You are previewing 31 Days Before Your CCNA Security Exam: A Day-By-Day Review Guide for the IINS 210-260 Certification Exam.
O'Reilly logo
31 Days Before Your CCNA Security Exam: A Day-By-Day Review Guide for the IINS 210-260 Certification Exam

Book Description

31 Days Before Your CCNA Security Exam


31 Days Before Your CCNA Security Exam offers you an engaging and practical way to understand the certification process, commit to taking the CCNA Security IINS 210-260 certification exam, and finish your preparation using a variety of Primary and Supplemental study resources.

The IINS 210-260 exam tests your knowledge of secure network infrastructure, core security concepts, secure access, VPN encryption, firewalls, intrusion prevention, web/email content security, and endpoint security. It also tests your skills for installing, troubleshooting, and monitoring secure networks to maintain the integrity, confidentiality, and availability of data and devices.

Sign up for the IINS 210-260 exam and use the book’s day-by-day guide and checklist to organize, prepare, and review. Each day in this guide breaks down an exam topic into a manageable bit of information to review using short summaries. A Study Resources section provides you with a quick reference for locating more in-depth treatment of a day’s topics within the Primary and Supplemental resources.

The features of the book empower you to fit exam preparation into a busy schedule:

·         A visual calendar summarizing each day’s study topic

·         A checklist providing advice for preparation activities leading up to the exam

·         A description of the CCNA Security IINS 210-260 exam organization and sign-up process

·         Strategies from the author to be mentally, organizationally, and physically prepared for exam day

·         A conversational tone, which makes your study time more enjoyable


Primary Resources:

CCNA Security 210-260 Official Cert Guide ISBN-13: 978-1-58720-566-8

CCNA Security Course Booklet Version 2 ISBN-13: 978-1-58713-351-0

CCNA Security Lab Manual Version 2 ISBN-13: 978-1-58713-350-3


Supplemental Resources:

CCNA Security 210-260 Complete Video Course ISBN-13: 978-0-13-449931-4

CCNA Security Portable Command Guide, Second Edition ISBN-13: 978-1-58720-575-0

Cisco ASA: All-in-One Next-Generation Firewall, IPS, and VPN Services, Third Edition ISBN-13: 978-1-58714-307-6

Category: Certification

Covers: CCNA Security

Table of Contents

  1. About This E-Book
  2. Title Page
  3. Copyright Page
  4. About the Author
    1. About the Technical Reviewer
  5. Dedications
  6. Acknowledgments
  7. Contents at a Glance
  8. Contents
  9. Command Syntax Conventions
  10. Introduction
    1. Study Resources
    2. Goals and Methods
    3. Who Should Read This Book?
    4. Getting to Know the CCNA Security IINS 210-260 Exam
  11. Digital Study Guide
  12. Day 31. Common Security Principles
    1. CCNA Security 210-260 IINS Exam Topics
    2. Key Topics
    3. Confidentiality, Integrity, and Availability (CIA)
    4. SIEM
    5. Common Network Security Terms
    6. Security Zones
    7. Study Resources
  13. Day 30. Common Security Threats
    1. CCNA Security 210-260 IINS Exam Topics
    2. Key Topics
    3. Network Attacks
      1. Reconnaissance Attacks
      2. Access Attacks
      3. DoS and DDoS Attacks
    4. Social Engineering
      1. Types
      2. Defenses
    5. Malware
    6. Data Loss
    7. Study Resources
  14. Day 29. Cryptographic Technologies
    1. CCNA Security 210-260 IINS Exam Topics
    2. Key Topics
    3. CIA Triad
    4. Key Exchange and Management
    5. Hash Algorithms
      1. Well-known Hash Functions
      2. Authentication Using Hashing
      3. Hashing in Cisco Products
    6. Symmetric and Asymmetric Encryption
      1. Encryption Overview
      2. Symmetric Encryption Algorithms
      3. Asymmetric Encryption Algorithms
    7. Digital Signatures and RSA Certificates
    8. Study Resources
  15. Day 28. PKI and Network Security Architectures
    1. CCNA Security 210-260 IINS Exam Topics
    2. Key Topics
    3. Public Key Infrastructure
      1. PKI Terminology, Components, and Classes of Certificates
      2. PKI Topologies
      3. PKI Standards
      4. PKI Operations
      5. Enrollment and Revocation
    4. Network Architectures and Topologies
      1. Campus-Area Network (CAN)
      2. WAN and Branch/SOHO
      3. Data Center
      4. Cloud and Virtual Networks
    5. Study Resources
  16. Day 27. Secure Management Systems
    1. CCNA Security 210-260 IINS Exam Topics
    2. Key Topics
    3. In-band and Out-of-band Management
    4. Management Plane Security
      1. Access Security
      2. SSH/HTTPS
      3. Syslog
    5. Simple Network Management Protocol (SNMP)
    6. Network Time Protocol (NTP)
    7. Secure Copy Protocol (SCP)
    8. Study Resources
  17. Day 26. AAA Concepts
    1. CCNA Security 210-260 IINS Exam Topics
    2. Key Topics
    3. AAA
    4. RADIUS and TACACS+
      1. RADIUS
      2. TACACS+
    5. ACS and ISE
      1. ACS
      2. ISE
    6. Study Resources
  18. Day 25. TACACS+ and RADIUS Implementation
    1. CCNA Security 210-260 IINS Exam Topics
    2. Key Topics
    3. Server-based AAA Authentication
    4. Server-based AAA Authorization
    5. Server-based AAA Accounting
    6. Server-based AAA Verification and Troubleshooting
    7. Study Resources
  19. Day 24. 802.1X
    1. CCNA Security 210-260 IINS Exam Topics
    2. Key Topics
    3. 802.1X
      1. Terminology and Concepts
      2. Configuration and Verification
    4. Study Resources
  20. Day 23. BYOD
    1. CCNA Security 210-260 IINS Exam Topics
    2. Key Topics
    3. BYOD Architecture
    4. BYOD Management
    5. Study Resources
  21. Day 22. IPsec Technologies
    1. CCNA Security 210-260 IINS Exam Topics
    2. Key Topics
    3. VPNs
    4. IPsec Framework
      1. IPsec Protocols
      2. Confidentiality
      3. Data Integrity
      4. Origin Authentication
      5. Key Management
      6. Suite B Cryptographic Standard
    5. IKE
      1. IKEv1 Phase 1
      2. IKEv1 Phase 2
      3. IKEv2
    6. Study Resources
  22. Day 21. Clientless Remote-Access VPN
    1. CCNA Security 210-260 IINS Exam Topics
    2. Key Concepts
    3. Clientless SSL VPN Concepts
    4. Clientless SSL VPN Configuration
      1. Task 1: Launch Clientless SSL VPN Wizard from ASDM
      2. Task 2: Configure the SSL VPN URL and Interface
      3. Task 3: Configure User Authentication
      4. Task 4: Configure User Group Policy
      5. Task 5: Configure Bookmarks
    5. Clientless SSL VPN Verification
    6. Study Resources
  23. Day 20. AnyConnect Remote Access VPN
    1. CCNA Security 210-260 IINS Exam Topics
    2. Key Topics
    3. AnyConnect SSL VPN Concepts
      1. SSL VPN Server Authentication
      2. SSL VPN Client Authentication
      3. SSL VPN Client IP Address Assignment
    4. AnyConnect SSL VPN Configuration and Verification
      1. Phase 1: Configure Cisco ASA for Cisco AnyConnect
      2. Phase 2: Configure the Cisco AnyConnect VPN Client
      3. Phase 3: Verify AnyConnect Configuration and Connection
    5. Study Resources
  24. Day 19. Site-to-Site VPN
    1. CCNA Security 210-260 IINS Exam Topics
    2. Key Topics
    3. IPsec Negotiation
    4. Cisco IOS CLI-based Site-to-Site IPsec VPN
      1. Configuration
      2. Verification
    5. Cisco ASA Site-to-Site IPsec VPN
      1. Configuration
      2. Verification
    6. Study Resources
  25. Day 18. VPN Advanced Topics
    1. CCNA Security 210-260 IINS Exam Topics
    2. Key Topics
    3. Hairpinning and Client U-Turn
    4. Split Tunneling
    5. Always-on VPN
    6. NAT Traversal
    7. Endpoint Posture Assessment
    8. Study Resources
  26. Day 17. Secure Device Access
    1. CCNA Security 210-260 IINS Exam Topics
    2. Key Topics
    3. Cisco IOS Authorization with Privilege Levels
    4. Authorization with Role-Based CLI
    5. Cisco IOS Resilient Configuration
    6. Cisco IOS File Authenticity
    7. Study Resources
  27. Day 16. Secure Routing Protocols
    1. CCNA Security 210-260 IINS Exam Topics
    2. Key Topics
    3. Routing Protocol Authentication
    4. OSPF MD5 Authentication
      1. MD5 Authentication with Key Chain
      2. MD5 Authentication Without Key Chain
    5. OSPF SHA Authentication
    6. Study Resources
  28. Day 15. Control Plane Security
    1. CCNA Security 210-260 IINS Exam Topics
    2. Key Topics
    3. Functional Planes of the Network
    4. Control Plane Policing
    5. Control Plane Protection
    6. Study Resources
  29. Day 14. Layer 2 Infrastructure Security
    1. CCNA Security 210-260 IINS Exam Topics
    2. Key Topics
    3. Common Layer 2 Attacks
      1. STP Attacks
      2. ARP Spoofing
      3. MAC Spoofing
      4. CAM Table Overflows
      5. CDP/LLDP Reconnaissance
      6. VLAN Hopping
      7. DHCP Spoofing
    4. Study Resources
  30. Day 13. Layer 2 Protocols Security
    1. CCNA Security 210-260 IINS Exam Topics
    2. Key Topics
    3. DHCP Snooping
    4. Dynamic ARP Inspection
    5. IP Source Guard
    6. Port Security
    7. STP Security Mechanisms
      1. PortFast
      2. BPDU Guard
      3. Root Guard
      4. Loop Guard
    8. Study Resources
  31. Day 12. VLAN Security
    1. CCNA Security 210-260 IINS Exam Topics
    2. Key Topics
    3. Private VLANs
    4. PVLAN Edge
    5. ACLs on Switches
      1. PACL Configuration
      2. VACL Configuration
    6. Native VLAN
    7. Study Resources
  32. Day 11. Firewall Technologies
    1. CCNA Security 210-260 IINS Exam Topics
    2. Key Topics
    3. Firewall Overview
    4. Packet Filtering
    5. Proxy and Application Firewalls
    6. Stateful Firewalls
    7. Next-Generation Firewalls
    8. Personal Firewall
    9. Study Resources
  33. Day 10. Cisco ASA NAT Implementation
    1. CCNA Security 210-260 IINS Exam Topics
    2. Key Topics
    3. NAT Fundamentals
    4. NAT on Cisco ASA
    5. Static NAT
    6. Dynamic NAT
    7. Dynamic PAT
    8. Policy NAT
    9. Study Resources
  34. Day 9. Cisco IOS Zone-Based Policy Firewall
    1. CCNA Security 210-260 IINS Exam Topics
    2. Key Topics
    3. ZPF Concepts
    4. ZPF Zones and Zone Pairs
    5. Introduction to C3PL
      1. Class Maps
      2. Policy Maps
      3. Service Policy
    6. Default Policies and Traffic Flows
    7. ZPF Configuration and Verification
      1. Configuring Class Maps
      2. Configuring Policy Maps
      3. Configuration and Verification
    8. Study Resources
  35. Day 8. Cisco ASA Firewall Concepts
    1. CCNA Security 210-260 IINS Exam Topics
    2. Key Topics
    3. Cisco ASA Family
    4. ASA Features and Services
    5. ASA Deployments
    6. ASA High Availability
    7. ASA Contexts
    8. Study Resources
  36. Day 7. ASA Firewall Configuration
    1. CCNA Security 210-260 IINS Exam Topics
    2. Key Topics
    3. ASA Default Configuration
    4. ASA Management Access
    5. ASA Interfaces
    6. ASA Access Rules
    7. ASA Objects and Object Groups
    8. ASA Modular Policy Framework
    9. Study Resources
  37. Day 6. IDS/IPS Concepts
    1. CCNA Security 210-260 IINS Exam Topics
    2. Key Topics
    3. IDS vs. IPS
    4. Host-based vs. Network-based IPS
    5. IPS Deployment Options
    6. IPS Placement
    7. IPS Terminology
    8. Study Resources
  38. Day 5. IDS/IPS Technologies
    1. CCNA Security 210-260 IINS Exam Topics
    2. Key Topics
    3. Detection Technologies
    4. Signatures
    5. Trigger Actions
    6. Blacklisting
    7. Next-Generation IPS with FirePOWER
    8. Study Resources
  39. Day 4. Email-based Threat Mitigation
    1. CCNA Security 210-260 IINS Exam Topics
    2. Key Topics
    3. ESA Overview
    4. ESA Deployment
    5. ESA Features
      1. Filtering Spam
      2. Fighting Viruses and Malware
      3. Email Data Loss Prevention
      4. Advanced Malware Protection
    6. ESA Mail Processing
      1. Incoming Mail Processing
      2. Outgoing Mail Processing
    7. Study Resources
  40. Day 3. Web-based Threat Mitigation
    1. CCNA Security 210-260 IINS Exam Topics
    2. Key Topics
    3. Cisco WSA
    4. Cisco CWS
    5. Study Resources
  41. Day 2. Endpoint Protection
    1. CCNA Security 210-260 IINS Exam Topics
    2. Key Topics
    3. Endpoint Security Overview
    4. Personal Firewalls
    5. Antivirus
    6. Antispyware
    7. Antimalware
    8. Data Encryption
    9. Study Resources
  42. Day 1. CCNA Security Skills Review and Practice
    1. CCNA Security 210-260 IINS Exam Topics
    2. Key Topics
    3. CCNA Security Skills Practice
      1. Introduction
      2. Topology Diagram
      3. Addressing Table
      4. ISP Configuration
      5. Implementation
    4. Answers to CCNA Security Skills Practice
      1. Step 1: Cable the Network As Shown in the Topology
      2. Step 2: Configure Initial Settings for R1_BRANCH
      3. Step 3: Configure Initial Settings for HQ_SW
      4. Step 4: Configure Initial Settings for HQ-ASA
      5. Step 5: Configure Clientless SSL VPN
      6. Step 6: Configure Site-to-Site IPsec VPN
      7. Step 7: Configure a Zone-Based Policy Firewall
  43. Exam Day
    1. What You Need for the Exam
    2. What You Should Receive After Completion
    3. Summary
  44. Post-Exam Information
    1. Receiving Your Certificate
    2. U.S. Government Recognition
    3. Examining Certification Options
    4. If You Failed the Exam
    5. Summary
  45. Index
  46. Code Snippets