Book description
Official self-study test preparation guide for the Cisco SNRS exam 642-502
Attack threats
Router management and administration
Authentication, Authorization, and Accounting (AAA) and Cisco Secure Access Control Server
RADIUS and TACACS+
Cisco IOS® Firewall feature set
Securing networks with Cisco routers
Mitigating Layer 2 attacks
IPsec and Easy Virtual Private Network (VPN)
Security Device Manager (SDM)
CCSP SNRS Exam Certification Guide is a best-of-breed Cisco® exam study guide that focuses specifically on the objectives for the SNRS exam. Network security engineers Greg Bastien, Sara Nasseh, and Christian Degu share preparation hints and test-taking tips, helping you identify areas of weakness and improve your knowledge of router and switch security. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.
CCSP SNRS Exam Certification Guide presents you with an organized test preparation routine through the use of proven series elements and techniques. “Do I Know This Already” quizzes open each chapter and allow you to decide how much time you need to spend on each section. Foundation summary information gives you a quick refresher whenever you need it. Challenging chapter-ending review questions help you assess your knowledge and reinforce key concepts.
The companion CD-ROM contains a powerful test engine that allows you to focus on individual topic areas or take complete, timed exams. The assessment engine also tracks your performance and provides feedback module-by-module basis, presenting question-by-question remediation to the text.
Well-regarded for its level of detail, assessment features, and challenging review questions and exercises, this book helps you master the concepts and techniques that will enable you to succeed on the exam the first time.
CCSP SNRS Exam Certification Guide is part of a recommended learning path from Cisco Systems® that includes simulation and hands-on training from authorized Cisco Learning Partners and self-study products from Cisco Press®. To find out more about instructor-led training, e-learning, and hands-on instruction offered by authorized Cisco Learning Partners worldwide, please visit www.cisco.com/go/authorizedtraining.
Companion CD-ROM
The CD-ROM contains an electronic copy of the book and over 200 practice questions for the SNRS exam, all available in study mode, test mode, and flash card format.
Includes a FREE 45-Day Online Edition
This volume is part of the Exam Certification Guide Series from Cisco Press. Books in this series provide officially developed exam preparation materials that offer assessment, review, and practice to help Cisco Career Certification candidates identify weaknesses, concentrate their study efforts, and enhance their confidence as exam day nears.
Table of contents
- Copyright
- About the Authors
- About the Technical Reviewers
- Acknowledgments
- Command Syntax Conventions
- Foreword
- Introduction
-
I. Overview of Network Security
-
1. Network Security Essentials
- “Do I Know This Already?” Quiz
-
Foundation Topics
- Defining Network Security
- Balancing Business Needs with Network Security Requirements
-
Network Security Policies
- Security Policy Goals
-
Security Guidelines
- Management Must Support the Policy
- The Policy Must Be Consistent
- The Policy Must Be Technically Feasible
- The Policy Should Not Be Written as a Technical Document
- The Policy Must Be Implemented Globally Throughout the Organization
- The Policy Must Clearly Define Roles and Responsibilities
- The Policy Must Be Flexible Enough to Respond to Changing Technologies and Organizational Goals
- The Policy Must Be Understandable
- The Policy Must Be Widely Distributed
- The Policy Must Specify Sanctions for Violations
- The Policy Must Include an Incident-Response Plan for Security Breaches
- Security Is an Ongoing Process
- Network Security as a Process
- Network Security as a Legal Issue
- Foundation Summary
- Q&A
- 2. Defining and Detailing Attack Threats
- 3. Defense in Depth
-
1. Network Security Essentials
-
II. Managing Cisco Routers
- 4. Basic Router Management
-
5. Secure Router Administration
- “Do I Know This Already?” Quiz
- Foundation Topics
- Foundation Summary
- Q&A
-
III. AAA
- 6. Authentication
- 7. Authentication, Authorization, and Accounting
- 8. Configuring RADIUS and TACACS+ on Cisco IOS Software
- 9. Cisco Secure Access Control Server
- 10. Administration of Cisco Secure Access Control Server for Windows
-
IV. IOS Firewall Feature Set
- 11. Securing Networks with Cisco Routers
- 12. The Cisco IOS Firewall and Advanced Security Feature Set
- 13. Cisco IOS Intrusion Prevention System
-
14. Mitigating Layer 2 Attacks
- “Do I Know This Already?” Quiz
- Foundation Topics
- Foundation Summary
- Q&A
-
15. Context-Based Access Control
- “Do I Know This Already?” Quiz
-
Foundation Topics
- Context-Based Access Control Features
- Configuring CBAC
- Verifying and Debugging CBAC
- Foundation Summary
- Q&A
-
16. Authentication Proxy and the Cisco IOS Firewall
- “Do I Know This Already?” Quiz
- Foundation Topics
- Foundation Summary
- Q&A
- 17. Identity-Based Networking Services
-
18. Configuring 802.1x Port-Based Authentication
- “Do I Know This Already?” Quiz
-
Foundation Topics
- 802.1x Port-Based Authentication Configuration Tasks
- 802.1x Mandatory Configuration
-
802.1x Optional Configurations
- Enabling Periodic Re-Authentication
- Manually Re-Authenticating a Client Connected to a Port
- Changing the Quiet Period
- Changing the Switch-to-Client Retransmission Time
- Setting the Switch-to-Client Frame-Retransmission Number
- Enabling Multiple Hosts
- Configuring a Guest VLAN
- Resetting the 802.1X Configuration to the Default Values
- Displaying 802.1x Statistics and Status
- Foundation Summary
- Q&A
-
V. VPN
-
19. Building a VPN Using IPsec
- “Do I Know This Already?” Quiz
- Foundation Topics
- Foundation Summary
- Q&A
- 20. Scaling a VPN Using IPsec with a Certificate Authority
-
21. Troubleshooting the VPN Configuration on a Cisco Router
- “Do I Know This Already?” Quiz
-
Foundation Topics
-
show Commands
- show crypto ca certificates Command
- show crypto isakmp policy Command
- show crypto ipsec sa Command
- show crypto ipsec security-association lifetime Command
- show crypto ipsec transform-set Command
- show crypto isakmp key Command
- show crypto map Command (IPsec)
- show crypto key pubkey-chain rsa Command
- show crypto key mypubkey rsa Command
- debug Commands
- clear Commands
-
show Commands
- Foundation Summary
- Q&A
-
22. Configuring Remote Access Using Easy VPN
- “Do I Know This Already?” Quiz
-
Foundation Topics
- Describe the Easy VPN Server
- Describe the Easy VPN Remote
-
Easy VPN Server Functionality
- How Cisco Easy VPN Works?
-
Configuring the Easy VPN Server
- Create IP Address Pool
- Prepare the Router for Easy VPN Server
- Configure the Group Policy Lookup
- Create the ISAKMP Policy for the Remote VPN Clients
- Define a Group Policy for a Mode Configuration Push
- Create the Transform Set
- Create the Dynamic Crypto Maps with RRI
- Apply the Mode Configuration to the Dynamic Crypto Map
- Apply the Dynamic Crypto Map to the Interface
- Enable IKE DPD
- Configure Xauth
- Easy VPN Modes of Operation
- Foundation Summary
- Q&A
-
19. Building a VPN Using IPsec
-
VI. Enterprise Network Management
-
23. Security Device Manager
- “Do I Know This Already?” Quiz
- Foundation Topics
- Foundation Summary
- Q&A
-
23. Security Device Manager
-
VII. Scenarios
-
24. Final Scenarios
- Task 1—Configure Cisco Secure ACS for AAA on Miami Network Devices
- Task 2—Configure and Secure Miami Router
- Task 3—Configure 802.1x on Miami User Switches
- Task 4—Configure Miami User Switches and Router to Mitigate Layer 2 Attacks
- Task 5—Configure PEAP with Cisco Secure ACS
- Task 6—Prepare the Network for IPsec Using Preshared Keys
- Task 7—Configure IKE Using Preshared Keys
- Task 8—Configure IPsec Using Preshared Keys
- Task 9—Configure IKE and IPsec on a Cisco Router
- Task 10—Prepare the Network for IPsec Using Digital Certificates
- Task 11—Test and Verify IPsec CA Configuration
- Task 12—Configure Authentication Proxy on the Miami Router
- Task 13—Configure CBAC on the Miami Router
- Task 14—Configure Miami Router with IPS Using SDM
- Task 15—Verify and Monitor Miami Router with IPS Using SDM
- Task 16—Configure Easy VPN Server Using SDM
- Task 17—Configure Easy VPN Remote Using SDM
-
24. Final Scenarios
-
VIII. Appendix
- A. Answers to the “Do I Know This Already?” Quizzes and Q&A Sections
Product information
- Title: CCSP Self-Study: CCSP SNRS Exam Certification Guide
- Author(s):
- Release date: December 2005
- Publisher(s): Cisco Press
- ISBN: 9781587201530
You might also like
book
CCNA Security 640-554 Quick Reference
As a final exam preparation tool, the CCNA Security 640-554 Quick Reference provides a concise review …
book
SECUR Exam Cram™ 2 (Exam 642-501)
Your resource to passing the Cisco CCSP SECUR Certification Exam! Join the ranks of readers who …
book
CompTIA® Security+ SY0-401 Cert Guide, Deluxe Edition, Third Edition
This is the eBook version of the print title. Note that the eBook does not provide …
video
CCNA ICND2 200-105 Exam Prep
More Than 10 Hours of Video Instruction Overview CCNA ICND2 200-105 Exam Prep LiveLessons gives you …