CCNP Security VPN 642-648 Official Cert Guide

CCNP Security VPN 642-648 Official Cert Guide

3.6 (10 ratings by Goodreads)
By (author) 

List price: US$72.99

Currently unavailable

We can notify you when this item is back in stock

Add to wishlist

AbeBooks may have this title (opens in new window).

Try AbeBooks

Description

The official study guide helps you master all the topics on the CCNP Security VPN exam, includingConfiguring policies, inheritance, and attributes * AnyConnect Remote Access VPN solutions* AAA and Dynamic Access Policies (DAP)* High availability and performance* Clientless VPN solutions* SSL VPN with Cisco Secure Desktop* Easy VPN solutions* IPsec VPN clients and site-to-site VPNs The CD-ROM contains a free, complete practice exam. Includes Exclusive Offer for 70% Off Premium Edition eBook and Practice Test Pearson IT Certification Practice Test minimum system requirements: Windows XP (SP3), Windows Vista (SP2), or Windows 7; Microsoft .NET Framework 4.0 Client; Pentium class 1GHz processor (or equivalent); 512 MB RAM; 650 MB disc space plus 50 MB for each downloaded practice exam This volume is part of the Official Cert Guide Series from Cisco Press. Books in this series provide officially developed exam preparation materials that offer assessment, review, and practice to help Cisco Career Certification candidates identify weaknesses, concentrate their study efforts, and enhance their confidence as exam day nears. CCNP Security VPN 642-648 Official Cert Guide is a best of breed Cisco exam study guide that focuses specifically on the objectives for the CCNP Security VPN exam. Cisco Certified Internetwork Expert (CCIE) Howard Hooper shares preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics. CCNP Security VPN 642-648 Official Cert Guide presents you with an organized test-preparation routine through the use of proven series elements and techniques. "Do I Know This Already?" quizzes open each chapter and enable you to decide how much time you need to spend on each section. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly. The companion CD-ROM contains a powerful testing engine that enables you to focus on individual topic areas or take a complete, timed exam. The assessment engine also tracks your performance and provides feedback on a module-by-module basis, laying out a complete assessment of your knowledge to help you focus your study where it is needed most. Well-regarded for its level of detail, assessment features, and challenging review questions and exercises, this official study guide helps you master the concepts and techniques that will enable you to succeed on the exam the first time.CCNP Security VPN 642-648 Official Cert Guide is part of a recommended learning path from Cisco that includes simulation and hands-on training from authorized Cisco Learning Partners and self-study products from Cisco Press. To find out more about instructor-led training, e-learning, and hands-on instruction offered by authorized Cisco Learning Partners worldwide, please visit www.cisco.com/go/authorizedtraining.show more

Product details

  • Mixed media product | 832 pages
  • 193.04 x 236.22 x 48.26mm | 1,655.6g
  • Pearson Education (US)
  • Cisco Press
  • Indianapolis, United States
  • English
  • 2nd edition
  • 1587204479
  • 9781587204470
  • 674,944

About Howard Hooper

Howard Hooper, CCIE No. 23470, CCNP, CCNA, CCDA, JNCIA, works as a network consultant and trainer for Transcend Networks Ltd., specializing in network design, installation, and automation for enterprise and government clients. He has worked in the network industry for 10 years, starting his career in the service provider field as a support engineer, before moving on to installations engineer and network architect roles, working on small, medium, enterprise, and service provider networks. In his spare time, Howard is a professional skydiver and Cisco Academy instructor. When he is not freefalling from more than 13,500 feet at his local drop zone, he is teaching the CCNA syllabus at his local Cisco Academy.show more

Table of contents

Introduction Part I ASA Architecture and Technologies OverviewChapter 1 Examining the Role of VPNs and the Technologies Supported by the ASA"Do I Know This Already?" Quiz Foundation Topics Introducing the Virtual Private Network VPN Termination Device (ASA) Placement Meet the Protocols Symmetric and Asymmetric Key Algorithms IPsec IKEv1 Authentication Header and Encapsulating Security Payload IKEv2 SSL/TLS SSL Tunnel Negotiation Handshake DTLS ASA Packet Processing The Good, the Bad, and the Licensing Time-Based Licenses When Time-Based and Permanent Licenses Combine Shared SSL VPN Licenses Failover Licensing Exam Preparation Tasks Review All Key Topics Complete Tables and Lists from Memory Define Key Terms Chapter 2 Configuring Policies, Inheritance, and Attributes"Do I Know This Already?" Quiz Foundation Topics Policies and Their Relationships Understanding Connection Profiles Group URL Group Alias Certificate-to-Connection Profile Mapping Per-User Connection Profile Lock Default Connection Profiles Understanding Group Policies Configure User Attributes Using External Servers for AAA and Policies Exam Preparation Tasks Review All Key Topics Complete Tables and Lists from Memory Define Key Terms Part II Cisco Clientless Remote-Access VPN SolutionsChapter 3 Deploying a Clientless SSL VPN Solution"Do I Know This Already?" Quiz Foundation Topics Clientless SSL VPN Overview Deployment Procedures and Strategies Deploying Your First Clientless SSL VPN Solution IP Addressing Hostname, Domain Name, and DNS Become a Member of a Public Key Infrastructure Adding a CA Root Certificate Certificate Revocation List Revocation Check CRL Retrieval Policy CRL Retrieval Method OCSP Rules Advanced Enable the Relevant Interfaces for SSL Create Local User Accounts for Authentication Create a Connection Profile (Optional) Basic Access Control Bookmarks HTTP and HTTPS CIFS FTP Group Policies Content Transformation Gateway Content Rewriting Application Helper Profiles Java Code Signing Troubleshooting a Basic Clientless SSL VPN Troubleshooting Session Establishment Troubleshooting Certificate Errors Exam Preparation Tasks Review All Key Topics Complete Tables and Lists from Memory Define Key Terms Chapter 4 Advanced Clientless SSL VPN Settings"Do I Know This Already?" Quiz Foundation Topics Overview of Advanced Clientless SSL VPN Settings Application Access Through Port Forwarding Configuring Port Forwarding Application Access Using Client-Server Plug-Ins Configuring Client-Server Plug-In Access Application Access Through Smart Tunnels Configuring Smart Tunnel Access Configuring SSL/TLS Proxies Email Proxy Internal HTTP and HTTPS Proxy Troubleshooting Advanced Application Access Troubleshooting Application Access Client ASA/VPN Termination Appliance Application/Web Server Exam Preparation Tasks Review All Key Topics Complete Tables and Lists from Memory Define Key Terms Chapter 5 Customizing the Clientless Portal"Do I Know This Already?" Quiz Foundation Topics Basic Portal Layout Configuration Logon Page Customization Portal Page Customization Logout Page Customization Outside-the-Box Portal Configuration Portal Language Localization Getting Portal Help AnyConnect Portal Integration Clientless SSL VPN Advanced Authentication Using an External and Internal CA for Clientless Access Clientless SSL VPN Double Authentication Deploying Clientless SSL VPN Single Signon Troubleshooting PKI and SSO Integration Exam Preparation Tasks Review All Key Topics Complete Tables and Lists from Memory Define Key Terms Chapter 6 Clientless SSL VPN Advanced Authentication and Authorization"Do I Know This Already?" Quiz Foundation Topics Configuration Procedures, Deployment Strategies, and Information Gathering Create a DAP Specify User AAA Attributes Specify Endpoint Attributes Configure Authorization Parameters Configure Authorization Parameters for the Default DAP DAP Record Aggregation Troubleshooting DAP Deployment ASDM Test Feature ASA Logging DAP Debugging Exam Preparation Tasks Review All Key Topics Complete Tables and Lists from Memory Define Key Terms Chapter 7 Clientless SSL High Availability and Performance"Do I Know This Already?" Quiz Foundation Topics High-Availability Deployment Information and Common Strategies Failover Active/Active Active/Standby VPN Load Balancing (Clustering) External Load Balancing Redundant VPN Peering Content Caching for Optimization Clientless SSL VPN Load Sharing Using an External Load Balancer Clustering Configuration for Clientless SSL VPN Troubleshooting Load Balancing and Clustering Exam Preparation Tasks Review All Key Topics Complete Tables and Lists from Memory Define Key Terms Part III Cisco AnyConnect Remote-Access VPN SolutionsChapter 8 Deploying an AnyConnect Remote-Access VPN Solution"Do I Know This Already?" Quiz Foundation Topics AnyConnect Full-Tunnel SSL VPN Overview Configuration Procedures, Deployment Strategies, and Information Gathering AnyConnect Secure Mobility Client Installation Deploying Your First Full-Tunnel AnyConnect SSL VPN Solution IP Addressing Enable IPv6 Access Hostname, Domain Name, and DNS Enroll with a CA and Become a Member of a PKI Add an Identity Certificate Add the Signing Root CA Certificate Enable the Interfaces for SSL/DTLS and AnyConnect Client Connections Create a Connection Profile Deploying Your First AnyConnect IKEv2 VPN Solution Enable the Relevant Interfaces for IKEv2 and AnyConnect Client Access Create Your IKEv2 Policies Create a Connection Profile Client IP Address Allocation Connection Profile Address Assignment Group Policy Address Assignment Direct User Address Assignment Advanced Controls for Your Environment ACLs and Downloadable ACLs Split Tunneling Access Hours/Time Range Troubleshooting the AnyConnect Secure Mobility Client Exam Preparation Tasks Review All Key Topics Complete Tables and Lists from Memory Define Key Terms Chapter 9 Advanced Authentication and Authorization of AnyConnect VPNs"Do I Know This Already?" Quiz Foundation Topics Authentication Options and Strategies Provisioning Certificates as a Local CA Configuring Certificate Mappings Certificate-to-Connection Profile Maps Mapping Criteria Provisioning Certificates from a Third-Party CA Configure an XML Profile for Use by the AnyConnect Client Configure a Dedicated Connection Profile for Enrollment Enroll the AnyConnect Client into a PKI Optionally, Configure Client Certificate Selection Import the Issuing CA's Certificate into the ASA Create a Connection Profile Using Certificate-Based Authentication Advanced PKI Deployment Strategies Doubling Up on Client Authentication Troubleshooting Your Advanced Configuration Exam Preparation Tasks Review All Key Topics Complete Tables and Lists from Memory Define Key Terms Chapter 10 Advanced Deployment and Management of the AnyConnect Client"Do I Know This Already?" Quiz Foundation Topics Configuration Procedures, Deployment Strategies, and Information Gathering AnyConnect Installation Options Manual Predeployment Automatic Web Deployment Managing AnyConnect Client Profiles Advanced Profile Features Start Before Login Trusted Network Detection Advanced AnyConnect Customization and Management Exam Preparation Tasks Review All Key Topics Complete Tables and Lists from Memory Define Key Terms Chapter 11 AnyConnect Advanced Authorization Using AAA and DAPs"Do I Know This Already?" Quiz Foundation Topics Configuration Procedures, Deployment Strategies, and Information Gathering Configuring Local and Remote Group Policies Full SSL VPN Accountability Authorization Through Dynamic Access Policies Troubleshooting Advanced Authorization Settings Exam Preparation Tasks Review All Key Topics Complete Tables and Lists from Memory Define Key Terms Chapter 12 AnyConnect High Availability and Performance"Do I Know This Already?" Quiz Foundation Topics Overview of High Availability and Redundancy Methods Hardware-Based Failover VPN Clustering (VPN Load Balancing) Redundant VPN Peering External Load Balancing Deploying DTLS Performance Assurance with QOS Basic ASDM QoS Configuration Basic CLI QoS Configuration AnyConnect Redundant Peering and Failover Hardware-Based Failover with VPNs Configure LAN Failover Interfaces Configure Standby Addresses on Interfaces Used for Traffic Forwarding Define Failover Criteria Configure Nondefault MAC Addresses Redundancy in the VPN Core VPN Clustering Load Balancing Using an External Load Balancer Exam Preparation Tasks Review All Key Topics Complete Tables and Lists from Memory Define Key Terms Part IV Cisco Secure DesktopChapter 13 Cisco Secure Desktop"Do I Know This Already?" Quiz Foundation Topics Cisco Secure Desktop Overview and Configuration Prelogin Assessment Host Scan Secure Desktop (Vault) Cache Cleaner Keystroke Logger Integration with DAP Host Emulation Detection Windows Mobile Device Management Standalone Installation Packages CSD Manual Launch CSD Order of Operations Prelogin Phase Post-Login Phase Session-Termination Phase CSD Supported Browsers, Operating Systems, and Credentials Enabling Cisco Secure Desktop on the ASA Configure Prelogin Criteria Keystroke Logger and Safety Checks Cache Cleaner Secure Desktop (Vault) General Secure Desktop (Vault) Settings Secure Desktop (Vault) Browser Host Endpoint Assessment Authorization Using DAPs Troubleshooting Cisco Secure Desktop Exam Preparation Tasks Review All Key Topics Complete Tables and Lists from Memory Define Key Terms Part V Cisco IPsec Remote-Access Client SolutionsChapter 14 Deploying and Managing the Cisco VPN Client"Do I Know This Already?" Quiz Foundation Topics Cisco IPsec VPN Client Features Cisco ASA Basic Remote IPsec Client Configuration IPsec Client Software Installation and Basic Configuration Create New VPN Connection Entry, Main Window Authentication Tab Transport Tab Backup Servers Tab Dial-Up Tab Advanced Profile Settings VPN Client Software GUI Customization Troubleshooting VPN Client Connectivity Exam Preparation Tasks Review All Key Topics Complete Tables and Lists from Memory Define Key Terms Part VI Cisco Easy VPN SolutionsChapter 15 Deploying Easy VPN Solutions"Do I Know This Already?" Quiz Foundation Topics Configuration Procedures, Deployment Procedures, and Information Gathering Easy VPN Basic Configuration ASA IP Addresses Configure Required Routing Enable IPsec Connectivity Configure Preferred IKEv1 and IPsec Policies Client IP Address Assignment VPN Client Authentication Using Pre-Shared Keys Using XAUTH for VPN Client Access IP Address Allocation Using the VPN Client DHCP Configuration Controlling Your Environment with Advanced Features ACL Bypass Configuration Basic Interface ACL Configuration Per-Group ACL Configuration Per-User ACL Configuration Split-Tunneling Configuration Troubleshooting a Basic Easy VPN Exam Preparation Tasks Review All Key Topics Complete Tables and Lists from Memory Define Key Terms Chapter 16 Advanced Authentication and Authorization Using Easy VPN"Do I Know This Already?" Quiz Foundation Topics Authentication Options and Strategies Configuring PKI for Use with Easy VPN Configuring Mutual/Hybrid Authentication Configuring Digital Certificate Mappings Provisioning Certificates from a Third-Party CA Advanced PKI Deployment Strategies CRLs OCSP AAA Troubleshooting Advanced Authentication for Easy VPN Exam Preparation Tasks Review All Key Topics Complete Tables and Lists from Memory Define Key Terms Chapter 17 Advanced Easy VPN Authorization"Do I Know This Already?" Quiz Foundation Topics Configuration Procedures, Deployment Strategies, and Information Gathering Configuring Local and Remote Group Policies Assigning a Group Policy to a Local User Account Assigning a Group Policy to a Connection Profile Accounting Methods for Operational Information NetFlow 9 RADIUS VPN Accounting SNMP Exam Preparation Tasks Review All Key Topics Complete Tables and Lists from Memory Define Key Terms Chapter 18 High Availability and Performance for Easy VPN"Do I Know This Already?" Quiz Foundation Topics Configuration Procedures, Deployment Strategies, and Information Gathering VPN Client HA and Failover Hardware-Based Failover with VPNs Configure Optional Active/Standby Failover Settings Clustering Configuration for Easy VPN Troubleshooting Device Failover and Clustering Exam Preparation Tasks Review All Key Topics Complete Tables and Lists from Memory Define Key Terms Chapter 19 Easy VPN Operation Using the ASA 5505 as a Hardware Client"Do I Know This Already?" Quiz Foundation Topics Easy VPN Remote Hardware Client Overview Client Mode Network Extension Mode Configuring a Basic Easy VPN Remote Client Using the ASA 5505 Configuring Advanced Easy VPN Remote Client Settings for the ASA 5505 X-Auth and Device Authentication Remote Management Tunneled Management Clear Tunneled Management NAT Traversal Device Pass-Through Troubleshooting the ASA 5505 Easy VPN Remote Hardware Client Exam Preparation Tasks Review All Key Topics Complete Tables and Lists from Memory Define Key Terms Part VII Cisco IPsec Site-to-Site VPN SolutionsChapter 20 Deploying IPsec Site-to-Site VPNs"Do I Know This Already?" Quiz Foundation Topics Configuration Procedures, Deployment Strategies, and Information Gathering IKEv1 Phase 1 Phase 2 (Quick Mode) IKEv2 Phase 1 Phase 2 Configuring a Basic IKEv1 IPsec Site-to-Site VPN Configure Basic Peer Authentication Enable IKEv1 on the Interface Configure IKEv1 Policies Configure Pre-Shared Keys Configure Transmission Protection Select Transform Set and VPN Peer Define Interesting Traffic Configuring a Basic IKEv2 IPsec Site-to-Site VPN Configure Advanced Authentication for IKEv1 IPsec Site-to-Site VPNs Troubleshooting an IPsec Site-to-Site VPN Connection Tunnel Not Establishing: Phase 1 Tunnel Not Establishing: Phase 2 Traffic Not Passing Through Your Tunnel Exam Preparation Tasks Review All Key Topics Complete Tables and Lists from Memory Define Key Terms Chapter 21 High Availability and Performance Strategies for IPsec Site-to-Site VPNs"Do I Know This Already?" Quiz Foundation Topics Configuration Procedures, Deployment Strategies, and Information Gathering High Assurance with QoS Basic QoS Configuration Deploying Redundant Peering for Site-to-Site VPNs Site-to-Site VPN Redundancy Using Routing Hardware-Based Failover with VPNs Configure LAN Failover Interfaces Configure Standby Addresses on Interfaces Used for Traffic Forwarding Define Failover Criteria Configure Nondefault Mac Addresses Troubleshooting HA Deployment Exam Preparation Tasks Review All Key Topics Complete Tables and Lists from Memory Define Key Terms Part VIII Exam PreparationChapter 22 Final Exam PreparationTools for Final Preparation Pearson Cert Practice Test Engine and Questions on the CD Install the Software from the CD Activate and Download the Practice Exam Activating Other Exams Premium Edition The Cisco Learning Network Memory Tables Suggested Plan for Final Review/Study Using the Exam Engine Summary Part IX AppendixesAppendix A Answers to the "Do I Know This Already?" Quizzes Appendix B 642-648 CCNP Security VPN Exam Updates, Version 1.0 Appendix C Memory Tables (CD-only) 3Appendix D Memory Tables Answer Key (CD-only) 19Glossary 9781587204470 TOC 5/21/2012show more

Rating details

10 ratings
3.6 out of 5 stars
5 10% (1)
4 40% (4)
3 50% (5)
2 0% (0)
1 0% (0)
Book ratings by Goodreads
Goodreads is the world's largest site for readers with over 50 million reviews. We're featuring millions of their reader ratings on our book pages to help you find your new favourite book. Close X