31 Days Before Your CCNA Security Exam: A Day-By-Day Review Guide for the IINS 210-260 Certification Exam

31 Days Before Your CCNA Security Exam: A Day-By-Day Review Guide for the IINS 210-260 Certification Exam

by Patrick Gargano
31 Days Before Your CCNA Security Exam: A Day-By-Day Review Guide for the IINS 210-260 Certification Exam

31 Days Before Your CCNA Security Exam: A Day-By-Day Review Guide for the IINS 210-260 Certification Exam

by Patrick Gargano

Paperback

$34.99 
  • SHIP THIS ITEM
    Qualifies for Free Shipping
  • PICK UP IN STORE
    Check Availability at Nearby Stores

Related collections and offers


Overview

31 Days Before Your CCNA Security Exam

31 Days Before Your CCNA Security Exam offers you an engaging and practical way to understand the certification process, commit to taking the CCNA Security IINS 210-260 certification exam, and finish your preparation using a variety of Primary and Supplemental study resources.

The IINS 210-260 exam tests your knowledge of secure network infrastructure, core security concepts, secure access, VPN encryption, firewalls, intrusion prevention, web/email content security, and endpoint security. It also tests your skills for installing, troubleshooting, and monitoring secure networks to maintain the integrity, confidentiality, and availability of data and devices.

Sign up for the IINS 210-260 exam and use the book’s day-by-day guide and checklist to organize, prepare, and review. Each day in this guide breaks down an exam topic into a manageable bit of information to review using short summaries. A Study Resources section provides you with a quick reference for locating more in-depth treatment of a day’s topics within the Primary and Supplemental resources.

The features of the book empower you to fit exam preparation into a busy schedule:

· A visual calendar summarizing each day’s study topic

· A checklist providing advice for preparation activities leading up to the exam

· A description of the CCNA Security IINS 210-260 exam organization and sign-up process

· Strategies from the author to be mentally, organizationally, and physically prepared for exam day

· A conversational tone, which makes your study time more enjoyable

Primary Resources:

CCNA Security 210-260 Official Cert Guide ISBN-13: 978-1-58720-566-8

CCNA Security Course Booklet Version 2 ISBN-13: 978-1-58713-351-0

CCNA Security Lab Manual Version 2 ISBN-13: 978-1-58713-350-3

Supplemental Resources:

CCNA Security 210-260 Complete Video Course ISBN-13: 978-0-13-449931-4

CCNA Security Portable Command Guide, Second Edition ISBN-13: 978-1-58720-575-0

Cisco ASA: All-in-One Next-Generation Firewall, IPS, and VPN Services, Third Edition ISBN-13: 978-1-58714-307-6

Category: Certification

Covers: CCNA Security


Product Details

ISBN-13: 9781587205781
Publisher: Pearson Education
Publication date: 06/23/2016
Series: 31 Days
Pages: 352
Product dimensions: 6.00(w) x 9.00(h) x 0.90(d)

About the Author

Patrick Gargano has been an educator since 1996 and a Cisco Networking Academy Instructor since 2000. He currently heads the Networking Academy program at Collège La Cité in Ottawa, Canada, where he teaches CCNA/CCNP-level courses. Patrick has twice led the Cisco Networking Academy student Dream Team deploying the wired and wireless networks supporting the U.S. Cisco Live conferences. In 2014 he co-authored CCNP Routing and Switching Portable Command Guide. Recognitions of his teaching include prizes from Collège La Cité for innovation and excellence and from the Ontario Association of Certified Engineering Technicians and Technologists for excellence in technology education. Previously, Patrick was a Cisco Networking Academy instructor at Cégep de l’Outaouais (Gatineau, Canada) and Louis-Riel High School (Ottawa, Canada) and a Cisco instructor (CCSI) for Fast Lane UK (London). His certifications include CCNA (R&S), CCNA Wireless, CCNA Security, and CCNP (R&S). He holds Bachelor of Education and Bachelor of Arts degrees from the University of Ottawa. Find him on Twitter @PatrickGargano.

Table of Contents

Introduction xxii

Digital Study Guide xxvi

Day 31: Common Security Principles 1

CCNA Security 210-260 IINS Exam Topics 1

Key Topics 1

Confidentiality, Integrity, and Availability (CIA) 1

SIEM 1

Common Network Security Terms 2

Security Zones 2

Study Resources 4

Day 30: Common Security Threats 5

CCNA Security 210-260 IINS Exam Topics 5

Key Topics 5

Network Attacks 5

Reconnaissance Attacks 5

Access Attacks 5

DoS and DDoS Attacks 6

Social Engineering 7

Types 7

Defenses 8

Malware 8

Data Loss 9

Study Resources 10

Day 29: Cryptographic Technologies 11

CCNA Security 210-260 IINS Exam Topics 11

Key Topics 11

CIA Triad 11

Key Exchange and Management 11

Hash Algorithms 12

Well-known Hash Functions 12

Authentication Using Hashing 13

Hashing in Cisco Products 14

Symmetric and Asymmetric Encryption 15

Encryption Overview 15

Symmetric Encryption Algorithms 15

Asymmetric Encryption Algorithms 16

Digital Signatures and RSA Certificates 18

Study Resources 19

Day 28: PKI and Network Security Architectures 21

CCNA Security 210-260 IINS Exam Topics 21

Key Topics 21

Public Key Infrastructure 21

PKI Terminology, Components, and Classes of Certificates 22

PKI Topologies 23

PKI Standards 24

PKI Operations 25

Enrollment and Revocation 27

Network Architectures and Topologies 28

Campus-Area Network (CAN) 28

WAN and Branch/SOHO 29

Data Center 31

Cloud and Virtual Networks 31

Study Resources 33

Day 27: Secure Management Systems 35

CCNA Security 210-260 IINS Exam Topics 35

Key Topics 35

In-band and Out-of-band Management 35

Management Plane Security 36

Access Security 36

SSH/HTTPS 38

Syslog 38

Simple Network Management Protocol (SNMP) 39

Network Time Protocol (NTP) 42

Secure Copy Protocol (SCP) 43

Study Resources 44

Day 26: AAA Concepts 45

CCNA Security 210-260 IINS Exam Topics 45

Key Topics 45

AAA 45

RADIUS and TACACS+ 46

RADIUS 46

TACACS+ 47

ACS and ISE 48

ACS 49

ISE 49

Study Resources 50

Day 25: TACACS+ and RADIUS Implementation 51

CCNA Security 210-260 IINS Exam Topics 51

Key Topics 51

Server-based AAA Authentication 51

Server-based AAA Authorization 53

Server-based AAA Accounting 54

Server-based AAA Verification and Troubleshooting 55

Study Resources 58

Day 24: 802.1X 61

CCNA Security 210-260 IINS Exam Topics 61

Key Topics 61

802.1X 61

Terminology and Concepts 61

Configuration and Verification 63

Study Resources 65

Day 23: BYOD 67

CCNA Security 210-260 IINS Exam Topics 67

Key Topics 67

BYOD Architecture 67

BYOD Management 69

Study Resources 72

Day 22: IPsec Technologies 73

CCNA Security 210-260 IINS Exam Topics 73

Key Topics 73

VPNs 73

IPsec Framework 76

IPsec Protocols 77

AH 77

ESP 78

IPsec Modes of Operations 78

Confidentiality 79

Data Integrity 79

Origin Authentication 80

Key Management 80

Suite B Cryptographic Standard 81

IKE 81

IKEv1 Phase 1 82

IKEv1 Phase 2 83

IKEv2 83

Study Resources 84

Day 21: Clientless Remote-Access VPN 85

CCNA Security 210-260 IINS Exam Topics 85

Key Concepts 85

Clientless SSL VPN Concepts 85

Clientless SSL VPN Configuration 87

Task 1: Launch Clientless SSL VPN Wizard from ASDM 88

Task 2: Configure the SSL VPN URL and Interface 88

Task 3: Configure User Authentication 89

Task 4: Configure User Group Policy 90

Task 5: Configure Bookmarks 90

Clientless SSL VPN Verification 95

Study Resources 97

Day 20: AnyConnect Remote Access VPN 99

CCNA Security 210-260 IINS Exam Topics 99

Key Topics 99

AnyConnect SSL VPN Concepts 99

SSL VPN Server Authentication 100

SSL VPN Client Authentication 100

SSL VPN Client IP Address Assignment 100

AnyConnect SSL VPN Configuration and Verification 101

Phase 1: Configure Cisco ASA for Cisco AnyConnect 101

Task 1: Connection Profile Identification 101

Task 2: VPN Protocols and Device Certificate 102

Task 3: Client Image 102

Task 4: Authentication Methods 103

Task 5: Client Address Assignment 103

Task 6: Network Name Resolution Servers 104

Task 7: Network Address Translation Exemption 104

Task 8: AnyConnect Client Deployment and Summary 105

Phase 2: Configure the Cisco AnyConnect VPN Client 106

Phase 3: Verify AnyConnect Configuration and Connection 108

Study Resources 111

Day 19: Site-to-Site VPN 113

CCNA Security 210-260 IINS Exam Topics 113

Key Topics 113

IPsec Negotiation 113

Cisco IOS CLI-based Site-to-Site IPsec VPN 114

Configuration 115

Step 1: ACL Compatibility 115

Step 2: IKE Phase 1–ISAKMP Policy 115

Step 3: IKE Phase 2–IPsec Transform Set 117

Step 4: Crypto ACLs 117

Step 5: IPsec Crypto Map 118

Verification 119

Cisco ASA Site-to-Site IPsec VPN 122

Configuration 123

Step 1: Launch the ASDM Site-to-Site VPN Wizard 123

Step 2: Peer Device Identification 123

Step 3: Traffic to Protect 124

Step 4: Security 124

Step 5: NAT Exempt 125

Verification 125

Study Resources 128

Day 18: VPN Advanced Topics 131

CCNA Security 210-260 IINS Exam Topics 131

Key Topics 131

Hairpinning and Client U-Turn 131

Split Tunneling 132

Always-on VPN 134

NAT Traversal 134

Endpoint Posture Assessment 135

Study Resources 136

Day 17: Secure Device Access 137

CCNA Security 210-260 IINS Exam Topics 137

Key Topics 137

Cisco IOS Authorization with Privilege Levels 137

Authorization with Role-Based CLI 138

Cisco IOS Resilient Configuration 139

Cisco IOS File Authenticity 140

Study Resources 142

Day 16: Secure Routing Protocols 143

CCNA Security 210-260 IINS Exam Topics 143

Key Topics 143

Routing Protocol Authentication 143

OSPF MD5 Authentication 144

MD5 Authentication with Key Chain 144

MD5 Authentication Without Key Chain 145

OSPF SHA Authentication 146

Study Resources 148

Day 15: Control Plane Security 149

CCNA Security 210-260 IINS Exam Topics 149

Key Topics 149

Functional Planes of the Network 149

Control Plane Policing 150

Control Plane Protection 151

Study Resources 152

Day 14: Layer 2 Infrastructure Security 153

CCNA Security 210-260 IINS Exam Topics 153

Key Topics 153

Common Layer 2 Attacks 153

STP Attacks 153

ARP Spoofing 155

MAC Spoofing 156

CAM Table Overflows 157

CDP/LLDP Reconnaissance 157

VLAN Hopping 157

DHCP Spoofing 158

Study Resources 159

Day 13: Layer 2 Protocols Security 161

CCNA Security 210-260 IINS Exam Topics 161

Key Topics 161

DHCP Snooping 161

Dynamic ARP Inspection 163

IP Source Guard 164

Port Security 165

STP Security Mechanisms 167

PortFast 167

BPDU Guard 168

Root Guard 168

Loop Guard 168

Study Resources 169

Day 12: VLAN Security 171

CCNA Security 210-260 IINS Exam Topics 171

Key Topics 171

Private VLANs 171

PVLAN Edge 174

ACLs on Switches 175

PACL Configuration 176

VACL Configuration 177

Native VLAN 178

Study Resources 180

Day 11: Firewall Technologies 181

CCNA Security 210-260 IINS Exam Topics 181

Key Topics 181

Firewall Overview 181

Packet Filtering 183

Proxy and Application Firewalls 185

Stateful Firewalls 187

Next-Generation Firewalls 188

Personal Firewall 189

Study Resources 189

Day 10: Cisco ASA NAT Implementation 191

CCNA Security 210-260 IINS Exam Topics 191

Key Topics 191

NAT Fundamentals 191

NAT on Cisco ASA 193

Static NAT 195

Dynamic NAT 198

Dynamic PAT 201

Policy NAT 203

Study Resources 208

Day 9: Cisco IOS Zone-Based Policy Firewall 209

CCNA Security 210-260 IINS Exam Topics 209

Key Topics 209

ZPF Concepts 209

ZPF Zones and Zone Pairs 210

Introduction to C3PL 211

Class Maps 212

Policy Maps 212

Service Policy 213

Default Policies and Traffic Flows 213

ZPF Configuration and Verification 214

Configuring Class Maps 214

Configuring Policy Maps 215

Configuration and Verification 216

Study Resources 218

Day 8: Cisco ASA Firewall Concepts 219

CCNA Security 210-260 IINS Exam Topics 219

Key Topics 219

Cisco ASA Family 219

ASA Features and Services 221

ASA Deployments 222

ASA High Availability 223

ASA Contexts 225

Study Resources 226

Day 7: ASA Firewall Configuration 227

CCNA Security 210-260 IINS Exam Topics 227

Key Topics 227

ASA Default Configuration 227

ASA Management Access 229

ASA Interfaces 230

ASA Access Rules 232

ASA Objects and Object Groups 234

ASA Modular Policy Framework 240

Study Resources 244

Day 6: IDS/IPS Concepts 245

CCNA Security 210-260 IINS Exam Topics 245

Key Topics 245

IDS vs. IPS 245

Host-based vs. Network-based IPS 247

IPS Deployment Options 248

IPS Placement 249

IPS Terminology 250

Study Resources 251

Day 5: IDS/IPS Technologies 253

CCNA Security 210-260 IINS Exam Topics 253

Key Topics 253

Detection Technologies 253

Signatures 254

Trigger Actions 255

Blacklisting 256

Next-Generation IPS with FirePOWER 256

Study Resources 257

Day 4: Email-based Threat Mitigation 259

CCNA Security 210-260 IINS Exam Topics 259

Key Topics 259

ESA Overview 259

ESA Deployment 260

ESA Features 263

Filtering Spam 263

Fighting Viruses and Malware 264

Email Data Loss Prevention 264

Advanced Malware Protection 264

ESA Mail Processing 265

Incoming Mail Processing 265

Outgoing Mail Processing 266

Study Resources 267

Day 3: Web-based Threat Mitigation 269

CCNA Security 210-260 IINS Exam Topics 269

Key Topics 269

Cisco WSA 269

Cisco CWS 272

Study Resources 274

Day 2: Endpoint Protection 275

CCNA Security 210-260 IINS Exam Topics 275

Key Topics 275

Endpoint Security Overview 275

Personal Firewalls 276

Antivirus 276

Antispyware 277

Antimalware 278

Data Encryption 279

Study Resources 280

Day 1: CCNA Security Skills Review and Practice 281

CCNA Security 210-260 IINS Exam Topics 281

Key Topics 281

CCNA Security Skills Practice 281

Introduction 281

Topology Diagram 281

Addressing Table 282

ISP Configuration 283

Implementation 283

Step 1: Cable the Network As Shown in the Topology 283

Step 2: Configure Initial Settings for R1_BRANCH 283

Step 3: Configure Initial Settings for HQ_SW 284

Step 4: Configure Initial Settings for HQ-ASA 285

Step 5: Configure Clientless SSL VPN 286

Step 6: Configure Site-to-Site IPsec VPN 286

Step 7: Configure a Zone-Based Policy Firewall 288

Answers to CCNA Security Skills Practice 289

Step 1: Cable the Network As Shown in the Topology 289

Step 2: Configure Initial Settings for R1_BRANCH 289

Step 3: Configure Initial Settings for HQ_SW 290

Step 4: Configure Initial Settings for HQ-ASA 291

Step 5: Configure Clientless SSL VPN 293

Step 6: Configure Site-to-Site IPsec VPN 294

Step 7: Configure a Zone-Based Policy Firewall 295

Exam Day 299

What You Need for the Exam 299

What You Should Receive After Completion 299

Summary 300

Post-Exam Information 301

Receiving Your Certificate 301

U.S. Government Recognition 301

Examining Certification Options 302

If You Failed the Exam 302

Summary 302

9781587205781 TOC 5/24/2016

From the B&N Reads Blog

Customer Reviews