You are previewing CCNP Security FIREWALL 642-618 Official Cert Guide.
O'Reilly logo
CCNP Security FIREWALL 642-618 Official Cert Guide

Book Description

Trust the best selling Official Cert Guide series from Cisco Press to help you learn, prepare, and practice for exam success. They are built with the objective of providing assessment, review, and practice to help ensure you are fully prepared for your certification exam.

CCNP Security FIREWALL 642-618 Official Cert Guide presents you with an organized test preparation routine through the use of proven series elements and techniques. “Do I Know This Already?” quizzes open each chapter and enable you to decide how much time you need to spend on each section. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly.

·         Master Cisco CCNP Security FIREWALL exam topics

·         Assess your knowledge with chapter-opening quizzes

·         Review key concepts with exam preparation tasks

·         Practice with realistic exam questions on the CD-ROM

CCNP Security FIREWALL 642-618 Official Cert Guide, focuses specifically on the objectives for the CCNP Security FIREWALL exam. Expert networking consultants Dave Hucaby, Dave Garneau, and Anthony Sequeira share preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.

The companion CD-ROM contains a powerful Pearson IT Certification Practice Test engine that enables you to focus on individual topic areas or take a complete, timed exam. The assessment engine also tracks your performance and provides feedback on a module-by-module basis, laying out a complete assessment of your knowledge to help you focus your study where it is needed most.

Well-regarded for its level of detail, assessment features, comprehensive design scenarios, and challenging review questions and exercises, this official study guide helps you master the concepts and techniques that will enable you to succeed on the exam the first time.

The official study guide helps you master all the topics on the CCNP Security FIREWALL exam, including:

  • ASA interfaces

  • IP connectivity

  • ASA management

  • Recording ASA activity

  • Address translation

  • Access control

  • Proxy services

  • Traffic inspection and handling

  • Transparent firewall mode

  • Virtual firewalls

  • High availability

  • ASA service modules

  • CCNP Security FIREWALL 642-618 Official Cert Guide is part of a recommended learning path from Cisco that includes simulation and hands-on training from authorized Cisco Learning Partners and self-study products from Cisco Press. To find out more about instructor-led training, e-learning, and hands-on instruction offered by authorized Cisco Learning Partners worldwide, please visit www.cisco.com/go/authorizedtraining.

    The print edition of the CCNP Security FIREWALL 642-618 Official Cert Guide contains a free, complete practice exam.

    Also available from Cisco Press for Cisco CCNP Security study is the CCNP Security FIREWALL 642-618 Official Cert Guide Premium Edition eBook and Practice Test. This digital-only certification preparation product combines an eBook with enhanced Pearson IT Certification Practice Test.

    This integrated learning package:

    ·         Allows you to focus on individual topic areas or take complete, timed exams

    ·         Includes direct links from each question to detailed tutorials to help you understand the concepts behind the questions

    ·         Provides unique sets of exam-realistic practice questions

    ·         Tracks your performance and provides feedback on a module-by-module basis, laying out a complete assessment of your knowledge to help you focus your study where it is needed most

    Table of Contents

    1. Title Page
    2. Copyright Page
    3. About the Authors
    4. About the Technical Reviewers
    5. Dedications
    6. Acknowledgments
    7. Contents at a Glance
    8. Contents
    9. Icons Used in This Book
    10. Introduction
      1. Who Should Read This Book
      2. How to Use This Book
      3. Certification Exam and This Preparation Guide
      4. Overview of the Cisco Certification Process
      5. Taking the FIREWALL Certification Exam
      6. Tracking Cisco Certification Status
      7. How to Prepare for an Exam
      8. Assessing Exam Readiness
      9. Cisco Security Specialist in the Real World
      10. Exam Registration
      11. Book Content Updates
      12. Premium Edition eBook and Practice Test
    11. Chapter 1. Cisco ASA Adaptive Security Appliance Overview
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
      3. Firewall Overview
      4. Firewall Techniques
      5. Cisco ASA Features
      6. Selecting a Cisco ASA Model
      7. Selecting ASA Licenses
      8. ASA Memory Requirements
      9. Exam Preparation Tasks
      10. Review All Key Topics
      11. Define Key Terms
    12. Chapter 2. Working with a Cisco ASA
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
      3. Using the CLI
      4. Using Cisco ASDM
      5. Understanding the Factory Default Configuration
      6. Working with Configuration Files
      7. Working with the ASA File System
      8. Reloading an ASA
      9. Exam Preparation Tasks
      10. Review All Key Topics
      11. Define Key Terms
      12. Command Reference to Check Your Memory
    13. Chapter 3. Configuring ASA Interfaces
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
      3. Configuring Physical Interfaces
      4. Configuring VLAN Interfaces
      5. Configuring Interface Security Parameters
      6. Configuring the Interface MTU
      7. Verifying Interface Operation
      8. Exam Preparation Tasks
      9. Review All Key Topics
      10. Define Key Terms
      11. Command Reference to Check Your Memory
    14. Chapter 4. Configuring IP Connectivity
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
      3. Deploying DHCP Services
      4. Using Routing Information
      5. Configuring Static Routing
      6. Routing with RIPv2
      7. Routing with EIGRP
      8. Routing with OSPF
      9. Verifying the ASA Routing Table
      10. Exam Preparation Tasks
      11. Review All Key Topics
      12. Define Key Terms
      13. Command Reference to Check Your Memory
    15. Chapter 5. Managing a Cisco ASA
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
      3. Basic Device Settings
      4. Configuring DNS Resolution
      5. File System Management
      6. Managing Software and Feature Activation
      7. Configuring Management Access
      8. Controlling Management Access with AAA
      9. Configuring Monitoring Using SNMP
      10. Troubleshooting Remote Management Access
      11. Cisco ASA Password Recovery
      12. Exam Preparation Tasks
      13. Review All Key Topics
      14. Command Reference to Check Your Memory
    16. Chapter 6. Recording ASA Activity
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
      3. System Time
      4. Managing Event and Session Logging
      5. Configuring Event and Session Logging
      6. Verifying Event and Session Logging
      7. Troubleshooting Event and Session Logging
      8. Exam Preparation Tasks
      9. Review All Key Topics
      10. Command Reference to Check Your Memory
    17. Chapter 7. Using Address Translation
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
      3. Understanding How NAT Works
      4. Implementing NAT in ASA Software Versions 8.2 and Earlier
      5. Implementing NAT in ASA Software Versions 8.3 and Later
      6. Exam Preparation Tasks
      7. Review All Key Topics
      8. Define Key Terms
      9. Command Reference to Check Your Memory
    18. Chapter 8. Controlling Access Through the ASA
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
      3. Understanding How Access Control Works
      4. State Tables
      5. Understanding Interface Access Rules
      6. Default Access Rules
      7. The Global ACL
      8. Configuring Interface Access Rules
      9. Time-Based Access Rules
      10. Verifying Interface Access Rules
      11. Organizing Access Rules Using Object Groups
      12. Verifying Object Groups
      13. Configuring and Verifying Other Basic Access Controls
      14. Troubleshooting Basic Access Control
      15. Exam Preparation Tasks
      16. Review All Key Topics
      17. Command Reference to Check Your Memory
    19. Chapter 9. Inspecting Traffic
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
      3. Understanding the Modular Policy Framework
      4. Configuring the MPF
      5. Configuring a Policy for Inspecting OSI Layers 3 and 4
      6. Configuring Dynamic Protocol Inspection
      7. Configuring a Policy for Inspecting OSI Layers 5–7
      8. Detecting and Filtering Botnet Traffic
      9. Using Threat Detection
      10. Exam Preparation Tasks
      11. Review All Key Topics
      12. Define Key Terms
      13. Command Reference to Check Your Memory
    20. Chapter 10. Using Proxy Services to Control Access
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
      3. User-Based (Cut-Through) Proxy Overview
      4. AAA on the ASA
      5. User-Based Proxy Preconfiguration Steps and Deployment Guidelines
      6. Direct HTTP Authentication with the Cisco ASA
      7. Direct Telnet Authentication
      8. Configuration Steps of User-Based Proxy
      9. Configuring User Authentication
      10. Configuring Authentication Prompts and Timeouts
      11. Configuring User Authorization
      12. Configuring User Session Accounting
      13. Troubleshooting Cut-Through Proxy Operations
      14. Using Proxy for IP Telephony and Unified TelePresence
      15. Exam Preparation Tasks
      16. Review All Key Topics
      17. Define Key Terms
      18. Command Reference to Check Your Memory
    21. Chapter 11. Handling Traffic
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
      3. Handling Fragmented Traffic
      4. Prioritizing Traffic
      5. Controlling Traffic Bandwidth
      6. Exam Preparation Tasks
      7. Review All Key Topics
      8. Define Key Terms
      9. Command Reference to Check Your Memory
    22. Chapter 12. Using Transparent Firewall Mode
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
      3. Firewall Mode Overview
      4. Configuring Transparent Firewall Mode
      5. Controlling Traffic in Transparent Firewall Mode
      6. Using ARP Inspection
      7. Disabling MAC Address Learning
      8. Exam Preparation Tasks
      9. Review All Key Topics
      10. Define Key Terms
      11. Command Reference to Check Your Memory
    23. Chapter 13. Creating Virtual Firewalls on the ASA
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
      3. Cisco ASA Virtualization Overview
      4. Virtual Firewall Deployment Guidelines
      5. Configuration Tasks Overview
      6. Configuring Security Contexts
      7. Verifying Security Contexts
      8. Managing Security Contexts
      9. Configuring Resource Management
      10. Verifying Resource Management
      11. Troubleshooting Security Contexts
      12. Exam Preparation Tasks
      13. Review All Key Topics
      14. Define Key Terms
      15. Command Reference to Check Your Memory
    24. Chapter 14. Deploying High Availability Features
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
      3. ASA Failover Overview
      4. Configuring Active-Standby Failover Mode
      5. Configuring Active-Active Failover Mode
      6. Tuning Failover Operation
      7. Verifying Failover Operation
      8. Leveraging Failover for a Zero Downtime Upgrade
      9. Exam Preparation Tasks
      10. Review All Key Topics
      11. Define Key Terms
      12. Command Reference to Check Your Memory
    25. Chapter 15. Integrating ASA Service Modules
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
      3. Cisco ASA Security Services Modules Overview
      4. Installing the ASA AIP-SSM and AIP-SSC
      5. Integrating the ASA CSC-SSM
      6. Exam Preparation Tasks
      7. Review All Key Topics
      8. Define Key Terms
      9. Command Reference to Check Your Memory
    26. Chapter 16. Traffic Analysis Tools
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
      3. Testing Network Connectivity
      4. Using Packet Tracer
      5. Using Packet Capture
      6. Summary
      7. Exam Preparation Tasks
      8. Review All Key Topics
      9. Command Reference to Check Your Memory
    27. Chapter 17. Final Preparation
      1. Tools for Final Preparation
      2. Suggested Plan for Final Review/Study
      3. Summary
    28. Appendix A. Answers to the “Do I Know This Already?” Quizzes
      1. Chapter 1
      2. Chapter 2
      3. Chapter 3
      4. Chapter 4
      5. Chapter 5
      6. Chapter 6
      7. Chapter 7
      8. Chapter 8
      9. Chapter 9
      10. Chapter 10
      11. Chapter 11
      12. Chapter 12
      13. Chapter 13
      14. Chapter 14
      15. Chapter 15
      16. Chapter 16
    29. Appendix B. CCNP Security 642-618 FIREWALL Exam Updates: Version 1.0
      1. Always Get the Latest at the Companion Website
      2. Technical Content
    30. Glossary of Key Terms
      1. A
      2. B
      3. C
      4. D
      5. E
      6. F
      7. G–H
      8. I–K
      9. L
      10. M
      11. N
      12. O
      13. P-Q
      14. R
      15. S
      16. T
      17. U–V
      18. W–Z
    31. Index