CCSP SNPA Official Exam Certification Guide

CCSP SNPA Official Exam Certification Guide

3 (4 ratings by Goodreads)
By (author)  , By (author)  , By (author)  , By (author)  , By (author) 

List price: US$59.95

Currently unavailable

Add to wishlist

AbeBooks may have this title (opens in new window).

Try AbeBooks

Description

Assessment, review, and practice for CCSP SNPA exam 642-522



The official study guide helps you master all the topics on the SNPA exam, including:



Firewall technologies
Cisco Security Appliance translation and connection
Access control configuration
Modular policy framework
Security contexts
Syslog
Routing protocol support
Failover
Virtual private networks (VPN)
Adaptive Security Device Manager (ASDM)
Content filtering
Authentication, authorization, and accounting (AAA) configuration
Intrusion Prevention Systems (IPS) and advanced protocol handling

CCSP SNPA Official Exam Certification Guide, Third Edition, is a best-of-breed Cisco (R) exam study guide that focuses specifically on the objectives for the Securing Networks with PIX and ASA (SNPA) exam. Network security consultant, Michael Gibbs, shares preparation hints and test-taking tips, helping you identify areas of weakness and improve your knowledge of firewall and Adaptive Security Appliance (ASA) security. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.



This guide presents you with an organized test preparation routine through the use of proven series elements and techniques. "Do I Know This Already?" quizzes open each chapter and allow you to decide how much time you need to spend on each section. Exam topic lists and Foundation Summary tables make referencing easy and give you a quick refresher whenever you need it. Challenging chapter-ending review questions help you assess your knowledge and reinforce key concepts.



The companion CD-ROM contains a powerful testing engine that allows you to focus on individual topic areas or take complete, timed exams. The assessment engine also tracks your performance and provides feedback on a module-by-module basis, presenting question-by-question remediation to the text.



Well-regarded for its level of detail, assessment features, and challenging review questions and exercises, this book helps you master the concepts and techniques that will enable you to succeed on the exam the first time.



CCSP SNPA Official Exam Certification Guide, Third Edition, is part of a recommended learning path from Cisco Systems (R) that includes simulation and hands-on training from authorized Cisco Learning Partners and self-study products from Cisco Press. To find out more about instructor-led training, e-learning, and hands-on instruction offered by authorized Cisco Learning Partners worldwide, visit www.cisco.com/go/authorizedtraining.



Companion CD-ROM

The CD-ROM contains an electronic copy of the book and more than 200 practice questions for the SNPA exam, all available in study mode, test mode, and flash card format.



This volume is part of the Exam Certification Guide Series from Cisco Press (R). Books in this series provide officially developed exam preparation materials that offer assessment, review, and practice to help Cisco Career Certification candidates identify weaknesses, concentrate their study efforts, and enhance their confidence as exam day nears.
show more

Product details

  • Mixed media product | 768 pages
  • 185.4 x 233.7 x 50.8mm | 1,406.15g
  • Cisco Press
  • Indianapolis, United States
  • English
  • 3rd edition
  • 1587201526
  • 9781587201523
  • 2,003,844

Table of contents

Chapter 1 Network Security

How to Best Use This Chapter

"Do I Know This Already?" Quiz

Foundation and Supplemental Topics

Overview of Network Security

Vulnerabilities, Threats, and Attacks

Vulnerabilities

Threats

Types of Attacks

Security Policies

Step 1: Secure

Step 2: Monitor

Step 3: Test

Step 4: Improve

Network Security as a "Legal Issue"

Defense in Depth

Cisco AVVID and Cisco SAFE

Cisco AVVID?

Cisco SAFE

Foundation Summary

Network Security

Vulnerabilities, Threats, and Attacks

Vulnerabilities

Threats

Attacks

Security Policies

Network Security as a Process

Defense in Depth

Cisco AVVID

Cisco SAFE

Key Terms

Q&A

Chapter 2 Firewall Technologies andtheCisco Security Appliance

How to Best Use This Chapter

"Do I Know This Already?" Quiz

Foundation Topics

Firewall Technologies

Packet Filtering

Proxy

Stateful Packet Inspection

Cisco PIX Firewall

Secure Real-Time Embedded System

Adaptive Security Algorithm

Cut-Through Proxy

Security Contexts (Virtual Firewall)

Redundancy

Foundation Summary

Firewall Technologies

Cisco Security Appliance

Q&A

Chapter 3 Cisco Security Appliance

How to Best Use This Chapter

"Do I Know This Already?" Quiz

Foundation Topics

Overview of the Cisco Security Appliance

ASA

Cut-Through Proxy

Cisco PIX Firewall Models and Features

Intrusion Protection

AAA Support

X.509 Certificate Support

Modular Policy Framework

Network Address Translation/Port Address Translation

Firewall Management

Simple Network Management Protocol

Syslog Support

Security Contexts

Transparent Firewalls

Virtual Private Networks

Optional Firewall Components

PIX Firewall Model Capabilities

Cisco PIX 501

Cisco PIX 506E

Cisco PIX 515E

Cisco PIX 525

Cisco PIX 535

Cisco ASA Security Model Capabilities

Cisco ASA 5510 Security Appliance

Cisco ASA 5520 Security Appliance

Cisco ASA 5540 Security Appliance

Foundation Summary

Adaptive Security Algorithm

Cut-Through Proxy

Cisco PIX Firewall Models and Features

Cisco ASA Security Appliance Models and Features

Intrusion Protection

AAA Support

X.509 Certificate Support

Modular Policy Framework

NAT/PAT

Firewall Management

SNMP

Syslog Support

Virtual Private Networks

Security Context

Cisco Security Appliance Models

Q&A

Chapter 4 System Management/Maintenance

How to Best Use This Chapter

"Do I Know This Already?" Quiz

Foundation Topics

Accessing Cisco Security Appliance

Accessing a Cisco Security Appliance with Telnet

Accessing the Cisco Security Appliance with Secure Shell

Command-Level Authorization

Installing a New Operating System

Upgrading Your Activation Key

Upgrading the Cisco Security Appliance Operating System

Upgrading the Operating System Using the copy tftp flashCommand

Upgrading the Operating System Using Monitor Mode

Upgrading the OS Using an HTTP Client

Creating a Boothelper Disk Using a Windows PC

Password Recovery

Cisco PIX Firewall Password Recovery: Getting Started

Password Recovery Procedure for a PIX Firewall with a Floppy Drive (PIX520)

Password Recovery Procedure for a Diskless PIX Firewall
(PIX 501, 506, 506E, 515E, 515, 525, and 535)

Password Recovery Procedure for the ASA Security Appliance

Overview of Simple Network Management Protocol
on the PIX Firewall

Configuring Simple Network Management Protocol
on Security Appliance

Troubleshooting Commands

Foundation Summary

Q&A

Chapter 5 Understanding Cisco Security Appliance Translation and Connection

How to Best Use This Chapter

"Do I Know This Already?" Quiz

Foundation Topics

How the Cisco Security Appliance Handles Traffic

Interface Security Levels and the Default Security Policy

Transport Protocols

Address Translation

Translation Commands

NAT

PAT

Static Translation

Using the static Command for Port Redirection

Configuring Multiple Translation Types on the Cisco Security Appliance

Bidirectional NAT

Translation Versus Connection

Configuring DNS Support

Foundation Summary

Q&A

Chapter 6 Getting Started with the Cisco Security Appliance Family of Firewalls

How to Best Use This Chapter

"Do I Know This Already?" Quiz

Foundation Topics

Access Modes

Configuring a Cisco Security Appliance

interface Command

security-level Command

nameif Command

ip address Command

nat Command

speed Command

duplex Command

nat-control Command

global Command

route Command

Routing Information Protocol

Testing Your Configuration

Saving Your Configuration

Support for Domain Name System Messages

Configuring Dynamic Host Configuration Protocol on the Cisco Security Appliance

Using the Cisco Security Appliance DHCP Server

Configuring the Security Appliance DHCP Client

Configuring Time Settings on the Cisco Security Appliance

NTP

Cisco Security Appliance System Clock

Configuring Login Banners on the Cisco Security Appliance

Configuring Transparent Mode

Enabling Transparent Mode

Traffic Management in Transparent Mode

Monitoring in Transparent Mode

Sample Security Appliance Configuration

Foundation Summary

Q&A

Chapter 7 Configuring Access

How Best to Use This Chapter

"Do I Know This Already?" Quiz

Foundation Topics

Configuring Inbound Access Through a Cisco Security Appliance

Static NAT

Static PAT

TCP Intercept Feature

nat 0 Command

Policy NAT

Access Lists

Object Grouping

network Object Type

protocol Object Type

service Object Type

icmp-type Object Type

Nesting Object Groups

ACL Logging

Advanced Protocol Handling

FTP

DNS

Simple Mail Transfer Protocol

Foundation Summary

Q&A

Chapter 8 Modular Policy Framework

How to Best Use This Chapter

"Do I Know This Already?" Quiz

Foundation Topics

Modular Policy Framework Overview

Traffic Flow Matching

Step 1: Create a Class Map

Step 2: Define Class Map Matches

Viewing the Class Map Configuration

Assigning Actions to a Traffic Class

Step 1: Create a Policy Map

Step 2: Assign Traffic Classes to the Policy Map

Step 3: Assign Policies for Each Class

Viewing the Policy Map Configuration

Assigning Policies to an Interface

Service Policy Matching Logic

Viewing the Service Policy Configuration

Viewing the Service Policy Statistics

Foundation Summary

Q&A

Chapter 9 Security Contexts

How to Best Use This Chapter

"Do I Know This Already?" Quiz

Foundation Topics

Security Context Overview

Multiple Context Modes

Administration Context

Configuring Security Contexts

Creating a New Context

Assigning Interfaces to a Context

Uploading a Configuration Using the config-url Command

Managing Security Contexts

Deleting Contexts

Navigating Multiple Contexts

Viewing Context Information

Step-by-Step Configuration of a Security Context

Foundation Summary

Q&A

Chapter 10 Syslog and the Cisco Security Appliance

How to Best Use This Chapter

"Do I Know This Already?" Quiz

Foundation Topics

How Syslog Works

Logging Facilities

Logging Levels

How Log Messages Are Organized

How to Read System Log Messages

Configuring Syslog on a Cisco Security Appliance

Configuring the ASDM to View Logging

Configuring Syslog Messages at the Console

Sending Syslog Messages to a Telnet Session

Configuring the Cisco Security Appliance to Send Syslog Messages to a Log Server

Configuring SNMP Traps and SNMP Requests

Configuring a Syslogd Server

PIX Firewall Syslog Server

Foundation Summary

Q&A

Chapter 11 Routing and the Cisco Security Appliance

How to Best Use This Chapter

"Do I Know This Already?" Quiz

Foundation Topics and Supplemental Topics

General Routing Principles

Ethernet VLAN Tagging

Understanding VLANs

Understanding Trunk Ports

Understanding Logical Interfaces

Managing VLANs

IP Routing

Static Routes

Dynamic Routes

Multicast Routing

Multicast Commands

Inbound Multicast Traffic

Outbound Multicast Traffic

Debugging Multicast

Foundation Summary

Q&A

Chapter 12 Cisco Security Appliance Failover

How to Best Use This Chapter

"Do I Know This Already?" Quiz

Foundation Topics

What Causes a Failover Event?

What Is Required for a Failover Configuration?

Failover Monitoring

Configuration Replication

Stateful Failover

LAN-Based Failover

Active-Active Failover

Configuring Failover

Foundation Summary

Q&A

Chapter 13 Virtual Private Networks

How to Best Use This Chapter

"Do I Know This Already?" Quiz

Foundation Topics

Overview of Virtual Private Network Technologies

Internet Protocol Security

Internet Key Exchange

Perfect Forward Secrecy

Certification Authorities

Overview of WebVPN

WebVPN Portal Interface

Port Forwarding

Configuring the Security Appliance as a VPN Gateway

Selecting the Configuration

Configuring IKE

Configuring IPSec

Troubleshooting the VPN Connection

Configuring the Security Appliance as a WebVPN Gateway

WebVPN Global Configuration

Configuring URLs and File Servers

Configuring Port Forwarding

Configuring E-Mail Proxies

Setting Up Filters and ACLs

Configuring Security Appliances for Scalable VPNs

Foundation Summary

Q&A

Scenario

VPN Configurations

Completed PIX Configurations

How the Configuration Lines Interact

Chapter 14 Configuring Access VPNs

How to Best Use This Chapter

"Do I Know This Already?" Quiz

Foundation and Supplemental Topics

Introduction to Cisco Easy VPN

Easy VPN Server

Easy VPN Remote Feature

Overview of the Easy VPN Server

Major Features

Server Functions

Supported Servers

Overview of Easy VPN Remote Feature

Supported Clients

Easy VPN Remote Connection Process

Extended Authentication Configuration

Easy VPN Remote Modes of Operation

Client Mode

Network Extension Mode

Overview of Cisco VPN Software Client

Features

Specifications

Cisco VPN Client Manual Configuration Tasks

Security Appliance Easy VPN Remote Configuration

Basic Configuration

Client Device Mode

Secure Unit Authentication

Individual User Authentication

Point-to-Point Protocol over Ethernet and the Security Appliance

Configuring the VPDN Group

Configuring VPDN Group Authentication

Assigning the VPDN Group Username

Configuring the VPDN Username and Password

Enabling the Point-to-Point over Ethernet Client

Monitoring the Point-to-Point over Ethernet Client

Dynamic Host Configuration Protocol Server Configuration

DHCP Overview

Configuring the Security Appliance DHCP Server

DHCP Server Auto Configuration

DHCP Debugging Commands

Foundation Summary

Q&A

Chapter 15 Adaptive Security Device Manager

How to Best Use This Chapter

"Do I Know This Already?" Quiz

Foundation Topics

ASDM Overview

Security Appliance Requirements to Run ASDM

ASDM Workstation Requirement

ASDM Installation

Using ASDM to Configure the Cisco Security Appliance

Monitoring

Using ASDM for VPN Configuration

Using ASDM to Create a Site-to-Site VPN

Using ASDM to Create a Remote-Access VPN

Foundation Summary

Q&A

Chapter 16 Content Filtering on the Cisco Security Appliance

How to Best Use This Chapter

"Do I Know This Already?" Quiz

Foundation Topics

Filtering ActiveX Objects and Java Applets

Filtering Java Applets

Filtering ActiveX Objects

Filtering URLs

Identifying the URL-Filtering Server

Configuring URL-Filtering Policy

Filtering HTTPS and FTP

Filtering Long URLs

Viewing Filtering Statistics and Configuration

Foundation Summary

Q&A

Chapter 17 Overview of AAA and theCisco Security Appliance

How to Best Use This Chapter

"Do I Know This Already?" Quiz

Foundation Topics

Overview of AAA and the Cisco Security Appliance

Definition of AAA

AAA and the Cisco Security Appliance

Cut-Through Proxy

Supported AAA Server Technologies

Cisco Secure Access Control Server

Minimum Hardware and Operating System Requirements
for Cisco Secure ACS

Installing Cisco Secure ACS Version 3.3 on Windows Server

Foundation Summary

Q&A

Chapter 18 Configuration of AAA ontheCisco Security Appliance

How to Best Use This Chapter

"Do I Know This Already?" Quiz

Foundation Topics

Specifying Your AAA Servers

Configuring AAA on the Cisco Security Appliance

Step 1: Identifying the AAA Server and NAS

Step 2: Configuring Authentication

Step 3: Configuring Authorization

Step 4: Configuring Accounting

Cisco Secure and Cut-Through Configuration

Configuring Downloadable Security Appliance ACLs

Troubleshooting Your AAA Setup

Checking the Security Appliance

Checking the Cisco Secure ACS

Foundation Summary

Q&A

Chapter 19 IPS and Advanced Protocol Handling

How To Best Use This Chapter

"Do I Know This Already?" Quiz

Foundation Topics

Multimedia Support on the Cisco Security Appliance

RTSP

Application Inspection Support for Voice over IP

CTIQBE

H.323

MGCP

SCCP

SIP

Application Inspection

FTP Inspection

HTTP Inspection

Domain Name Inspection

Mail Inspection

ICMP Inspection

Remote Shell Inspections

SNMP Inspection

SQL*Net Inspection

Security Appliance Intrusion Protection Feature

AIP-SSM Module

Configuring IPS Through ASDM

Foundation Summary

Q&A

Chapter 20 Case Study and Sample Configuration

Remote Offices

Firewall

Growth Expectation

Task 1: Basic Configuration for the Cisco Security Appliance

Basic Configuration Information for HQ-PIX

Basic Configuration Information for MN-PIX

Basic Configuration Information for HOU-PIX

Task 2: Configuring Access Rules on HQ

Task 3: Configuring Authentication

Task 4: Configuring Logging

Task 5: Configuring a VPN Between HQ and Remote Sites

Configuring the Central PIX Firewall, HQ-PIX, for VPN Tunneling

Configuring the Houston PIX Firewall, HOU-PIX, for VPN Tunneling

Configuring the Minneapolis PIX Firewall, MN-PIX, for VPN Tunneling

Verifying and Troubleshooting

Task 6: Configuring a Remote-Access VPN to HQ

Create an IP Address Pool

Define a Group Policy for Mode Configuration Push

Enable IKE Dead Peer Detection

Task 7: Configuring Failover

What Is Wrong with This Picture?

Foundation Summary

Q&A

Appendix a Answers to the "Do I Know This Already?" Quizzes and Q&A Sections

1587201526toc041806
show more

About Christian Degu

Michael Gibbs is the CTO for Security Evolutions, Inc., (SEI) where he is responsible for the overall technical management of SEI's Cisco IT security consulting services.



Greg Bastien, CCNP (R), CCSP (TM), CISSP (R), is the chief technical officer of Virtue Technologies, Inc., and directs the actions of the engineering staff that supports several federal agencies.



Earl Carter is a member of the Security Technologies Assessment Team (STAT) at Cisco Systems where he performs security evaluations on numerous Cisco products.



Christian Abera Degu, CCNP, CCDP (R), CCSP, currently works for Veridian Networks/General Dynamics as a consulting engineer to the Federal Energy Regulatory Commission.
show more

Rating details

4 ratings
3 out of 5 stars
5 0% (0)
4 0% (0)
3 100% (4)
2 0% (0)
1 0% (0)
Book ratings by Goodreads
Goodreads is the world's largest site for readers with over 50 million reviews. We're featuring millions of their reader ratings on our book pages to help you find your new favourite book. Close X