Home > Store

CCNA Security 640-554 Official Cert Guide

Register your product to gain access to bonus material or receive a coupon.

CCNA Security 640-554 Official Cert Guide

Book

  • Sorry, this book is no longer in print.
Not for Sale

About

Features

  • Straight from Cisco: the official complete assessment, review, and practice for the newest CCNA Security (IINS) exam!
  • Covers every current CCNA Security exam topic, including key concepts, network infrastructure protection, threat control/containment; and secure connectivity
  • Extensive updates include: Cisco Configuration Professional GUI tool, ASAP Firewall, ADSM, and IPv6 security
  • CD contains realistic practice tests
  • Extensive, proven features help students review more efficiently

Description

  • Copyright 2013
  • Edition: 1st
  • Book
  • ISBN-10: 1-58720-446-0
  • ISBN-13: 978-1-58720-446-3

Trust the best selling Official Cert Guide series from Cisco Press to help you learn, prepare, and practice for exam success. They are built with the objective of providing assessment, review, and practice to help ensure you are fully prepared for your certification exam.

CCNA Security 640-554 Official Cert Guide presents you with an organized test preparation routine through the use of proven series elements and techniques. “Do I Know This Already?” quizzes open each chapter and enable you to decide how much time you need to spend on each section. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly.

·         Master Cisco CCNA Security 640-554 exam topics

·         Assess your knowledge with chapter-opening quizzes

·         Review key concepts with exam preparation tasks

·         Practice with realistic exam questions on the CD-ROM

CCNA Security 640-554 Official Cert Guide, focuses specifically on the objectives for the Cisco CCNA Security IINS exam. Expert networking professionals Keith Barker and Scott Morris share preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.

The companion CD-ROM contains a powerful Pearson IT Certification Practice Test engine that enables you to focus on individual topic areas or take complete, timed exams. The assessment engine also tracks your performance and provides feedback on a module-by-module basis, laying out a complete assessment of your knowledge to help you focus your study where it is needed most. The CD also contains 90 minutes of video training on CCP, NAT, object groups, ACLs, port security on a Layer 2 switch, CP3L, and zone-based firewalls.

Well-regarded for its level of detail, assessment features, comprehensive design scenarios, and challenging review questions and exercises, this official study guide helps you master the concepts and techniques that will enable you to succeed on the exam the first time.

The official study guide helps you master all the topics on the CCNA Security IINS exam, including:

  • Network security concepts
  • Security policies and strategies
  • Network foundation protection (NFP)
  • Cisco Configuration Professional (CCP)
  • Management plane security
  • AAA security
  • Layer 2 security threats
  • IPv6 security
  • Threat mitigation and containment
  • Access Control Lists (ACLs)
  • Network Address Translation (NAT)
  • Cisco IOS zone-based firewalls and ASA firewalls
  • Intrusion prevention and detection systems
  • Public Key Infrastructure (PKI) and cryptography
  • Site-to-site IPsec VPNs and SSL VPNs

CCNA Security 640-554 Official Cert Guide is part of a recommended learning path from Cisco that includes simulation and hands-on training from authorized Cisco Learning Partners and self-study products from Cisco Press. To find out more about instructor-led training, e-learning, and hands-on instruction offered by authorized Cisco Learning Partners worldwide, please visit www.cisco.com/go/authorizedtraining.

The print edition of the CCNA Security 640-554 Official Cert Guide contains 90 minutes of video instruction, two free, complete practice exams as well as an exclusive offer for 70% off Premium Edition eBook and Practice Test.

Pearson IT Certification Practice Test minimum system requirements:

Windows XP (SP3), Windows Vista (SP2), or Windows 7; Microsoft .NET Framework 4.0 Client; Pentium class 1GHz processor (or equivalent); 512 MB RAM; 650 MB disc space plus 50 MB for each downloaded practice exam

Also available from Cisco Press for Cisco CCNA Security study is the CCNA Security 640-554 Official Cert Guide Premium Edition eBook and Practice Test. This digital-only certification preparation product combines an eBook with enhanced Pearson IT Certification Practice Test.

This integrated learning package:

·         Allows you to focus on individual topic areas or take complete, timed exams

·         Includes direct links from each question to detailed tutorials to help you understand the concepts behind the questions

·         Provides unique sets of exam-realistic practice questions

·         Tracks your performance and provides feedback on a module-by-module basis, laying out a complete assessment of your knowledge to help you focus your study where it is needed most

Premium Edition

The exciting new CCNA Security 640-554 Official Cert Guide, Premium Edition eBook and Practice Test  is a digital-only certification preparation product combining an eBook with enhanced Pearson IT Certification Practice Test. The Premium Edition eBook and Practice Test contains the following items:

  • The CCNA Security 640-554Premium Edition Practice Test, including four full practice exams (over 250 questions) and enhanced practice test features
  • PDF and EPUB formats of the CCNA Security 640-554 Official Cert Guide from Cisco Press, which are accessible via your PC, tablet, and Smartphone

About the Premium Edition Practice Test

This Premium Edition contains an enhanced version of the Pearson IT Certification Practice Test (PCPT) software with four full practice exams. In addition, it contains all the chapter-opening assessment questions from the book. This integrated learning package:

  • Allows you to focus on individual topic areas or take complete, timed exams
  • Includes direct links from each question to detailed tutorials to help you understand the concepts behind the questions
  • Provides unique sets of exam-realistic practice questions
  • Tracks your performance and provides feedback on a module-by-module basis, laying out a complete assessment of your knowledge to help you focus your study where it is needed most

Pearson IT Certification Practice Test minimum system requirements:

Windows XP (SP3), Windows Vista (SP2), or Windows 7;

Microsoft .NET Framework 4.0 Client;

Pentium class 1GHz processor (or equivalent);

512 MB RAM;

650 MB disc space plus 50 MB for each downloaded practice exam

About the Premium Edition eBook


CCNA Security 640-554 Official Cert Guide is a best of breed Cisco exam study guide that focuses specifically on the objectives for the CCNA Security IINS exam. Cisco Certified Internetwork Experts (CCIE) Keith Barker and Scott Morris share preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.

CCNA Security 640-554 Official Cert Guide presents you with an organized test preparation routine through the use of proven series elements and techniques. “Do I Know This Already?” quizzes open each chapter and enable you to decide how much time you need to spend on each section. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly.

This eBook comes complete with 90 minutes of video training on CCP, NAT, object groups, ACLs, port security on a Layer 2 switch, CP3L, and zone-based firewalls. See the last page of the eBook file for instructions on downloading the videos.

Well-regarded for its level of detail, assessment features, and challenging review questions and exercises, this official study guide helps you master the concepts and techniques that will enable you to succeed on the exam the first time.

This official study guide helps you master all the topics on the CCNA Security IINS exam, including:

  • Network security concepts
  • Security policies and strategies
  • Network foundation protection (NFP)
  • Cisco Configuration Professional (CCP)
  • Management plane security
  • AAA security
  • Layer 2 security threats
  • IPv6 security
  • Threat mitigation and containment
  • Access Control Lists (ACLs)
  • Network Address Translation (NAT)
  • Cisco IOS zone-based firewalls and ASA firewalls
  • Intrusion prevention and detection systems
  • Public Key Infrastructure (PKI) and cryptography
  • Site-to-site IPsec VPNs and SSL VPNs

Sample Content

Online Sample Chapter

Securing the Management Plane on Cisco IOS Devices

Sample Pages

Download the sample pages (includes Chapter 6 and Index)

Table of Contents

Introduction xxv

Part I Fundamentals of Network Security

Chapter 1 Networking Security Concepts

“Do I Know This Already?” Quiz 5

Foundation Topics 8

Understanding Network and Information Security Basics 8

    Network Security Objectives 8

    Confidentiality, Integrity, and Availability 8

    Cost-Benefit Analysis of Security 9

    Classifying Assets 10

    Classifying Vulnerabilities 11

    Classifying Countermeasures 12

    What Do We Do with the Risk? 12

Recognizing Current Network Threats 13

    Potential Attackers 13

    Attack Methods 14

    Attack Vectors 15

    Man-in-the-Middle Attacks 15

    Other Miscellaneous Attack Methods 16

Applying Fundamental Security Principles to Network Design 17

    Guidelines 17

    How It All Fits Together 19

Exam Preparation Tasks 20

Review All the Key Topics 20

Complete the Tables and Lists from Memory 20

Define Key Terms 20

Chapter 2 Understanding Security Policies Using a Lifecycle Approach

“Do I Know This Already?” Quiz 23

Foundation Topics 25

Risk Analysis and Management 25

    Secure Network Lifecycle 25

    Risk Analysis Methods 25

    Security Posture Assessment 26

    An Approach to Risk Management 27

    Regulatory Compliance Affecting Risk 28

Security Policies 28

    Who, What, and Why 28

    Specific Types of Policies 29

    Standards, Procedures, and Guidelines 30

    Testing the Security Architecture 31

    Responding to an Incident on the Network 32

    Collecting Evidence 32

    Reasons for Not Being an Attacker 32

    Liability 33

    Disaster Recovery and Business Continuity Planning 33

Exam Preparation Tasks 34

Review All the Key Topics 34

Complete the Tables and Lists from Memory 34

Define Key Terms 34

Chapter 3 Building a Security Strategy

“Do I Know This Already?” Quiz 37

Foundation Topics 40

Securing Borderless Networks 40

    The Changing Nature of Networks 40

    Logical Boundaries 40

    SecureX and Context-Aware Security 42

Controlling and Containing Data Loss 42

    An Ounce of Prevention 42

    Secure Connectivity Using VPNs 43

    Secure Management 43

Exam Preparation Tasks 44

Review All the Key Topics 44

Complete the Tables and Lists from Memory 44

Define Key Terms 44

Part II Protecting the Network Infrastructure

Chapter 4 Network Foundation Protection

“Do I Know This Already?” Quiz 49

Foundation Topics 52

Using Network Foundation Protection to Secure Networks 52

    The Importance of the Network Infrastructure 52

    The Network Foundation Protection (NFP) Framework 52

    Interdependence 53

    Implementing NFP 53

Understanding the Management Plane 55

    First Things First 55

    Best Practices for Securing the Management Plane 55

Understanding the Control Plane 56

    Best Practices for Securing the Control Plane 56

Understanding the Data Plane 57

    Best Practices for Protecting the Data Plane 59

    Additional Data Plane Protection Mechanisms 59

Exam Preparation Tasks 60

Review All the Key Topics 60

Complete the Tables and Lists from Memory 60

Define Key Terms 60

Chapter 5 Using Cisco Configuration Professional to Protect the Network Infrastructure

“Do I Know This Already?” Quiz 63

Foundation Topics 65

Introducing Cisco Configuration Professional 65

Understanding CCP Features and the GUI 65

    The Menu Bar 66

    The Toolbar 67

    Left Navigation Pane 68

    Content Pane 69

    Status Bar 69

Setting Up New Devices 69

CCP Building Blocks 70

    Communities 70

    Templates 74

    User Profiles 78

CCP Audit Features 81

    One-Step Lockdown 84

    A Few Highlights 84

Exam Preparation Tasks 88

Review All the Key Topics 88

Complete the Tables and Lists from Memory 88

Define Key Terms 88

Command Reference to Check Your Memory 89

Chapter 6 Securing the Management Plane on Cisco IOS Devices

“Do I Know This Already?” Quiz 91

Foundation Topics 94

Securing Management Traffic 94

    What Is Management Traffic and the Management Plane? 94

    Beyond the Blue Rollover Cable 94

    Management Plane Best Practices 95

    Password Recommendations 97

    Using AAA to Verify Users 97

        AAA Components 98

        Options for Storing Usernames, Passwords, and Access Rules 98

        Authorizing VPN Users 99

        Router Access Authentication 100

        The AAA Method List 101

    Role-Based Access Control 102

        Custom Privilege Levels 103

        Limiting the Administrator by Assigning a View 103

    Encrypted Management Protocols 103

    Using Logging Files 104

    Understanding NTP 105

    Protecting Cisco IOS Files 106

Implement Security Measures to Protect the Management Plane 106

    Implementing Strong Passwords 106

    User Authentication with AAA 108

    Using the CLI to Troubleshoot AAA for Cisco Routers 113

    RBAC Privilege Level/Parser View 118

    Implementing Parser Views 120

    SSH and HTTPS 122

    Implementing Logging Features 125

        Configuring Syslog Support 125

    SNMP Features 128

    Configuring NTP 131

    Securing the Cisco IOS Image and Configuration Files 133

Exam Preparation Tasks 134

Review All the Key Topics 134

Complete the Tables and Lists from Memory 135

Define Key Terms 135

Command Reference to Check Your Memory 135

Chapter 7 Implementing AAA Using IOS and the ACS Server

“Do I Know This Already?” Quiz 137

Foundation Topics 140

Cisco Secure ACS, RADIUS, and TACACS 140

    Why Use Cisco ACS? 140

    What Platform Does ACS Run On? 141

    What Is ISE? 141

    Protocols Used Between the ACS and the Router 141

    Protocol Choices Between the ACS Server and the Client (the Router) 142

Configuring Routers to Interoperate with an ACS Server 143

Configuring the ACS Server to Interoperate with a Router 154

Verifying and Troubleshooting Router-to-ACS Server Interactions 164

Exam Preparation Tasks 171

Review All the Key Topics 171

Complete the Tables and Lists from Memory 171

Define Key Terms 171

Command Reference to Check Your Memory 172

Chapter 8 Securing Layer 2 Technologies

“Do I Know This Already?” Quiz 175

Foundation Topics 178

VLAN and Trunking Fundamentals 178

    What Is a VLAN? 178

    Trunking with 802.1Q 180

    Following the Frame, Step by Step 181

    The Native VLAN on a Trunk 181

    So, What Do You Want to Be? (Says the Port) 182

    Inter-VLAN Routing 182

    The Challenge of Using Physical Interfaces Only 182

    Using Virtual “Sub” Interfaces 182

Spanning-Tree Fundamentals 183

    Loops in Networks Are Usually Bad 184

    The Life of a Loop 184

    The Solution to the Layer 2 Loop 184

    STP Is Wary of New Ports 187

    Improving the Time Until Forwarding 187

Common Layer 2 Threats and How to Mitigate Them 188

    Disrupt the Bottom of the Wall, and the Top Is Disrupted, Too 188

    Layer 2 Best Practices 189

    Do Not Allow Negotiations 190

    Layer 2 Security Toolkit 190

    Specific Layer 2 Mitigation for CCNA Security 191

        BPDU Guard 191

        Root Guard 192

        Port Security 192

Exam Preparation Tasks 195

Review All the Key Topics 195

Complete the Tables and Lists from Memory 195

Review the Port Security Video Included with This Book 196

Define Key Terms 196

Command Reference to Check Your Memory 196

Chapter 9 Securing the Data Plane in IPv6

“Do I Know This Already?” Quiz 199

Foundation Topics 202

Understanding and Configuring IPv6 202

    Why IPv6? 202

    The Format of an IPv6 Address 203

        Understanding the Shortcuts 205

        Did We Get an Extra Address? 205

        IPv6 Address Types 206

Configuring IPv6 Routing 208

    Moving to IPv6 210

Developing a Security Plan for IPv6 210

    Best Practices Common to Both IPv4 and IPv6 210

    Threats Common to Both IPv4 and IPv6 212

    The Focus on IPv6 Security 213

    New Potential Risks with IPv6 213

    IPv6 Best Practices 214

Exam Preparation Tasks 216

Review All the Key Topics 216

Complete the Tables and Lists from Memory 216

Define Key Terms 217

Command Reference to Check Your Memory 217

Part III Mitigating and Controlling Threats

Chapter 10 Planning a Threat Control Strategy

“Do I Know This Already?” Quiz 221

Foundation Topics 224

Designing Threat Mitigation and Containment 224

    The Opportunity for the Attacker Is Real 224

    Many Potential Risks 224

    The Biggest Risk of All 224

    Where Do We Go from Here? 225

Securing a Network via Hardware/Software/Services 226

    Switches 227

    Routers 228

    ASA Firewall 230

    Other Systems and Services 231

Exam Preparation Tasks 232

Review All the Key Topics 232

Complete the Tables and Lists from Memory 232

Define Key Terms 232

Chapter 11 Using Access Control Lists for Threat Mitigation

“Do I Know This Already?” Quiz 235

Foundation Topics 238

Access Control List Fundamentals and Benefits 238

    Access Lists Aren’t Just for Breakfast Anymore 238

    Stopping Malicious Traffic with an Access List 239

    What Can We Protect Against? 240

    The Logic in a Packet-Filtering ACL 241

    Standard and Extended Access Lists 242

    Line Numbers Inside an Access List 243

    Wildcard Masks 244

    Object Groups 244

Implementing IPv4 ACLs as Packet Filters 244

    Putting the Policy in Place 244

    Monitoring the Access Lists 255

    To Log or Not to Log 257

Implementing IPv6 ACLs as Packet Filters 259

Exam Preparation Tasks 263

Review All the Key Topics 263

Complete the Tables and Lists from Memory 263

Review the NAT Video Included with This Book 263

Define Key Terms 264

Command Reference to Check Your Memory 264

Chapter 12 Understanding Firewall Fundamentals

“Do I Know This Already?” Quiz 267

Foundation Topics 270

Firewall Concepts and Technologies 270

    Firewall Technologies 270

    Objectives of a Good Firewall 270

    Firewall Justifications 271

    The Defense-in-Depth Approach 272

    Five Basic Firewall Methodologies 273

        Static Packet Filtering 274

        Application Layer Gateway 275

        Stateful Packet Filtering 276

        Application Inspection 277

        Transparent Firewalls 277

Using Network Address Translation 278

    NAT Is About Hiding or Changing the Truth About Source Addresses 278

    Inside, Outside, Local, Global 279

    Port Address Translation 280

    NAT Options 281

Creating and Deploying Firewalls 283

    Firewall Technologies 283

    Firewall Design Considerations 283

    Firewall Access Rules 284

    Packet-Filtering Access Rule Structure 285

    Firewall Rule Design Guidelines 285

    Rule Implementation Consistency 286

Exam Preparation Tasks 288

Review All the Key Topics 288

Complete the Tables and Lists from Memory 288

Define Key Terms 288

Chapter 13 Implementing Cisco IOS Zone-Based Firewalls

“Do I Know This Already?” Quiz 291

Foundation Topics 294

Cisco IOS Zone-Based Firewall 294

    How Zone-Based Firewall Operates 294

    Specific Features of Zone-Based Firewalls 294

    Zones and Why We Need Pairs of Them 295

    Putting the Pieces Together 296

    Service Policies 297

    The Self Zone 300

Configuring and Verifying Cisco IOS Zone-Based Firewall 300

    First Things First 301

    Using CCP to Configure the Firewall 301

    Verifying the Firewall 314

    Verifying the Configuration from the Command Line 315

    Implementing NAT in Addition to ZBF 319

    Verifying Whether NAT Is Working 322

Exam Preparation Tasks 324

Review All the Key Topics 324

Review the Video Bonus Material 324

Complete the Tables and Lists from Memory 324

Define Key Terms 325

Command Reference to Check Your Memory 325

Chapter 14 Configuring Basic Firewall Policies on Cisco ASA

“Do I Know This Already?” Quiz 327

Foundation Topics 330

The ASA Appliance Family and Features 330

    Meet the ASA Family 330

    ASA Features and Services 331

ASA Firewall Fundamentals 333

    ASA Security Levels 333

    The Default Flow of Traffic 335

    Tools to Manage the ASA 336

    Initial Access 337

    Packet Filtering on the ASA 337

    Implementing a Packet-Filtering ACL 338

    Modular Policy Framework 338

    Where to Apply a Policy 339

Configuring the ASA 340

    Beginning the Configuration 340

    Getting to the ASDM GUI 345

    Configuring the Interfaces 347

    IP Addresses for Clients 355

    Basic Routing to the Internet 356

    NAT and PAT 357

    Permitting Additional Access Through the Firewall 359

    Using Packet Tracer to Verify Which Packets Are Allowed 362

    Verifying the Policy of No Telnet 366

Exam Preparation Tasks 368

Review All the Key Topics 368

Complete the Tables and Lists from Memory 368

Define Key Terms 369

Command Reference to Check Your Memory 369

Chapter 15 Cisco IPS/IDS Fundamentals

“Do I Know This Already?” Quiz 371

Foundation Topics 374

IPS Versus IDS 374

    What Sensors Do 374

    Difference Between IPS and IDS 374

    Sensor Platforms 376

    True/False Negatives/Positives 376

    Positive/Negative Terminology 377

Identifying Malicious Traffic on the Network 377

    Signature-Based IPS/IDS 377

    Policy-Based IPS/IDS 378

    Anomaly-Based IPS/IDS 378

    Reputation-Based IPS/IDS 378

    When Sensors Detect Malicious Traffic 379

    Controlling Which Actions the Sensors Should Take 381

    Implementing Actions Based on the Risk Rating 382

    IPv6 and IPS 382

    Circumventing an IPS/IDS 382

Managing Signatures 384

    Signature or Severity Levels 384

Monitoring and Managing Alarms and Alerts 385

    Security Intelligence 385

    IPS/IDS Best Practices 386

Exam Preparation Tasks 387

Review All the Key Topics 387

Complete the Tables and Lists from Memory 387

Define Key Terms 387

Chapter 16 Implementing IOS-Based IPS

“Do I Know This Already?” Quiz 389

Foundation Topics 392

Understanding and Installing an IOS-Based IPS 392

    What Can IOS IPS Do? 392

    Installing the IOS IPS Feature 393

    Getting to the IPS Wizard 394

Working with Signatures in an IOS-Based IPS 400

    Actions That May Be Taken 405

    Best Practices When Tuning IPS 412

Managing and Monitoring IPS Alarms 412

Exam Preparation Tasks 417

Review All the Key Topics 417

Complete the Tables and Lists from Memory 417

Define Key Terms 417

Command Reference to Check Your Memory 418

Part IV Using VPNs for Secure Connectivity

Chapter 17 Fundamentals of VPN Technology

“Do I Know This Already?” Quiz 423

Foundation Topics 426

Understanding VPNs and Why We Use Them 426

    What Is a VPN? 426

    Types of VPNs 427

        Two Main Types of VPNs 427

    Main Benefits of VPNs 427

        Confidentiality 428

        Data Integrity 428

        Authentication 430

        Antireplay 430

Cryptography Basic Components 430

    Ciphers and Keys 430

        Ciphers 430

        Keys 431

    Block and Stream Ciphers 431

        Block Ciphers 432

        Stream Ciphers 432

    Symmetric and Asymmetric Algorithms 432

        Symmetric 432

        Asymmetric 433

    Hashes 434

    Hashed Message Authentication Code 434

    Digital Signatures 435

        Digital Signatures in Action 435

    Key Management 436

    IPsec and SSL 436

        IPsec 436

        SSL 437

Exam Preparation Tasks 439

Review All the Key Topics 439

Complete the Tables and Lists from Memory 439

Define Key Terms 439

Chapter 18 Fundamentals of the Public Key Infrastructure

“Do I Know This Already?” Quiz 441

Foundation Topics 444

Public Key Infrastructure 444

    Public and Private Key Pairs 444

    RSA Algorithm, the Keys, and Digital Certificates 445

        Who Has Keys and a Digital Certificate? 445

        How Two Parties Exchange Public Keys 445

        Creating a Digital Signature 445

    Certificate Authorities 446

    Root and Identity Certificates 446

        Root Certificate 446

        Identity Certificate 448

        Using the Digital Certificates to get the Peer’s Public Key 448

        X.500 and X.509v3 Certificates 449

    Authenticating and Enrolling with the CA 450

    Public Key Cryptography Standards 450

    Simple Certificate Enrollment Protocol 451

    Revoked Certificates 451

    Uses for Digital Certificates 452

    PKI Topologies 452

        Single Root CA 453

        Hierarchical CA with Subordinate CAs 453

        Cross-Certifying CAs 453

Putting the Pieces of PKI to Work 453

    Default of the ASA 454

    Viewing the Certificates in ASDM 455

    Adding a New Root Certificate 455

    Easier Method for Installing Both Root and Identity certificates 457

Exam Preparation Tasks 462

Review All the Key Topics 462

Complete the Tables and Lists from Memory 462

Define Key Terms 463

Command Reference to Check Your Memory 463

Chapter 19 Fundamentals of IP Security

“Do I Know This Already?” Quiz 465

Foundation Topics 468

IPsec Concepts, Components, and Operations 468

    The Goal of IPsec 468

    The Play by Play for IPsec 469

        Step 1: Negotiate the IKE Phase 1 Tunnel 469

        Step 2: Run the DH Key Exchange 471

        Step 3: Authenticate the Peer 471

        What About the User’s Original Packet? 471

        Leveraging What They Have Already Built 471

        Now IPsec Can Protect the User’s Packets 472

        Traffic Before IPsec 472

        Traffic After IPsec 473

    Summary of the IPsec Story 474

Configuring and Verifying IPsec 475

    Tools to Configure the Tunnels 475

    Start with a Plan 475

    Applying the Configuration 475

    Viewing the CLI Equivalent at the Router 482

    Completing and Verifying IPsec 484

Exam Preparation Tasks 491

Review All the Key Topics 491

Complete the Tables and Lists from Memory 491

Define Key Terms 492

Command Reference to Check Your Memory 492

Chapter 20 Implementing IPsec Site-to-Site VPNs

“Do I Know This Already?” Quiz 495

Foundation Topics 498

Planning and Preparing an IPsec Site-to-Site VPN 498

    Customer Needs 498

    Planning IKE Phase 1 500

    Planning IKE Phase 2 501

Implementing and Verifying an IPsec Site-to-Site VPN 502

    Troubleshooting IPsec Site-to-Site VPNs 511

Exam Preparation Tasks 526

Review All the Key Topics 526

Complete the Tables and Lists from Memory 526

Define Key Terms 526

Command Reference to Check Your Memory 526

Chapter 21 Implementing SSL VPNs Using Cisco ASA

“Do I Know This Already?” Quiz 529

Foundation Topics 532

Functions and Use of SSL for VPNs 532

    Is IPsec Out of the Picture? 532

    SSL and TLS Protocol Framework 533

    The Play by Play of SSL for VPNs 534

    SSL VPN Flavors 534

Configuring SSL Clientless VPNs on ASA 535

    Using the SSL VPN Wizard 536

    Digital Certificates 537

    Authenticating Users 538

    Logging In 541

    Seeing the VPN Activity from the Server 543

Configuring the Full SSL AnyConnect VPN on the ASA 544

    Types of SSL VPNs 545

    Configuring Server to Support the AnyConnect Client 545

    Groups, Connection Profiles, and Defaults 552

    One Item with Three Different Names 553

    Split Tunneling 554

Exam Preparation Tasks 556

Review All the Key Topics 556

Complete the Tables and Lists from Memory 556

Define Key Terms 556

Chapter 22 Final Preparation

Tools for Final Preparation 559

    Pearson IT Certification Practice Test Engine and Questions on the CD 559

        Installing the Software from the CD 560

        Activating and Downloading the Practice Exam 560

        Activating Other Exams 560

        Premium Edition 561

    The Cisco Learning Network 561

    Memory Tables 561

    Chapter-Ending Review Tools 561

    Videos 562

Suggested Plan for Final Review/Study 562

    Using the Exam Engine 562

Summary 563

Part V Appendixes

Appendix A Answers to the “Do I Know This Already?” Quizzes 567

Appendix B CCNA Security 640-554 (IINSv2) Exam Updates 573

Glossary 577

On the CD

Appendix C Memory Tables

Appendix D Memory Tables Answer Key

9781587204463   TOC   6/5/2012

More Information

Pearson IT Certification Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from Pearson IT Certification and its family of brands. I can unsubscribe at any time.

Overview


Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about Pearson IT Certification products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information


To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.

Surveys

Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites; develop new products and services; conduct educational research; and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.

Newsletters

If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@informit.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information


Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.

Security


Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.

Children


This site is not directed to children under the age of 13.

Marketing


Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information


If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.

Choice/Opt-out


Users can always make an informed choice as to whether they should proceed with certain services offered by Adobe Press. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.pearsonitcertification.com/u.aspx.

Sale of Personal Information


Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents


California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure


Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.

Links


This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact


Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice


We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020