Profile 211

    Authenticating Users 211

    Logging In 215

    Seeing the VPN Activity from the Server 217

Using the Cisco AnyConnect Secure Mobility Client 217

    Types of SSL VPNs 218

    Configuring the Cisco ASA to Terminate the Cisco AnyConnect Secure Mobility Client Connections 218

    Groups, Connection Profiles, and Defaults 225

    One Item with Three Different Names 226

    Split Tunneling 227

Troubleshooting SSL VPN 228

    Troubleshooting SSL Negotiations 228

    Troubleshooting AnyConnect Client Issues 228

        Initial Connectivity Issues 228

        Traffic-Specific Issues 230

Exam Preparation Tasks 231

Review All the Key Topics 231

Complete the Tables and Lists from Memory 231

Define Key Terms 231

Part IV Secure Routing and Switching

Chapter 9 Securing Layer 2 Technologies 233

“Do I Know This Already?” Quiz 233

Foundation Topics 236

VLAN and Trunking Fundamentals 236

    What Is a VLAN? 236

    Trunking with 802.1Q 238

    Following the Frame, Step by Step 239

    The Native VLAN on a Trunk 239

    So, What Do You Want to Be? (Asks the Port) 239

    Inter-VLAN Routing 240

    The Challenge of Using Physical Interfaces Only 240

    Using Virtual “Sub” Interfaces 240

Spanning-Tree Fundamentals 241

    Loops in Networks Are Usually Bad 241

    The Life of a Loop 241

    The Solution to the Layer 2 Loop 242

    STP Is Wary of New Ports 245

    Improving the Time Until Forwarding 245

Common Layer 2 Threats and How to Mitigate Them 246

    Disrupt the Bottom of the Wall, and the Top Is Disrupted, Too 246

    Layer 2 Best Practices 246

    Do Not Allow Negotiations 247

    Layer 2 Security Toolkit 248

    Specific Layer 2 Mitigation for CCNA Security 248

        BPDU Guard 248

        Root Guard 249

        Port Security 250

CDP and LLDP 251

DHCP Snooping 253

Dynamic ARP Inspection 254

Exam Preparation Tasks 257

Review All the Key Topics 257

Complete the Tables and Lists from Memory 258

Review the Port Security Video Included with This Book 258

Define Key Terms 258

Command Reference to Check Your Memory 258

Chapter 10 Network Foundation Protection 261

“Do I Know This Already?” Quiz 261

Foundation Topics 264

Using Network Foundation Protection to Secure Networks 264

    The Importance of the Network Infrastructure 264

    The Network Foundation Protection Framework 264

    Interdependence 265

    Implementing NFP 265

Understanding the Management Plane 266

    First Things First 266

    Best Practices for Securing the Management Plane 267

Understanding the Control Plane 268

    Best Practices for Securing the Control Plane 268

Understanding the Data Plane 270

    Best Practices for Protecting the Data Plane 271

    Additional Data Plane Protection Mechanisms 271

Exam Preparation Tasks 272

Review All the Key Topics 272

Complete the Tables and Lists from Memory 272

Define Key Terms 272

Chapter 11 Securing the Management Plane on Cisco IOS Devices 275

“Do I Know This Already?” Quiz 275

Foundation Topics 278

Securing Management Traffic 278

    What Is Management Traffic and the Management Plane? 278

    Beyond the Blue Rollover Cable 278

    Management Plane Best Practices 278

    Password Recommendations 281

    Using AAA to Verify Users 281

        AAA Components 282

        Options for Storing Usernames, Passwords, and Access Rules 282

        Authorizing VPN Users 283

        Router Access Authentication 284

        The AAA Method List 285

    Role-Based Access Control 286

        Custom Privilege Levels 287

        Limiting the Administrator by Assigning a View 287

    Encrypted Management Protocols 287

    Using Logging Files 288

    Understanding NTP 289

    Protecting Cisco IOS Files 289

Implementing Security Measures to Protect the Management Plane 290

    Implementing Strong Passwords 290

    User Authentication with AAA 292

    Using the CLI to Troubleshoot AAA for Cisco Routers 296

    RBAC Privilege Level/Parser View 301

    Implementing Parser Views 303

    SSH and HTTPS 305

    Implementing Logging Features 308

        Configuring Syslog Support 308

    SNMP Features 310

    Configuring NTP 313

    Secure Copy Protocol 315

    Securing the Cisco IOS Image and Configuration Files 315

Exam Preparation Tasks 317

Review All the Key Topics 317

Complete the Tables and Lists from Memory 318

Define Key Terms 318

Command Reference to Check Your Memory 318

Chapter 12 Securing the Data Plane in IPv6 321

“Do I Know This Already?” Quiz 321

Foundation Topics 324

Understanding and Configuring IPv6 324

    Why IPv6? 324

    The Format of an IPv6 Address 325

        Understanding the Shortcuts 327

        Did We Get an Extra Address? 327

        IPv6 Address Types 327

Configuring IPv6 Routing 330

    Moving to IPv6 331

Developing a Security Plan for IPv6 332

    Best Practices Common to Both IPv4 and IPv6 332

    Threats Common to Both IPv4 and IPv6 333

    The Focus on IPv6 Security 334

    New Potential Risks with IPv6 334

    IPv6 Best Practices 336

    IPv6 Access Control Lists 337

Exam Preparation Tasks 338

Review All the Key Topics 338

Complete the Tables and Lists from Memory 338

Define Key Terms 338

Command Reference to Check Your Memory 338

Chapter 13 Securing Routing Protocols and the Control Plane 341

“Do I Know This Already?” Quiz 341

Foundation Topics 344

Securing the Control Plane 344

    Minimizing the Impact of Control Plane Traffic on the CPU 344

Control Plane Policing 346

    Control Plane Protection 348

Securing Routing Protocols 348

    Implement Routing Update Authentication on OSPF 348

    Implement Routing Update Authentication on EIGRP 349

    Implement Routing Update Authentication on RIP 350

    Implement Routing Update Authentication on BGP 351

Exam Preparation Tasks 353

Review All the Key Topics 353

Complete the Tables and Lists from Memory 353

Define Key Terms 353

Part V Cisco Firewall Technologies and Intrusion Prevention System Technologies

Chapter 14 Understanding Firewall Fundamentals 355

“Do I Know This Already?” Quiz 355

Foundation Topics 358

Firewall Concepts and Technologies 358

    Firewall Technologies 358

    Objectives of a Good Firewall 358

    Firewall Justifications 359

    The Defense-in-Depth Approach 360

    Firewall Methodologies 361

        Static Packet Filtering 362

        Application Layer Gateway 363

        Stateful Packet Filtering 363

        Application Inspection 364

        Transparent Firewalls 365

        Next-Generation Firewalls 365

Using Network Address Translation 366

    NAT Is About Hiding or Changing the Truth About Source Addresses 366

    Inside, Outside, Local, Global 367

    Port Address Translation 368

    NAT Options 369

Creating and Deploying Firewalls 370

    Firewall Technologies 370

    Firewall Design Considerations 370

    Firewall Access Rules 371

    Packet-Filtering Access Rule Structure 372

    Firewall Rule Design Guidelines 372

    Rule Implementation Consistency 373

Exam Preparation Tasks 375

Review All the Key Topics 375

Complete the Tables and Lists from Memory 375

Define Key Terms 375

Chapter 15 Implementing Cisco IOS Zone-Based Firewalls 377

“Do I Know This Already?” Quiz 377

Foundation Topics 379

Cisco IOS Zone-Based Firewalls 379

    How Zone-Based Firewall Operates 379

    Specific Features of Zone-Based Firewalls 379

    Zones and Why We Need Pairs of Them 380

    Putting the Pieces Together 381

    Service Policies 382

    The Self Zone 384

Configuring and Verifying Cisco IOS Zone-Based Firewalls 385

    First Things First 385

    Using CCP to Configure the Firewall 386

    Verifying the Firewall 399

    Verifying the Configuration from the Command Line 400

    Implementing NAT in Addition to ZBF 404

    Verifying Whether NAT Is Working 407

Exam Preparation Tasks 409

Review All the Key Topics 409

Complete the Tables and Lists from Memory 409

Define Key Terms 409

Command Reference to Check Your Memory 409

Chapter 16 Configuring Basic Firewall Policies on Cisco ASA 413

“Do I Know This Already?” Quiz 413

Foundation Topics 416

The ASA Appliance Family and Features 416

    Meet the ASA Family 416

    ASA Features and Services 417

ASA Firewall Fundamentals 419

    ASA Security Levels 419

    The Default Flow of Traffic 420

    Tools to Manage the ASA 422

    Initial Access 422

    Packet Filtering on the ASA 422

    Implementing a Packet-Filtering ACL 423

    Modular Policy Framework 424

    Where to Apply a Policy 425

Configuring the ASA 425

    Beginning the Configuration 425

    Getting to the ASDM GUI 433

    Configuring the Interfaces 435

    IP Addresses for Clients 443

    Basic Routing to the Internet 444

    NAT and PAT 445

    Permitting Additional Access Through the Firewall 447

    Using Packet Tracer to Verify Which Packets Are Allowed 449

    Verifying the Policy of No Telnet 453

Exam Preparation Tasks 454

Review All the Key Topics 454

Complete the Tables and Lists from Memory 454

Define Key Terms 454

Command Reference to Check Your Memory 455

Chapter 17 Cisco IDS/IPS Fundamentals 457

“Do I Know This Already?” Quiz 457

Foundation Topics 460

IPS Versus IDS 460

    What Sensors Do 460

    Difference Between IPS and IDS 460

    Sensor Platforms 462

    True/False Negatives/Positives 463

    Positive/Negative Terminology 463

Identifying Malicious Traffic on the Network 463

    Signature-Based IPS/IDS 464

    Policy-Based IPS/IDS 464

    Anomaly-Based IPS/IDS 464

    Reputation-Based IPS/IDS 464

    When Sensors Detect Malicious Traffic 465

    Controlling Which Actions the Sensors Should Take 467

    Implementing Actions Based on the Risk Rating 468

    Circumventing an IPS/IDS 468

Managing Signatures 469

    Signature or Severity Levels 470

Monitoring and Managing Alarms and Alerts 471

    Security Intelligence 471

    IPS/IDS Best Practices 472

Cisco Next-Generation IPS Solutions 472

Exam Preparation Tasks 474

Review All the Key Topics 474

Complete the Tables and Lists from Memory 474

Define Key Terms 474

Part VI Content and Endpoint Security

Chapter 18 Mitigation Technologies for E-mail-Based and Web-Based Threats 477

“Do I Know This Already?” Quiz 477

Foundation Topics 479

Mitigation Technology for E-mail-Based Threats 479

    E-mail-Based Threats 479

    Cisco Cloud E-mail Security 479

    Cisco Hybrid E-mail Security 480

    Cisco E-mail Security Appliance 480

    Cisco ESA Initial Configuration 483

Mitigation Technology for Web-Based Threats 486

    Cisco CWS 486

    Cisco WSA 487

Cisco Content Security Management Appliance 491

Exam Preparation Tasks 493

Review All the Key Topics 493

Complete the Tables and Lists from Memory 493

Define Key Terms 493

Command Reference to Check Your Memory 493

Chapter 19 Mitigation Technologies for Endpoint Threats 495

“Do I Know This Already?” Quiz 495

Foundation Topics 497

Antivirus and Antimalware Solutions 497

Personal Firewalls and Host Intrusion Prevention Systems 498

Advanced Malware Protection for Endpoints 499

Hardware and Software Encryption of Endpoint Data 500

    E-mail Encryption 500

    Encrypting Endpoint Data at Rest 501

    Virtual Private Networks 501

Exam Preparation Tasks 503

Review All the Key Topics 503

Complete the Tables and Lists from Memory 503

Define Key Terms 503

Part VII Final Preparation

Chapter 20 Final Preparation 505

Tools for Final Preparation 505

Exam Engine and Questions on the CD 505

    Install the Exam Engine 505

    Activate and Download the Practice Exam 506

    Activating Other Exams 506

    Premium Edition 506

The Cisco Learning Network 507

Memory Tables 507

Chapter-Ending Review Tools 507

Study Plan 507

Recall the Facts 507

Practice Configurations 508

Using the Exam Engine 508

Part VIII Appendixes

Appendix A Answers to the “Do I Know This Already?” Quizzes 511

Appendix B CCNA Security 210-260 (IINS) Exam Updates 517

Glossary 521

On the CD

Glossary

Appendix C Memory Tables

Appendix D Memory Tables Answer Key

Appendix E Study Planner

9781587205668   TOC   8/14/2015

More Information

Unlimited one-month access with your purchase
Free Safari Membership