CCNA Security 640-554 Official Cert Guide

CCNA Security 640-554 Official Cert Guide

4.0 5
by Keith Barker, Scott Morris

View All Available Formats & Editions

>Trust the best selling Official Cert Guide series from Cisco Press to help you learn, prepare, and practice for exam success. They are built with the objective of providing assessment, review, and practice to help ensure you are fully prepared for your certification exam.

  • Master Cisco CCNA Security IINS 640-554 exam topics
  • Assess


>Trust the best selling Official Cert Guide series from Cisco Press to help you learn, prepare, and practice for exam success. They are built with the objective of providing assessment, review, and practice to help ensure you are fully prepared for your certification exam.

  • Master Cisco CCNA Security IINS 640-554 exam topics
  • Assess your knowledge with chapter-opening quizzes
  • Review key concepts with exam preparation tasks

This is the eBook edition of the CCNA Security 640-554 Official Cert Guide.  This eBook does not include the companion practice exam that comes with the print edition.


CCNA Security 640-554 Official Cert Guide presents you with an organized test preparation routine through the use of proven series elements and techniques. “Do I Know This Already?” quizzes open each chapter and enable you to decide how much time you need to spend on each section. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly.


CCNA Security 640-554 Official Cert Guide, focuses specifically on the objectives for the CCNA Security IINS exam. Expert networking professionals Keith Barker and Scott Morris share preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.


This eBook comes complete with 90 minutes of video training on CCP, NAT, object groups, ACLs, port security on a Layer 2 switch, CP3L, and zone-based firewalls. See the last page of the eBook file for instructions on downloading the videos.


Well-regarded for its level of detail, assessment features, comprehensive design scenarios, and challenging review questions and exercises, this official study guide helps you master the concepts and techniques that will enable you to succeed on the exam the first time.


The official study guide helps you master all the topics on the CCNA Security exam, including:


  • Network security concepts
  • Security policies and strategies
  • Network foundation protection (NFP)
  • Cisco Configuration Professional (CCP)
  • Management plane security
  • AAA security
  • Layer 2 security threats
  • IPv6 security
  • Threat mitigation and containment
  • Access Control Lists (ACLs)
  • Network Address Translation (NAT)
  • Cisco IOS zone-based firewalls and ASA firewalls
  • Intrusion prevention and detection systems
  • Public Key Infrastructure (PKI) and cryptography
  • Site-to-site IPsec VPNs and SSL VPNs


CCNA Security 640-554 Official Cert Guide is part of a recommended learning path from Cisco that includes simulation and hands-on training from authorized Cisco Learning Partners and self-study products from Cisco Press. To find out more about instructor-led training, e-learning, and hands-on instruction offered by authorized Cisco Learning Partners worldwide, please visit


Product Details

Pearson Education
Publication date:
Official Cert Guide
Sold by:
Barnes & Noble
Sales rank:
File size:
85 MB
This product may take a few minutes to download.

Related Subjects

Meet the Author

Keith Barker, CCIE No. 6783 (R&S and Security), is a 27-year veteran of the networking industry. He currently works as a network engineer and trainer for Copper River IT. His past experience includes EDS, Blue Cross, Paramount Pictures, and KnowledgeNet, and he has delivered CCIE-level training over the past several years. As part of the original set of Cisco VIPs for the Cisco Learning Network, he continues to give back to the community in many ways. He is CISSP and CCSI certified, loves to teach, and keeps many of his video tutorials at He can be reached at or by visiting


Scott Morris, CCIE No. 4713 (R&S, ISP/Dial, Security, and Service Provider), has more than 25 years in the industry. He also has CCDE and myriad other certifications, including nine expert-level certifications spread over four major vendors. Having traveled the world consulting for various enterprise and service provider companies, Scott currently works at Copper River IT as the chief technologist. He, too, has delivered CCIE-level training and technology training for Cisco Systems and other technology vendors.


Having spent a “past life” (early career) as a photojournalist, he brings interesting points of view from entering the IT industry from the ground up. As part of the original set of Cisco VIPs for the Cisco Learning Network, he continues to give back to the community in many ways. He can be reached at or by visiting

Customer Reviews

Average Review:

Write a Review

and post it to your social network


Most Helpful Customer Reviews

See all customer reviews >

CCNA Security 640-554 Official Cert Guide 4 out of 5 based on 0 ratings. 5 reviews.
Stephen_Luhan More than 1 year ago
The CCNA Security 640-554 Official Cert Guide, by Keith Barker and Scott Morris, provides an overview of the security and network terminology utilized in today’s enterprise environment to secure the network perimeter, specifically utilizing Cisco routers and switches. The exam candidate and network practitioner alike can use this resource to master the information needed to pass the exam. The CCNA Security 640-554 certification exam is a 90 minute (55-65 question) exam that tests a candidate’s knowledge of securing Cisco routers and switches on their associated networks. By obtaining this certification, the network practitioner can validate their skills for installing, configuring and maintaining Cisco network equipment. The CCNA Security 640-554 Official Cert Guide can assist the candidate in obtaining this certification. Although the reference material is not necessary as comprehensive as other certification guides and reference materials, the book explains in plain terms the basics that a network administrator / CCNA level candidate must know to pass the exam. The book generally explains the concepts behind network security and some of the vulnerabilities can affect the network security boundaries, but it is not as detailed and comprehensive as other certifications can attest too (example: CISSP). The certification guide includes a CD that contains a premium edition of the book (eBook), as well as a generic practice test. The CD also has links to book updates (when applicable), as well as printable appendixes that can help reinforce the content. However, I do wish that the reference material did contain additional information and test questions to enhance the content. There are some configuration examples for applying configuration parameters (i.e., AAA, ACL’s, IPv6, etc.), but by no means is it a comprehensive cookbook of router / switch configurations. The reader and exam candidate can benefit from this resource, but I would definitely suggest that this would not be the only resource that is utilized to support configure, manage and support the infrastructure. I give this book 3 out 5 stars.
Are you preparing for the 640-554 Implementing Cisco IOS Network Security exam? If you are, then this book is for you! Authors Keith Barker and Scott Morris, have done an outstanding job of writing book that improves your awareness and knowledge of network security. Barker and Morris, begin by covering the need for the building blocks of network and information security, threats to our networks today, and the fundamental principles of secure network design. Then, the authors review risk analysis, management and security policies. The authors also cover the securing of borderless networks, controlling and containing data loss. They continue by covering the securing of the network using the network foundation protection approach, the management plane, the control plane, and the data plane. Next, the authors review the Cisco Configuration Professional features and the GUI, setting up new devices, CCP building blocks, and CCP audit features. Then, they describe management traffic and how to make it more secure and the implementation of security measures to protect the management plane. The authors also describe the role of Cisco Secure ACS and the two primary protocols used with it, RADIUS and TACACS. They continue by reviewing VLANs and trunking fundamentals, spanning-tree fundamentals, and common Layer 2 threats and how to mitigate them. Next, the authors cover the Ipv6. Then, they discuss the design considerations for threat mitigation and containment; and, the hardware, software, and services used to implement a secure network. The authors also cover the benefits and fundamentals for access control lists, implementing Ipv4 ACLs a packet filters, and implementing Ipv6 ACLs as packet filters. They continue by reviewing the firewall concepts and the technologies used by them, the function of Network Address Translations, including its building blocks, and the guidelines and considerations for creating and deploying firewalls. Next, the authors discuss the operational and functional components of the IOS Zone-Based Firewall and how to configure and verify the IOS Zone-Based Firewall. Then, they cover the Adaptive Security Appliance family and features, ASA firewall fundamentals, and configuring the ASA. The authors also compare intrusion prevention systems to intrusion detection systems and cover how to identify malicious traffic on the network, manage signatures, and monitor and manage alarms and alerts. Next, they cover the features included in the IOS-based IPS and the installing of the IPS feature; working with signatures in IOS-based IPS; and, managing and monitoring IPS alarms. The authors continue by covering what VPNs are, why they are used and the basic ingredients of cryptography. Then, they cover the concepts, components, and operations of the public key infrastructure and include an example of putting the pieces of PKI to work. The authors also cover the concepts, components, and operations of IPsec and how to configure and verify IPsec. Next, they cover the planning and preparation that is needed to implement an IPsec site-to-site VPN, implementing and verifying the IPsec site-to-site VPN. The authors continue by covering the functions and use of SSL for VPNs, configuring SSL clientless VPN on the ASA, and configuring the full SSL AnyConnect VPN on the ASA. Finally, they identify the tools that are needed for the final exam preparation to help you develop an effective study plan. The goal of this most excellent book is
Boudville More than 1 year ago
One nice feature of the book is the ample coverage of IPv6. Finally after over 10 years, IPv6 subnets are becoming common, if only because of the impending exhaustion of IPv4 addresses. This CERT guide goes into a new focus on IPv6 security, while also delineating existing commonalities with IPv4. Maybe the quickest advantage of IPv6 is that an attacker who gets access to your v6 subnet cannot simply do an exhaustive ping sweep to find all active devices. Whereas typically a v4 subnet might have 8 bits of addressing, which means 254 maximum addresses to ping. Of all the differences between v4 and v6, this advantage is the easiest to understand. But the book warns against complacency. It suggests that scanners and worms built for v4 will likely run in v6. While another and ironic danger is that you might have v6 running on your v4 network unawares to you. Then a newly discovered v6 bug might be exploited by an attacker, because you are unlikely to check for it if you do not even expect to be running v6 anywhere on your network. By the way, this brings up the very real possibility that newly coded v6 firmware might be vulnerable to bugs unlike a thoroughly tested and heavily used existing v4 package. The discussion in chapter 12 on firewall fundamentals is quite understandable and generally applicable to any type of firewall hardware (or software) you choose to run. The differing properties of firewalls is explained, where this can translate to very different hardware costs. Another useful section of the chapter delves into Network Address Translation. Sometimes used to conserve addresses in the larger v4 Internet, but also to improve protection to computers behind a firewall. The book also has very specific explanations of Cisco hardware and software to implement firewalls. Something you can expect to be tested on in the exam. You can also see from the screen captures in the book that much of the administration is via a GUI that tries to make the tasks easy to understand.
Anonymous More than 1 year ago
Anonymous More than 1 year ago
This book has excellent information and is well written. I HIGHLY recommend the physical book. For the Nook Book, a large amount of the book is using CCP and ASDM which comes with screenshots of the interface and how to configure things through them. In the Nook book, these screen shots are essentially illegible. This is using a nook, using an android tablet with the nook app and on the PC Nook application. In all 3 instances, the ASDM and CCP screenshots are practically useless. Again, I wholeheartedly recommend the book, the information is excellent, but the Nook version leaves a lot to be desired.