You are previewing CCSP Self-Study: CCSP IPS Exam Certification Guide.
O'Reilly logo
CCSP Self-Study: CCSP IPS Exam Certification Guide

Book Description

Official self-study test preparation guide for the Cisco IPS exam 642-532

The official study guide helps you master all the topics on the IPS exam, including:

  • IPS concepts

  • Command-line interface (CLI) and IPS Device Manager (IDM) configuration modes

  • Basic sensor and IPS signature configuration

  • IPS signature engines

  • Sensor tuning

  • IPS event monitoring

  • Sensor maintenance

  • Verifying system configuration

  • Using the Cisco IDS Module (IDSM) and Cisco IDS Network Module

  • Capturing network traffic

CCSP IPS Exam Certification Guide is a best of breed Cisco® exam study guide that focuses specifically on the objectives for the IPS exam. Cisco Security Test Engineer Earl Carter shares preparation hints and test-taking tips, helping you identify areas of weakness and improve your Intrusion Prevention System (IPS) knowledge. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.

CCSP IPS Exam Certification Guide presents you with an organized test preparation routine through the use of proven series elements and techniques. “Do I Know This Already” quizzes open each chapter and allow you to decide how much time you need to spend on each section. Exam topic lists and Foundation Summary materials make referencing easy and give you a quick refresher whenever you need it. Challenging chapter-ending review questions help you assess your knowledge and reinforce key concepts. The companion CD-ROM contains a powerful testing engine that allows you to focus on individual topic areas or take complete, timed exams. The assessment engine also tracks your performance and provides feedback on a module-by-module basis, presenting question-by-question remediation to the text. Well-regarded for its level of detail, assessment features, and challenging review questions and exercises, this book helps you master the concepts and techniques that will enable you to succeed on the exam the first time.

CCSP IPS Exam Certification Guide is part of a recommended learning path from Cisco Systems® that includes simulation and hands-on training from authorized Cisco Learning Partners and self-study products from Cisco Press. To find out more about instructor-led training, e-learning, and hands-on instruction offered by authorized Cisco Learning Partners worldwide, please visit www.cisco.com/go/authorizedtraining.

 Companion CD-ROM

The CD-ROM contains an electronic copy of the book and more than 200 practice questions for the IPS exam, all available in study mode, test mode, and flash-card format.

This volume is part of the Exam Certification Guide Series from Cisco Press®. Books in this series provide officially developed exam preparation materials that offer assessment, review, and practice to help Cisco Career Certification candidates identify weaknesses, concentrate their study efforts, and enhance their confidence as exam day nears.

Table of Contents

  1. Copyright
    1. Dedication
  2. About the Author
  3. About the Technical Reviewers
  4. Acknowledgments
  5. Command Syntax Conventions
  6. Foreword
    1. Introduction
    2. CCSP Certification and the CCSP IPS Exam
      1. Tracking CCSP Status
      2. Cisco Security Specialists in the Real World
      3. Cisco IPS Course
    3. Audience for This Book
    4. Organization of This Book
      1. Part I: Cisco IPS Overview
      2. Part II: Cisco IPS Configuration
      3. Part III: Cisco IPS Response Configuration
      4. Part IV: Cisco IPS Event Monitoring
      5. Part V: Cisco IPS Maintenance and Tuning
      6. Answers Appendix
      7. CD-ROM
    5. Using This Book to Prepare for the CCSP IPS Exam
      1. Preparing for an Exam
      2. Assessing Exam Readiness
      3. CCSP IPS Exam Topics
  7. I. Cisco IPS Overview
    1. 1. Cisco Intrusion Prevention System (IPS) Overview
      1. Foundation and Supplemental Topics
        1. Cisco Intrusion Prevention Solution
        2. Intrusion Prevention Overview
          1. Intrusion-Prevention Terminology
          2. IPS/IDS Triggers
            1. Anomaly Detection
            2. Misuse Detection
            3. Protocol Analysis
          3. IPS/IDS Monitoring Locations
            1. Host-Based
            2. Network-Based
          4. Cisco Hybrid IPS/IDS Solution
          5. Risk Rating
            1. Event Severity
            2. Signature Fidelity
            3. Asset Value of Target
          6. Meta-Event Generator
          7. Inline Deep-Packet Inspection
        3. Cisco Intrusion Prevention System Hardware
          1. Cisco IDS 4200 Series Network Sensors
            1. Cisco 4215 Appliance Sensor
            2. Cisco 4235 Appliance Sensor
            3. Cisco 4240 Diskless Appliance Sensor
            4. Cisco 4250 Appliance Sensor
            5. Cisco 4250XL Appliance Sensor
            6. Cisco 4255 Diskless Appliance Sensor
          2. Cisco IDSM-2 for Catalyst 6500
          3. Cisco IDS Network Module for Access Routers
          4. Router Sensor
          5. Firewall Sensor
          6. Inline Sensor Support
        4. Inline Mode Versus Promiscuous Mode
        5. Software Bypass
          1. Auto Mode
          2. Off Mode
          3. On Mode
        6. Cisco Sensor Deployment
          1. Internet Boundaries
          2. Extranet Boundaries
          3. Intranet Boundaries
          4. Remote Access Boundaries
          5. Servers and Desktops
          6. Sensor Deployment Considerations
            1. Sensor Placement
            2. Sensor Management and Monitoring Options
            3. Number of Sensors
            4. External Sensor Communications
        7. Cisco Sensor Communications Protocols
          1. Secure Shell
          2. Transport Layer Security (TLS)/Secure Socket Layer (SSL)
          3. Remote Data Exchange Protocol
            1. Event Messages
            2. IP Log Messages
            3. Transaction Messages
          4. Security Device Event Exchange Standard
        8. Cisco Sensor Software Architecture
          1. cidWebServer
            1. IDM Servlet
            2. Event Server Servlet
            3. Transaction Server Servlet
            4. IP Log Server Servlet
          2. mainApp
          3. logApp
          4. authentication
          5. Network Access Controller (NAC)
          6. ctlTransSource
          7. sensorApp
          8. Event Store
          9. cidCLI
      2. Foundation Summary
      3. Q&A
  8. II. Cisco IPS Configuration
    1. 2. IPS Command-Line Interface
      1. Foundation and Supplemental Topics
        1. Sensor Installation
          1. Installing 5.0 Software via the Network
          2. Installing 5.0 Software from a CD
        2. Sensor Initialization
          1. Accessing the CLI
          2. Running the setup Command
          3. Creating the Service Account
          4. Manually Setting the System Clock
          5. Changing your Password
          6. Adding and Removing Users
          7. Adding a Known SSH Host
        3. IPS CLI
          1. Using the Sensor CLI
            1. Prompts
            2. Help
            3. Tab Completion
            4. Command Recall
            5. Command Case Sensitivity
            6. Keywords
          2. User Roles
            1. Administrator
            2. Operator
            3. Viewer
            4. Service
          3. CLI Command Modes
            1. Privileged Exec
            2. Global Configuration
            3. Service
            4. Service Analysis-Engine
            5. Service Authentication
            6. Service Event-Action-Rules
            7. Service Host
            8. Service Interface
            9. Service Logger
            10. Service Network-Access
            11. Service Notification
            12. Service Signature-Definition
            13. Service SSH-Known-Hosts
            14. Service Trusted-Certificates
            15. Service Web-Server
          4. Administrative Tasks
          5. Configuration Tasks
      2. Foundation Summary
      3. Q&A
    2. 3. Cisco IPS Device Manager (IDM)
      1. Foundation and Supplemental Topics
        1. Cisco IPS Device Manager
        2. System Requirements for IDM
        3. Navigating IDM
          1. Configuration
            1. Sensor Setup
            2. Interface Configuration
            3. Analysis Engine
            4. Signature Definition
            5. Event Action Rules
            6. Blocking
            7. Simple Network Management Protocol
            8. Auto Update
          2. Monitoring
          3. Back
          4. Forward
          5. Refresh
          6. Help
        4. Configuring Communication Parameters Using IDM
      2. Foundation Summary
      3. Q&A
    3. 4. Basic Sensor Configuration
      1. Foundation and Supplemental Topics
        1. Basic Sensor Configuration
        2. Sensor Host Configuration Tasks
          1. Configuring Allowed Hosts
          2. Configuring Sensor User Accounts
          3. Configuring the Sensor’s Time Parameters
            1. Manually Setting the Clock
            2. Configuring the NTP Server Settings
            3. Configuring the Time Zone
            4. Configuring the Summertime Settings
          4. Configuring SSH Hosts
        3. Interface Configuration Tasks
          1. Enabling Monitoring Interfaces
          2. Editing Monitoring Interface Parameters
          3. Configuring Inline Interface Pairs
          4. Configuring Inline Software Bypass
          5. Configuring Traffic Flow Notifications
        4. Analysis Engine Configuration Tasks
      2. Foundation Summary
      3. Q&A
    4. 5. Basic Cisco IPS Signature Configuration
      1. Foundation and Supplemental Topics
        1. Configuring Cisco IPS Signatures
        2. Signature Groups
          1. Displaying Signatures by Attack
          2. Displaying Signatures by L2/L3/L4 Protocol
          3. Displaying Signatures by Operating System
          4. Displaying Signatures by Signature Release
          5. Displaying Signatures by Service
          6. Displaying Signatures by Signature Identification
          7. Displaying Signatures by Signature Name
          8. Displaying Signatures by Response Action
          9. Displaying Signatures by Signature Engine
        3. Alarm Summary Modes
          1. Fire Once
          2. Fire All
          3. Alarm Summarization
          4. Variable Alarm Summarization
        4. Basic Signature Configuration
          1. Viewing NSDB Information
            1. Signature Information
            2. Related Threats Information
            3. Viewing NSDB Information
          2. Enabling Signatures
          3. Creating New Signatures
          4. Editing Existing Signatures
          5. Retiring Signatures
          6. Defining Signature Responses
      2. Foundation Summary
      3. Q&A
    5. 6. Cisco IPS Signature Engines
      1. Foundation and Supplemental Topics
        1. Cisco IPS Signatures
        2. Cisco IPS Signature Engines
          1. Signature Parameters
        3. Application Inspection and Control Signature Engines
          1. AIC FTP Signature Engine Parameters
          2. AIC HTTP Signature Engine Parameters
            1. Content Types Parameters
            2. Define Web Traffic Policy Parameters
            3. Msg Body Pattern Parameters
            4. Request Methods Parameters
            5. Transfer Encodings Parameters
        4. Atomic Signature Engines
          1. Atomic ARP Engine Parameters
          2. Atomic IP Engine Parameters
            1. Atomic IP ICMP Parameters
            2. Atomic IP TCP Parameters
            3. Atomic IP UDP Parameters
            4. Atomic IP Payload Parameters
        5. Flood Signature Engines
          1. Flood Host Engine Parameters
            1. Flood Host ICMP Parameters
            2. Flood Host UDP Parameters
          2. Flood Net Engine Parameters
        6. Meta Signature Engine
        7. Normalizer Signature Engine
        8. Service Signature Engines
          1. Service DNS Engine Parameters
          2. Service FTP Engine Parameters
          3. Service Generic Engine Parameters
          4. Service H225 Engine Parameters
          5. Service HTTP Engine Parameters
          6. Service Ident Engine Parameters
          7. Service MSSQL Engine Parameters
          8. Service NTP Engine Parameters
          9. Service RPC Engine Parameters
          10. Service SMB Engine Parameters
          11. Service SNMP Engine Parameters
          12. Service SSH Engine Parameters
        9. State Signature Engine
          1. Cisco Login States
          2. LPR Format String States
          3. SMTP States
        10. String Signature Engines
          1. String ICMP Engine Specific Parameters
          2. String TCP Engine-Specific Parameters
        11. Sweep Signature Engines
          1. Sweep Signature Engine Parameters
            1. Unique ICMP Sweep Parameters
            2. Unique TCP Sweep Parameters
          2. Sweep Other TCP Signature Engine Parameters
        12. Trojan Horse Signature Engines
      2. Foundation Summary
      3. Q&A
    6. 7. Advanced Signature Configuration
      1. Foundation and Supplemental Topics
        1. Advanced Signature Configuration
          1. Regular Expressions String Matching
          2. Signature Fields
            1. Basic Signature Fields
            2. Signature Description Fields
            3. Engine-Specific Fields
            4. Event Counter Fields
            5. Alert Frequency Fields
            6. Status Fields
        2. Meta-Event Generator
        3. Understanding HTTP and FTP Application Policy Enforcement
        4. Tuning an Existing Signature
          1. Tuning Example
        5. Creating a Custom Signature
          1. Choose a Signature Engine
            1. Network Protocol
            2. Target Address
            3. Target Port
            4. Attack Type
            5. Inspection Criteria
          2. Verify Existing Functionality
          3. Define Signature Parameters
          4. Test Signature Effectiveness
          5. Custom Signature Scenario
            1. Creating Custom Signatures Using IDM
            2. Using IDM Custom Signature Wizard
          6. Cloning an Existing Signature
      2. Foundation Summary
      3. Q&A
    7. 8. Sensor Tuning
      1. Foundation and Supplemental Topics
        1. IDS Evasion Techniques
          1. Flooding
          2. Fragmentation
          3. Encryption
          4. Obfuscation
            1. Using Control Characters
            2. Using Hex Representation
            3. Using Unicode Representation
          5. TTL Manipulation
        2. Tuning the Sensor
          1. Configuring IP Log Settings
          2. Configuring Application Policy Settings
          3. Configuring Reassembly Options
            1. Fragment Reassembly
            2. Stream Reassembly
            3. Configuring Reassembly Options
        3. Event Configuration
          1. Event Variables
          2. Target Value Rating
          3. Event Action Override
          4. Event Action Filters
      2. Foundation Summary
      3. Q&A
  9. III. Cisco IPS Response Configuration
    1. 9. Cisco IPS Response Configuration
      1. Foundation and Supplemental Topics
        1. Cisco IPS Response Overview
        2. Inline Actions
          1. Deny Packet Inline
          2. Deny Connection Inline
          3. Deny Attacker Inline
          4. Configuring Deny Attacker Duration Parameter
        3. Logging Actions
          1. Log Attacker Packets
          2. Log Pair Packets
          3. Log Victim Packets
          4. Manual IP Logging
        4. IP Blocking
          1. IP Blocking Definitions
          2. IP Blocking Devices
            1. Cisco Routers
            2. Cisco Catalyst 6000 Switches
            3. Cisco PIX Firewalls
          3. Blocking Guidelines
            1. Antispoofing Mechanisms
            2. Critical Hosts
            3. Network Topology
            4. Entry Points
            5. Signature Selection
            6. Blocking Duration
            7. Device Login Information
            8. Interface ACL Requirements
          4. Blocking Process
          5. ACL Placement Considerations
            1. External Versus Internal
            2. ACLs Versus VACLs
            3. Using Existing ACLs
          6. Master Blocking Sensor
        5. Configuring IP Blocking
          1. Assigning a Blocking Action
          2. Setting Blocking Properties
            1. Setting Blocking Properties via IDM
          3. Defining Addresses Never to Block
          4. Setting Up Logical Devices
          5. Defining Blocking Devices
            1. Defining Blocking Devices Using IDM
            2. Defining Router Blocking Devices Interfaces Using IDM
            3. Defining Cat6K Blocking Device Interfaces Using IDM
          6. Defining Master Blocking Sensors
            1. Configuring a Master Blocking Sensor in IDM
        6. Manual Blocking
          1. Blocking Hosts
          2. Blocking Networks
        7. TCP Reset
      2. Foundation Summary
      3. Q&A
  10. IV. Cisco IPS Event Monitoring
    1. 10. Alarm Monitoring and Management
      1. Foundation and Supplemental Topics
        1. CiscoWorks 2000
          1. Login Process
          2. Authorization Roles
          3. Adding Users
        2. Security Monitor
        3. Installing Security Monitor
          1. Windows Installation
            1. Server Requirements
            2. Client Requirements
          2. Security Monitor User Interface
            1. Configuration Tabs
            2. Options Bar
            3. TOC
            4. Path Bar
            5. Instruction Box
            6. Content Area
            7. Tools Bar
        4. Security Monitor Configuration
          1. Adding Devices
            1. Adding RDEP Devices
            2. Adding PostOffice Devices
            3. Adding IOS Devices
            4. Adding PIX Devices
          2. Importing Devices
          3. Event Notification
            1. Adding Event Rules
            2. Activating Event Rules
          4. Monitoring Devices
            1. Monitoring Connections
            2. Monitoring Statistics
            3. Monitoring Events
        5. Security Monitor Event Viewer
          1. Moving Columns
          2. Deleting Rows and Columns
            1. Delete from This Grid
            2. Delete from Database
            3. Delete Column
          3. Collapsing Rows
            1. Collapse > First Group
            2. Collapse > All Rows
          4. Expanding Rows
            1. Expand > First Group
            2. Expand > All Rows
          5. Suspending and Resuming New Events
          6. Changing Display Preferences
            1. Actions
            2. Cells
            3. Sort By
            4. Boundaries
            5. Severity Indicator
            6. Database
          7. Creating Graphs
            1. By Child
            2. By Time
          8. Tools Pull-Down Menu Options
            1. Explanation
            2. Trigger Packet
            3. IP Logs
            4. Statistics
            5. Options
          9. Resolving Host Names
        6. Security Monitor Administration
          1. Data Management
          2. System Configuration Settings
          3. Defining Event Viewer Preferences
        7. Security Monitor Reports
          1. Defining the Report
          2. Running the Report
          3. Viewing the Report
      2. Foundation Summary
      3. Q&A
  11. V. Cisco IPS Maintenance and Tuning
    1. 11. Sensor Maintenance
      1. Foundation and Supplemental Topics
        1. Sensor Maintenance
        2. Software Updates
          1. IPS Software File Format
            1. Software Type
            2. Cisco IPS Version
            3. Service Pack Level
            4. Signature Version
            5. Extension
          2. Software Update Guidelines
        3. Upgrading Sensor Software
          1. Saving Current Configuration
          2. Software Installation via CLI
          3. Software Installation Using IDM
          4. Configuring Automatic Software Updates Using IDM
          5. Downgrading an Image
        4. Updating the Sensor’s License
        5. Image Recovery
        6. Restoring Default Sensor Configuration
          1. Restoring Default Configuration Using the CLI
          2. Restoring Default Configuration Using IDM
        7. Resetting and Powering Down the Sensor
          1. Resetting the Sensor Using the Sensor CLI
          2. Resetting the Sensor Using IDM
      2. Foundation Summary
      3. Q&A
    2. 12. Verifying System Configuration
      1. Foundation and Supplemental Topics
        1. Verifying System Configuration
        2. Viewing Sensor Configuration
          1. Displaying Software Version
          2. Displaying Sensor Configuration
          3. Displaying Sensor PEP Inventory
        3. Viewing Sensor Statistics
        4. Viewing Sensor Events
          1. Viewing Events Using the CLI
          2. Viewing Events Using IDM
            1. Selecting Event Types
            2. Selecting Time Frame for Events
            3. Using the IDM Event Viewer
        5. Debugging Sensor Operation
          1. Verifying Interface Operation
          2. Capturing Packets
          3. Generating Tech-Support Output
        6. Sensor SNMP Access
          1. Enabling SNMP Traps by Using the Sensor CLI
          2. Enabling SNMP Traps Using IDM
      2. Foundation Summary
      3. Q&A
    3. 13. Cisco IDS Module (IDSM)
      1. Foundation and Supplemental Topics
        1. Cisco IDS Module
          1. IDSM-2 Technical Specifications
            1. Performance Capabilities
            2. Catalyst 6500 Requirements
          2. Key Features
          3. IDSM-2 Traffic Flow
        2. IDSM-2 Configuration
          1. Verifying IDSM-2 Status
          2. Initializing the IDSM-2
            1. Accessing the IDSM-2 CLI
            2. Logging in to the IDSM-2
          3. Configuring the Command and Control Port
          4. Configuring the Switch Traffic Capture Settings
        3. IDSM-2 Ports
          1. TCP Reset Port
          2. Command and Control Port
          3. Monitoring Ports
        4. Catalyst 6500 Switch Configuration
          1. Configuring the Command and Control Port
            1. Setting VLANs by Using IOS
            2. Setting VLANs by Using CatOS
          2. Monitored Traffic
        5. IDSM-2 Administrative Tasks
          1. Enabling Full Memory Test
          2. Stopping the IDS Module
        6. Troubleshooting the IDSM-2
          1. IDSM-2 Status LED
          2. Catalyst 6500 Commands
            1. show module Command
            2. show port Command
            3. show trunk Command
      2. Foundation Summary
      3. Q&A
    4. 14. Cisco IDS Network Module for Access Routers
      1. Foundation and Supplemental Topics
        1. NM-CIDS Overview
          1. NM-CIDS Key Features
          2. NM-CIDS Specifications
          3. NM-CIDS Front Panel
          4. Traditional Appliance Sensor Network Architecture
          5. NM-CIDS Network Architecture
        2. NM-CIDS Hardware Architecture
          1. NM-CIDS Internal Fast Ethernet Interface
          2. NM-CIDS External Fast Ethernet Interface
          3. Internal Universal Asynchronous Receiver/Transmitter Interface
          4. NM-CIDS Disk, Flash, and Memory
        3. Traffic Capture for NM-CIDS
          1. Cisco IOS Features
            1. Access Control Lists and NM-CIDS
            2. Encryption and NM-CIDS
            3. Inside NAT and NM-CIDS
            4. Outside NAT and NM-CIDS
            5. IP Multicast, IP Broadcast, and UDP Flooding and NM-CIDS
            6. GRE Tunnels and NM-CIDS
          2. Packets Not Forwarded to NM-CIDS
        4. NM-CIDS Installation and Configuration Tasks
          1. Installing the NM-CIDS
            1. Inserting the NM-CIDS into a Router
            2. Connecting the NM-CIDS to the Network
            3. Verifying That the Router Recognizes the NM-CIDS
            4. Verifying That Cisco IOS-IDS is Not Running
          2. Configuring the Internal ids-sensor Interface
            1. Verifying the NM-CIDS Slot Number
            2. Enabling CEF
            3. Configuring the Interface
          3. Assigning the Clock Settings
            1. Using the Router Time Source
            2. Using an NTP Time Source
            3. Configuring NM-CIDS Clock Mode
          4. Setting Up Packet Monitoring
          5. Logging In to NM-CIDS Console
            1. Accessing NM-CIDS via a Session
            2. Accessing NM-CIDS via Telnet
            3. NM-CIDS Login
          6. Performing Initial Sensor Configuration
        5. NM-CIDS Maintenance Tasks
          1. Reloading the NM-CIDS
          2. Resetting the NM-CIDS
          3. Shutting Down the NM-CIDS
          4. Viewing the NM-CIDS Status
        6. Recovering the NM-CIDS Software Image
          1. Configuring the Boot Loader
          2. Booting the Helper Image
          3. Selecting the File Transfer Method
          4. Installing the Application Image
          5. Booting the Application Image
          6. Configuring the IPS Application
      2. Foundation Summary
      3. Q&A
    5. 15. Capturing Network Traffic
      1. Foundation and Supplemental Topics
        1. Capturing Network Traffic
        2. Capturing Traffic for Inline Mode
        3. Capturing Traffic for Promiscuous Mode
          1. Traffic Capture Devices
            1. Hub Traffic Flow
            2. Network Tap Traffic Flow
            3. Switch Traffic Flow
          2. Switch Capture Mechanisms
            1. Switched Port Analyzer
            2. Remote Switched Port Analyzer
            3. VLAN Access Control Lists
          3. TCP Resets and Switches
        4. Configuring SPAN for Catalyst 4500 and 6500 Traffic Capture
          1. The monitor session Command
        5. Configuring RSPAN for Catalyst 4500 and 6500 Traffic Capture
        6. Configuring VACLs for Catalyst 6500 Traffic Capture
          1. Configure an ACL
          2. Create a VLAN Access Map
          3. Match ACL to Access Map
          4. Define Action for Access Map
          5. Apply Access Map to VLANs
          6. Configure Capture Ports
        7. Configuring VACLs for Traffic Capture With Cisco Catalyst 6500 IOS Firewall
          1. Configure the Extended ACL
          2. Apply ACL to an Interface or VLAN
          3. Assign the Capture Port
        8. Advanced Catalyst 6500 Traffic Capture
          1. Configure Destination Port
          2. Define Trunks to Capture
          3. Assign Switch Ports to VLANs
          4. Create the VACL
      2. Foundation Summary
      3. Q&A
    6. Answers to the “Do I Know This Already?” Quizzes and Q&A Questions
      1. Chapter 1
        1. “Do I Know This Already?” Quiz
        2. Q&A
      2. Chapter 2
        1. ”Do I Know This Already?” Quiz
        2. Q&A
      3. Chapter 3
        1. ”Do I Know This Already?” Quiz
        2. Q&A
      4. Chapter 4
        1. ”Do I Know This Already?” Quiz
        2. Q&A
      5. Chapter 5
        1. ”Do I Know This Already?” Quiz
        2. Q&A
      6. Chapter 6
        1. ”Do I Know This Already?” Quiz
        2. Q&A
      7. Chapter 7
        1. ”Do I Know This Already?” Quiz
        2. Q&A
      8. Chapter 8
        1. ”Do I Know This Already?” Quiz
        2. Q&A
      9. Chapter 9
        1. ”Do I Know This Already?” Quiz
        2. Q&A
      10. Chapter 10
        1. ”Do I Know This Already?” Quiz
        2. Q&A
      11. Chapter 11
        1. ”Do I Know This Already?” Quiz
        2. Q&A
      12. Chapter 12
        1. ”Do I Know This Already?” Quiz
        2. Q&A
      13. Chapter 13
        1. ”Do I Know This Already?” Quiz
        2. Q&A
      14. Chapter 14
        1. ”Do I Know This Already?” Quiz
        2. Q&A
      15. Chapter 15
        1. ”Do I Know This Already?” Quiz
        2. Q&A