CCNA Security Study Guide
34%
off

CCNA Security Study Guide : Exam 210-260

3.25 (4 ratings by Goodreads)
By (author) 

Free delivery worldwide

Available. Dispatched from the UK in 2 business days
When will my order arrive?

Description

Cisco has announced big changes to its certification program.

As of February 24, 2020, all current certifications will be retired, and Cisco will begin offering new certification programs.

The good news is if you're working toward any current CCNA certification, keep going. You have until February 24, 2020 to complete your current CCNA. If you already have CCENT/ICND1 certification and would like to earn CCNA, you have until February 23, 2020 to complete your CCNA certification in the current program. Likewise, if you're thinking of completing the current CCENT/ICND1, ICND2, or CCNA Routing and Switching certification, you can still complete them between now and February 23, 2020.



Lay the foundation for a successful career in network security

CCNA Security Study Guide offers comprehensive review for Exam 210-260. Packed with concise explanations of core security concepts, this book is designed to help you successfully prepare for the exam. Expert instruction guides you through critical concepts relating to secure network infrastructure, access management, VPN encryption, Firewalls, intrusion prevention and more, with complete coverage of the CCNA exam objectives. Practical examples allow you to apply your skills in real-world scenarios, helping you transition effectively from "learning" to "doing". You also get access to the Sybex online learning environment, featuring the tools you need to maximize your study time: key terminology and flash cards allow you to study anytime, anywhere, while chapter tests and practice exams help you track your progress and gauge your readiness along the way.

The CCNA Security certification tests your knowledge of secure network installation, monitoring, and troubleshooting using Cisco security hardware and software solutions. When you're ready to get serious about preparing for the exam, this book gives you the advantage of complete coverage, real-world application, and extensive learning aids to help you pass with confidence.



Master Cisco security essentials, standards, and core technologies
Work through practical examples drawn from real-world examples
Track your progress with online study aids and self-tests



Develop critical competencies in maintaining data integrity, confidentiality, and availability

Earning your CCNA Security certification validates your abilities in areas that define careers including network security, administrator, and network security support engineer. With data threats continuing to mount, the demand for this skill set will only continue to grow--and in an employer's eyes, a CCNA certification makes you a true professional. CCNA Security Study Guide is the ideal preparation resource for candidates looking to not only pass the exam, but also succeed in the field.
show more

Product details

  • Paperback | 384 pages
  • 190 x 236 x 21mm | 526g
  • Sybex Inc.,U.S.
  • New York, United States
  • English
  • 2nd ed.
  • 1119409934
  • 9781119409939
  • 1,149,738

Back cover copy

Covers 100% of exam objectives, including secure network infrastructure, understanding core security concepts, managing secure access, VPN encryption, firewalls, intrusion prevention, web and email content security, endpoint security, and much more... Includes online interactive learning environment with:

+2 custom practice exams +100 electronic flashcards +Searchable key term glossary

Complete, practical, real-world preparation for the CCNA exam

The CCNA Security Study Guide offers comprehensive preparation for Exam 210-260, with expert coverage of all exam objectives and a robust tool kit of learning aids. Providing explanation and insight into the installation, troubleshooting, and monitoring of secure networks, this guide helps candidates develop the technological competency they need to maintain the integrity, confidentiality, and availability of data and devices. Practical examples give you a real-world understanding of critical security issues, and access to the Sybex online interactive learning environment provides chapter tests, electronic flashcards, practice exams, and more to help you maximize your study time while building skills and confidence.

Coverage of 100% of all exam objectives in this Study Guide means you'll be ready for: Security Concepts and Network Topologies Access Management and Authentication VPN and Remote Access Routing and Switching, and VLAN Security Cisco Firewall Technology Configuration IPS Configuration, Deployment, and Security Content and Endpoint Security

Interactive learning environment

Take your exam prep to the next level with Sybex's superior interactive online study tools. To access our learning environment, simply visit www.wiley.com/go/sybextestprep, type in your unique PIN, and instantly gain access to:

FREE access to Sybex's online interactive learning environment for one year. Test bank with 2 practice exams. Practice exams help you identify areas where further review is needed. Get more than 90% of the answers correct, and you're ready to take the certification exam. 100 questions total! 100 electronic flashcards to reinforce learning and last-minute prep before the exam Comprehensive, searchable glossary in PDF format gives you instant access to the key terms so you are fully prepared

ABOUT THE CCNA PROGRAM

The CCNA Security certification program is for network professionals seeking roles as security technicians, administrators, and support engineers. This certification validates skills in Cisco network security testing, deployment, configuration, maintenance, and troubleshooting. Candidates must meet Cisco CCENT requirements and have one to three years of experience in the field. Visit www.cisco.com for more information.
show more

Table of contents

Introduction xxi


Assessment Test xxxi


Chapter 1 Understanding Security Fundamentals 1


Goals of Security 2


Confidentiality 2


Integrity 3


Availability 3


Guiding Principles 3


Common Security Terms 6


Risk Management Process 7


Network Topologies 15


CAN 15


WAN 16


Data Center 16


SOHO 17


Virtual 17


Common Network Security Zones 17


DMZ 17


Intranet and Extranet 18


Public and Private 18


VLAN 18


Summary 19


Exam Essentials 19


Review Questions 20


Chapter 2 Understanding Security Threats 25


Common Network Attacks 26


Motivations 26


Classifying Attack Vectors 27


Spoofing 28


Password Attacks 29


Reconnaissance Attacks 30


Buffer Overflow 34


DoS 34


DDoS 36


Man-in-the-Middle Attack 37


ARP Poisoning 37


Social Engineering 38


Phishing/Pharming 38


Prevention 38


Malware 39


Data Loss and Exfiltration 39


Summary 40


Exam Essentials 40


Review Questions 42


Chapter 3 Understanding Cryptography 45


Symmetric and Asymmetric Encryption 46


Ciphers 46


Algorithms 48


Hashing Algorithms 53


MD5 54


SHA-1 54


SHA-2 54


HMAC 55


Digital Signatures 55


Key Exchange 57


Application: SSH 57


Public Key Infrastructure 57


Public and Private Keys 58


Certificates 60


Certificate Authorities 61


PKI Standards 63


PKI Topologies 64


Certificates in the ASA 65


Cryptanalysis 67


Summary 68


Exam Essentials 68


Review Questions 69


Chapter 4 Securing the Routing Process 73


Securing Router Access 74


Configuring SSH Access 74


Configuring Privilege Levels in IOS 76


Configuring IOS Role-Based CLI 77


Implementing Cisco IOS Resilient Configuration 79


Implementing OSPF Routing Update Authentication 80


Implementing OSPF Routing Update Authentication 80


Implementing EIGRP Routing Update Authentication 82


Securing the Control Plane 82


Control Plane Policing 83


Summary 84


Exam Essentials 85


Review Questions 86


Chapter 5 Understanding Layer 2 Attacks 91


Understanding STP Attacks 92


Understanding ARP Attacks 93


Understanding MAC Attacks 95


Understanding CAM Overflows 96


Understanding CDP/LLDP Reconnaissance 97


Understanding VLAN Hopping 98


Switch Spoofing 98


Double Tagging 99


Understanding DHCP Spoofing 99


Summary 101


Exam Essentials 101


Review Questions 102


Chapter 6 Preventing Layer 2 Attacks 107


Configuring DHCP Snooping 108


Configuring Dynamic ARP Inspection 110


Configuring Port Security 112


Configuring STP Security Features 114


BPDU Guard 114


Root Guard 115


Loop Guard 115


Disabling DTP 116


Verifying Mitigations 116


DHCP Snooping 116


DAI 117


Port Security 118


STP Features 118


DTP 120


Summary 120


Exam Essentials 121


Review Questions 122


Chapter 7 VLAN Security 127


Native VLANs 128


Mitigation 128


PVLANs 128


PVLAN Edge 131


PVLAN Proxy Attack 132


ACLs on Switches 133


Port ACLs 133


VLAN ACLs 133


Summary 134


Exam Essentials 134


Review Questions 136


Chapter 8 Securing Management Traffic 141


In-Band and Out-of-Band Management 142


AUX Port 142


VTY Ports 143


HTTPS Connection 144


SNMP 144


Console Port 145


Securing Network Management 146


SSH 146


HTTPS 146


ACLs 146


Banner Messages 147


Securing Access through SNMP v3 149


Securing NTP 150


Using SCP for File Transfer 151


Summary 151


Exam Essentials 152


Review Questions 153


Chapter 9 Understanding 802.1x and AAA 157


802.1x Components 158


RADIUS and TACACS+ Technologies 159


Configuring Administrative Access with TACACS+ 160


Local AAA Authentication and Accounting 160


SSH Using AAA 161


Understanding Authentication and Authorization Using ACS and ISE 161


Understanding the Integration of Active Directory with AAA 162


TACACS+ on IOS 162


Verify Router Connectivity to TACACS+ 164


Summary 164


Exam Essentials 165


Review Questions 166


Chapter 10 Securing a BYOD Initiative 171


The BYOD Architecture Framework 172


Cisco ISE 172


Cisco TrustSec 174


The Function of Mobile Device Management 177


Integration with ISE Authorization Policies 177


Summary 178


Exam Essentials 179


Review Questions 180


Chapter 11 Understanding VPNs 185


Understanding IPsec 186


Security Services 186


Protocols 189


Delivery Modes 192


IPsec with IPV6 194


Understanding Advanced VPN Concepts 195


Hairpinning 195


Split Tunneling 196


Always-on VPN 197


NAT Traversal 198


Summary 199


Exam Essentials 199


Review Questions 200


Chapter 12 Configuring VPNs 203


Configuring Remote Access VPNs 204


Basic Clientless SSL VPN Using ASDM 204


Verify a Clientless Connection 207


Basic AnyConnect SSL VPN Using ASDM 207


Verify an AnyConnect Connection 209


Endpoint Posture Assessment 209


Configuring Site-to-Site VPNs 209


Implement an IPsec Site-to-Site VPN with Preshared Key Authentication 209


Verify an IPsec Site-to-Site VPN 212


Summary 212


Exam Essentials 213


Review Questions 214


Chapter 13 Understanding Firewalls 219


Understanding Firewall Technologies 220


Packet Filtering 220


Proxy Firewalls 220


Application Firewall 221


Personal Firewall 221


Stateful vs. Stateless Firewalls 222


Operations 222


State Table 223


Summary 224


Exam Essentials 224


Review Questions 225


Chapter 14 Configuring NAT and Zone-Based Firewalls 229


Implementing NAT on ASA 9.x 230


Static 231


Dynamic 232


PAT 233


Policy NAT 233


Verifying NAT Operations 235


Configuring Zone-Based Firewalls 236


Class Maps 237


Default Policies 237


Configuring Zone-to-Zone Access 239


Summary 240


Exam Essentials 240


Review Questions 241


Chapter 15 Configuring the Firewall on an ASA 245


Understanding Firewall Services 246


Understanding Modes of Deployment 247


Routed Firewall 247


Transparent Firewall 247


Understanding Methods of Implementing High Availability 247


Active/Standby Failover 248


Active/Active Failover 248


Clustering 249


Understanding Security Contexts 249


Configuring ASA Management Access 250


Initial Configuration 250


Configuring Cisco ASA Interface Security Levels 251


Security Levels 251


Configuring Security Access Policies 253


Interface Access Rules 253


Object Groups 254


Configuring Default Cisco Modular Policy Framework (MPF) 256


Summary 257


Exam Essentials 257


Review Questions 259


Chapter 16 Intrusion Prevention 263


IPS Terminology 264


Threat 264


Risk 264


Vulnerability 265


Exploit 265


Zero-Day Threat 265


Actions 265


Network-Based IPS vs. Host-Based IPS 266


Host-Based IPS 266


Network-Based IPS 266


Promiscuous Mode 266


Detection Methods 267


Evasion Techniques 267


Packet Fragmentation 267


Injection Attacks 270


Alternate String Expressions 271


Introducing Cisco FireSIGHT 271


Capabilities 271


Protections 272


Understanding Modes of Deployment 273


Inline 275


Positioning of the IPS within the Network 275


Outside 275


DMZ 276


Inside 277


Understanding False Positives, False Negatives, True Positives, and True Negatives 277


Summary 278


Exam Essentials 278


Review Questions 280


Chapter 17 Content and Endpoint Security 285


Mitigating Email Threats 286


Spam Filtering 286


Context-Based Filtering 287


Anti-malware Filtering 287


DLP 287


Blacklisting 288


Email Encryption 288


Cisco Email Security Appliance 288


Putting the Pieces Together 290


Mitigating Web-Based Threats 292


Understanding Web Proxies 292


Cisco Web Security Appliance 293


Mitigating Endpoint Threats 294


Cisco Identity Services Engine (ISE) 294


Antivirus/Anti-malware 294


Personal Firewall 294


Hardware/Software Encryption of Local Data 294


HIPS 295


Summary 295


Exam Essentials 295


Review Questions 296


Appendix Answers to Review Questions 301


Chapter 1: Understanding Security Fundamentals 302


Chapter 2: Understanding Security Threats 304


Chapter 3: Understanding Cryptography 305


Chapter 4: Securing the Routing Process 307


Chapter 5: Understanding Layer 2 Attacks 309


Chapter 6: Preventing Layer 2 Attacks 311


Chapter 7: VLAN Security 312


Chapter 8: Securing Management Traffic 314


Chapter 9: Understanding 802.1x and AAA 316


Chapter 10: Securing a BYOD Initiative 317


Chapter 11: Understanding VPNs 319


Chapter 12: Configuring VPNs 321


Chapter 13: Understanding Firewalls 322


Chapter 14: Configuring NAT and Zone-Based Firewalls 324


Chapter 15: Configuring the Firewall on an ASA 325


Chapter 16: Intrusion Prevention 327


Chapter 17: Content and Endpoint Security 328


Index 331
show more

About Troy McMillan

Troy McMillan, CCNA, CCNP, CISSP, CASP, Security+, writes practice tests, study guides, and online course material for Kaplan IT Cert Prep. As a trainer and consultant with over 30 industry certifications, he delivers training in both live and video formats.
show more

Rating details

4 ratings
3.25 out of 5 stars
5 25% (1)
4 25% (1)
3 25% (1)
2 0% (0)
1 25% (1)
Book ratings by Goodreads
Goodreads is the world's largest site for readers with over 50 million reviews. We're featuring millions of their reader ratings on our book pages to help you find your new favourite book. Close X