BN.com Gift Guide

CCNA Security Exam Cram (Exam IINS 640-553) (Exam Cram Series)

( 1 )

Overview

In this book you’ll learn how to:

  • Build a secure network using security controls
  • Secure network perimeters
  • Implement secure ...
See more details below
Available through our Marketplace sellers.
Other sellers (Paperback)
  • All (5) from $9.53   
  • New (1) from $0.00   
  • Used (4) from $9.53   
Close
Sort by
Page 1 of 1
Showing All
Note: Marketplace items are not eligible for any BN.com coupons and promotions
$9.53
Seller since 2014

Feedback rating:

(6)

Condition:

New — never opened or used in original packaging.

Like New — packaging may have been opened. A "Like New" item is suitable to give as a gift.

Very Good — may have minor signs of wear on packaging but item works perfectly and has no damage.

Good — item is in good condition but packaging may have signs of shelf wear/aging or torn packaging. All specific defects should be noted in the Comments section associated with each item.

Acceptable — item is in working order but may show signs of wear such as scratches or torn packaging. All specific defects should be noted in the Comments section associated with each item.

Used — An item that has been opened and may show signs of wear. All specific defects should be noted in the Comments section associated with each item.

Refurbished — A used item that has been renewed or updated and verified to be in proper working condition. Not necessarily completed by the original manufacturer.

Good
2008 Paperback Good Connecting readers with great books since 1972. Used books may not include companion materials, some shelf wear, may contain highlighting/notes, and may not ... include cd-rom or access codes. Customer service is our top priority! Read more Show Less

Ships from: Cedar Park, TX

Usually ships in 1-2 business days

  • Standard, 48 States
  • Standard (AK, HI)
  • Express, 48 States
  • Express (AK, HI)
$9.57
Seller since 2014

Feedback rating:

(156)

Condition: Good
0789738007 Item in good condition and ready to ship!

Ships from: aurora, IL

Usually ships in 1-2 business days

  • Standard, 48 States
$9.89
Seller since 2006

Feedback rating:

(60732)

Condition: Very Good
With CD! Great condition for a used book! Minimal wear. 100% Money Back Guarantee. Shipped to over one million happy customers. Your purchase benefits world literacy!

Ships from: Mishawaka, IN

Usually ships in 1-2 business days

  • Canadian
  • International
  • Standard, 48 States
  • Standard (AK, HI)
  • Express, 48 States
  • Express (AK, HI)
$36.67
Seller since 2010

Feedback rating:

(79)

Condition: Good
Good Ships from the UK. Former Library book. Shows some signs of wear, and may have some markings on the inside. Your purchase also supports literacy charities. *****PLEASE ... NOTE: This item is shipping from an authorized seller in Europe. In the event that a return is necessary, you will be able to return your item within the US. To learn more about our European sellers and policies see the BookQuest FAQ section***** Read more Show Less

Ships from: Dunfermline, United Kingdom

Usually ships in 1-2 business days

  • Canadian
  • Standard, 48 States
  • Standard (AK, HI)
Page 1 of 1
Showing All
Close
Sort by
Sending request ...

Overview

In this book you’ll learn how to:

  • Build a secure network using security controls
  • Secure network perimeters
  • Implement secure management and harden routers
  • Implement network security policies using Cisco IOS firewalls
  • Understand cryptographic services
  • Deploy IPsec virtual private networks (VPNs)
  • Secure networks with Cisco IOS® IPS
  • Protect switch infrastructures
  • Secure endpoint devices, storage area networks (SANs), and voice networks

WRITTEN BY A LEADING EXPERT:

Eric Stewart is a self-employed network security contractor who finds his home in Ottawa, Canada. Eric has more than 20 years of experience in the information technology field, the last 12 years focusing primarily on Cisco® routers, switches, VPN concentrators, and security appliances. The majority of Eric’s consulting work has been in the implementation of major security infrastructure initiatives and architectural reviews with the Canadian Federal Government. Eric is a certified Cisco instructor teaching Cisco CCNA, CCNP®, and CCSP® curriculum to students throughout North America and the world.

CD Features MeasureUp Practice Questions!

  • This book includes a CD-ROM that features:
  • Practice exams with complete coverage of CCNA® Security exam topics
  • Detailed explanations of correct and incorrect answers
  • Multiple exam modes
  • Flash Card format
  • An electronic copy of the book

informit.com/examcram

ISBN-13: 978-0-7897-3800-4

ISBN-10: 0-7897-3800-7

Read More Show Less

Product Details

  • ISBN-13: 9780789738004
  • Publisher: Pearson IT Certification
  • Publication date: 11/7/2008
  • Series: Exam Cram Series
  • Edition description: Book and CD
  • Pages: 536
  • Product dimensions: 5.90 (w) x 8.90 (h) x 1.50 (d)

Meet the Author

Eric Stewart is a self-employed network security contractor who finds his home in Ottawa, Canada. Trained as a computer engineer at the Royal Military College, and later in computer science and economics at Carleton University, Eric has over 20 years of experience in the information technology field–the last 12 years focusing primarily on Cisco Systems routers, switches, VPN concentrators, and security appliances. He likes to divide his time evenly between his two great loves in the field: teaching and doing! The majority of Eric’s consulting work has been in the implementation of major security infrastructure initiatives and architectural reviews with the Canadian Federal Government, working at such departments as Foreign Affairs and International Trade (DFAIT) and the Canadian Air Transport Security Authority (CATSA). A Cisco Certified Systems Instructor (CCSI), he especially enjoys imparting the joy that he takes in his work to his students, as he will often be found enthusiastically teaching Cisco CCNA, CCNP, and CCSP curriculum to students throughout North America and the world.

His previous work with Cisco Press has been as the development editor for two titles, Authorized CCDA Self-Study Guide: Designing for Cisco Internetwork Solutions (DESGN) (Exam 640-863) and Router Security Strategies: Securing IP Network Traffic Planes.

Eric has a lovely wife, Carol Ann, who is an accomplished music teacher, as well as two teenage children, Scott and Meaghan.

Read More Show Less

Read an Excerpt

IntroductionIntroduction

Welcome to CCNA Security Exam Cram! The fact that you are reading this means that you are interested in the CCNA Security certification that Cisco announced in July of 2008. Cisco has done a thorough job of revamping the certification path for the Cisco Certified Security Professional (CCSP), with the CCNA Security certification being the cornerstone upon which the CCSP certification depends. Implementing Cisco IOS Network Security (IINS) is the recommended training course for CCNA Security certification. If you already hold the prerequisite valid CCNA certification, passing the 640-553 IINS exam enables you to obtain the CCNA Security certification—likely to become one of the hottest certifications in IT. This book helps prepare you for that exam. The book assumes that you already have your CCNA certification or an equivalent level of knowledge. If you do not have a CCNA level of knowledge, you should consider putting down this book and first pursuing more robust fundamental training, such as a full CCNA course book or a recommended CCNA course. And remember that CCNA is a prerequisite to CCNA Security certification.

This book is a synthesized, distilled, and pared-down effort, with only enough information as is necessary to provide context for the information you need to pass the exam. This is not to say that this book is not a good read, but it is a fair reflection of the type of material that you will need to master in order to be successful with the exam. Read this book, understand the material, and drill yourself with the practice exams, and you stand a very good chance of passing the exam. That said, it's possible that inthe course of working through this book, depending on your prior CCNA Security training or on-the-job experience, you might identify topics you are struggling with and might require you to look up more fundamental resources to deal with. This book discusses all the topics on the exam and tests you on all of them, but it does not always provide detailed coverage of all those topics.Organization and Elements of This Book

When designing a secure network infrastructure, the workflow moves from the perimeter of the network to the inside of the network. After the perimeter is properly secured, the security architect can turn his or her attention to securing devices on the inside of the network perimeter where the endpoints reside. This structured approach is mimicked in the basic organization of this book.

The chapters of this book are organized into four major parts, with each part encapsulating a major idea in the field of network security:

  • Part I: Network Security Architecture

  • Part II: Perimeter Security

  • Part III: Augmenting Depth of Defense

  • Part IV: Security Inside the Perimeter

You can use this book's organization to your advantage while studying for the CCNA Security 640-553 IINS exam because each part of the book is selfcontained. Although it is recommended that you follow the parts sequentially, there are frequent cross-references to content contained in other chapters if you choose to follow your own path through this book.

Each chapter follows a uniform structure, with graphical cues about especially important or useful material. The structure of a typical chapter is as follows:

  • Terms You'll Need to Understand: Each chapter begins with a list of the terms you'll need to understand, which define the concepts that you'll need to master before you can be fully conversant with the chapter's subject matter.

  • Exam Topics Covered in This Chapter: Cisco publishes a list of exam topics for the 640-553 IINS exam. Each chapter of this book begins by listing the exam topics covered in that chapter. See the following "Self Assessment" element for a complete list of the topics and the chapters where they are covered.

  • Exam Alerts: Throughout the topical coverage, Exam Alerts highlight material most likely to appear on the exam by using a special layout that looks like this:

    ***

    Warning - This is what an Exam Alert looks like. An Exam Alert stresses concepts, terms, or activities that will most likely appear in one or more certification exam questions. For that reason, any information found offset in Exam Alert format is worthy of unusual attentiveness on your part.

    ***

    Even if material isn't flagged as an Exam Alert, all content in this book is associated in some way with test-related material. What appears in the chapter content is critical knowledge.

  • Notes: This book is an overall examination of basic Cisco network security concepts and practice. As such, there are a number of side excursions into other aspects of network security and prerequisite networking knowledge. So that these do not distract from the topic at hand, this material is placed in notes.

    ***

    Note - Cramming for an exam will get you through a test, but it won't make you a competent network security practitioner. Although you can memorize just the facts you need to become certified, your daily work in the field will rapidly put you in water over your head if you don't know the underlying principles behind a Cisco Self-Defending Network.

    ***
  • Practice Questions: This section presents a short list of test questions (most chapters have 10 of these) related to the specific chapter topics. Each question has a follow-on explanation of both correct and incorrect answers—this is very important because it is more important to know why you were wrong. Computers are binary and will accept right or wrong as answers, but we aren't, so we don't!

In addition to the topical chapters, this book also provides the following:

  • Practice Exams: Part V contains the sample tests that are a very close approximation of the types of questions you are likely to see on the current CCNA Security exam.

  • Answer Keys for Practice Exams: Part V also contains detailed answers to the practice exam questions. Like the questions at the end of the chapters, these explain both the correct answers and the incorrect answers and are therefore very helpful to go through thoroughly as you grade your practice exam. Knowing the topics you struggle with and why you got a question wrong is crucial.

  • Cram Sheet: This appears as a tear-away sheet inside the front cover of the book. It is a valuable tool that represents a collection of the most difficult-to-remember facts and numbers that the author thinks you should memorize before taking the test.

  • CD: The CD that accompanies this book features an innovative practice test engine powered by MeasureUp, including 100 practice questions. The practice exam contains question types covering all the topics on the CCNA Security exam, providing you with a challenging and realistic exam simulation environment.

Contacting the Author

I've tried to create a real-world tool and clearly written book that you can use to prepare for and pass the CCNA Security certification exam. That said, I am interested in any feedback that you have that might help make this Exam Cram better for future test-takers. Constructive and reasonable criticism is always welcome and will most certainly be responded to. You can contact the publisher, or you can reach me by email at eric@breezy.ca.

Please also share your exam experience. Did this book help you pass this exam? Did you feel better prepared after you read the book? Was it a confidence booster? Would you recommend this book to your colleagues?

Thanks for choosing me as your personal trainer, and enjoy the book!

—Eric Stewart

© Copyright Pearson Education. All rights reserved.

Read More Show Less

Table of Contents

Introduction... 1

Organization and Elements of This Book. 1

Contacting the Author.. 4

Self Assessment... 5

Who Is a CCNA Security?.. 5

The Ideal CCNA Security Candidate. 6

Put Yourself to the Test.. 8

Exam Topics for 640-553 IINS (Implementing Cisco IOS Network Security).. 10

Strategy for Using This Exam Cram. 12

Part I: Network Security Architecture

Chapter 1: Network Insecurity... 15

Exploring Network Security Basics and the Need for Network Security.. 16

The Threats.. 16

Other Reasons for Network Insecurity 18

The CIA Triad.. 18

Data Classification.. 21

Security Controls.. 22

Incident Response.. 25

Laws and Ethics.. 26

Exploring the Taxonomy of Network Attacks. 29

Adversaries.. 30

How Do Hackers Think?. 32

Concepts of Defense in Depth. 32

IP Spoofing Attacks.. 34

Attacks Against Confidentiality. 36

Attacks Against Integrity. 38

Attacks Against Availability. 42

Best Practices to Thwart Network Attacks. 45

Administrative Controls. 45

Technical Controls.. 46

Physical Controls.. 46

Exam Prep Questions.. 47

Answers to Exam Prep Questions. 50

Chapter 2: Building a Secure Network Using Security Controls. 51

Defining Operations Security Needs. 52

Cisco System Development Life Cycle for Secure Networks 52

Operations Security Principles. 54

Network Security Testing. 55

Disaster Recovery and Business Continuity Planning 59

Establishing a Comprehensive Network Security Policy 61

Defining Assets.. 62

The Need for a Security Policy. 63

Policies.. 64

Standards, Guidelines, and Procedures 65

Who Is Responsible for the Security Policy? 66

Risk Management.. 67

Principles of Secure Network Design 70

Examining Cisco’s Model of the Self-Defending Network 73

Where Is the Network Perimeter?. 73

Building a Cisco Self-Defending Network 74

Components of the Cisco Self-Defending Network 75

Cisco Integrated Security Portfolio. 79

Exam Prep Questions.. 81

Answers to Exam Prep Questions. 84

Part II: Perimeter Security

Chapter 3: Security at the Network Perimeter.. 87

Cisco IOS Security Features.. 88

Where Do You Deploy an IOS Router? 88

Cisco ISR Family and Features. 90

Securing Administrative Access to Cisco Routers 91

Review Line Interfaces. 92

Password Best Practices. 94

Configuring Passwords. 94

Setting Multiple Privilege Levels. 97

Configuring Role-Based Access to the CLI 98

Configuring the Cisco IOS Resilient Configuration Feature 101

Protecting Virtual Logins from Attack 102

Configuring Banner Messages. 104

Introducing Cisco SDM.. 105

Files Required to Run Cisco SDM from the Router 106

Using Cisco SDM Express. 107

Launching Cisco SDM. 108

Cisco SDM Smart Wizards. 110

Advanced Configuration with SDM. 111

Cisco SDM Monitor Mode. 113

Configuring Local Database AAA on a Cisco Router 114

Authentication, Authorization, and Accounting (AAA) 114

Two Reasons for Implementing AAA on Cisco Routers 114

Cisco’s Implementation of AAA for Cisco Routers 115

Tasks to Configure Local Database AAA on a Cisco Router 116

Additional Local Database AAA CLI Commands 120

Configuring External AAA on a Cisco Router Using
Cisco Secure ACS.. 121

Why Use Cisco Secure ACS?. 123

Cisco Secure ACS Features. 123

Cisco Secure ACS for Windows Installation Requirements 124

Cisco Secure ACS Solution Engine and Cisco Secure
ACS Express 5.0 Comparison. 125

TACACS+ or RADIUS?. 125

Prerequisites for Cisco Secure ACS 126

Three Main Tasks for Setting Up External AAA 127

Troubleshooting/Debugging Local AAA, RADIUS, and TACACS+.. 140

AAA Configuration Snapshot. 141

Exam Prep Questions.. 142

Answers to Exam Prep Questions. 145

Chapter 4: Implementing Secure Management and Hardening the Router 147

Planning for Secure Management and Reporting 148

What to Log.. 149

How to Log.. 150

Reference Architecture for Secure Management and Reporting.. 151

Secure Management and Reporting Guidelines 153

Logging with Syslog.. 153

Cisco Security MARS. 154

Where to Send Log Messages. 154

Log Message Levels. 155

Log Message Format. 156

Enabling Syslog Logging in SDM. 156

Using SNMP.. 157

Configuring the SSH Daemon. 161

Configuring Time Features. 165

Using Cisco SDM and CLI Tools to Lock Down the Router 167

Router Services and Interface Vulnerabilities 167

Performing a Security Audit. 172

Exam Prep Questions.. 180

Answers to Exam Prep Questions. 182

Part III: Augmenting Depth of Defense

Chapter 5: Using Cisco IOS Firewalls to Implement a Network Security Policy 185

Examining and Defining Firewall Technologies 187

What Is a Firewall?.. 188

Characteristics of a Firewall. 189

Firewall Advantages.. 189

Firewall Disadvantages. 190

Role of Firewalls in a Layered Defense Strategy 190

Types of Firewalls.. 190

Cisco Family of Firewalls. 201

Firewall Implementation Best Practices 202

Creating Static Packet Filters with ACLs. 203

Threat Mitigation with ACLs. 203

Inbound Versus Outbound. 203

Identifying ACLs.. 205

ACL Examples Using the CLI. 205

ACL Guidelines.. 208

Using the Cisco SDM to Configure ACLs 209

Using ACLs to Filter Network Services 212

Using ACLs to Mitigate IP Address Spoofing Attacks 213

Using ACLs to Filter Other Common Services 216

Cisco Zone-Based Policy Firewall Fundamentals 218

Advantages of ZPF.. 220

Features of ZPF.. 221

ZPF Actions.. 221

Zone Behavior.. 221

Using the Cisco SDM Basic Firewall Wizard to
Configure ZPF.. 224

Manually Configuring ZPF with the Cisco SDM 233

Monitoring ZPF.. 238

Exam Prep Questions.. 241

Answers to Exam Prep Questions. 244

Chapter 6: Introducing Cryptographic Services.. 245

Cryptology Overview.. 246

Cryptanalysis.. 249

Encryption Algorithm (Cipher) Desirable Features 251

Symmetric Key Versus Asymmetric Key
Encryption Algorithms.. 251

Block Versus Stream Ciphers. 254

Which Encryption Algorithm Do I Choose? 255

Cryptographic Hashing Algorithms. 256

Principles of Key Management. 256

Other Key Considerations. 257

SSL VPNs.. 259

Exploring Symmetric Key Encryption. 261

DES... 263

3DES.. 264

AES... 265

SEAL.. 266

Rivest Ciphers (RC).. 267

Exploring Cryptographic Hashing Algorithms and Digital Signatures.. 268

HMACs.. 270

Message Digest 5 (MD5). 271

Secure Hashing Algorithm 1 (SHA-1) 272

Digital Signatures.. 272

Exploring Asymmetric Key Encryption and Public Key Infrastructure.. 275

Encryption with Asymmetric Keys. 276

Authentication with Asymmetric Keys 277

Public Key Infrastructure Overview. 277

PKI Topologies.. 278

PKI and Usage Keys. 279

PKI Server Offload and Registration Authorities (RAs) 280

PKI Standards.. 280

Certificate Enrollment Process. 282

Certificate-Based Authentication. 283

Certificate Applications. 284

Exam Prep Questions.. 286

Answers to Exam Prep Questions. 289

Chapter 7: Virtual Private Networks with IPsec.. 291

Overview of VPN Technology.. 292

Cisco VPN Products. 293

VPN Benefits.. 293

Site-to-Site VPNs.. 294

Remote-Access VPNs. 295

Cisco IOS SSL VPN. 296

Cisco VPN Product Positioning. 297

VPN Clients.. 299

Hardware-Accelerated Encryption. 300

IPsec Compared to SSL. 301

Conceptualizing a Site-to-Site IPsec VPN. 302

IPsec Components.. 302

IPsec Strengths.. 306

Constructing a VPN: Putting it Together 307

Implementing IPsec on a Site-to-Site VPN Using the CLI 315

Step 1: Ensure That Existing ACLs Are Compatible with the IPsec VPN.. 315

Step 2: Create ISAKMP (IKE Phase I) Policy Set(s) 316

Step 3: Configure IPsec Transform Set(s) 318

Step 4: Create Crypto ACL Defining Traffic in the IPsec VPN.. 319

Step 5: Create and Apply the Crypto Map (IPsec Tunnel Interface).. 320

Verifying and Troubleshooting the IPsec VPN Using the CLI.. 321

Implementing IPsec on a Site-to-Site VPN Using Cisco SDM 325

Site-to-Site VPN Wizard Using Quick Setup 325

Site-to-Site VPN Wizard Using Step-by-Step Setup 329

Exam Prep Questions.. 337

Answers to Exam Prep Questions. 339

Chapter 8: Network Security Using Cisco IOS IPS. 341

Exploring IPS Technologies.. 342

IDS Versus IPS.. 342

IDS and IPS Categories. 343

IPS Attack Responses. 347

Event Management and Monitoring. 349

Host IPS.. 351

Network IPS.. 354

HIPS and Network IPS Comparison 355

Cisco IPS Appliances. 356

IDS and IPS Signatures. 357

Signature Alarms.. 359

Best Practices for IPS Configuration 360

Implementing Cisco IOS IPS.. 362

Cisco IOS IPS Feature Blend. 362

Cisco IOS IPS Primary Benefits. 362

Cisco IOS IPS Signature Integration 363

Configuring Cisco IOS IPS with the Cisco SDM 364

Cisco IOS IPS CLI Configuration. 377

Configuring IPS Signatures. 378

SDEE and Syslog Logging Protocol Support 381

Verifying IOS IPS Operation. 384

Exam Prep Questions.. 387

Answers to Exam Prep Questions. 390

Part IV: Security Inside the Perimeter

Chapter 9: Introduction to Endpoint, SAN, and Voice Security. 395

Introducing Endpoint Security. 396

Cisco’s Host Security Strategy. 397

Securing Software.. 397

Endpoint Attacks.. 399

Cisco Solutions to Secure Systems and Thwart Endpoint Attacks.. 403

Endpoint Best Practices. 407

Exploring SAN Security.. 407

SAN Advantages.. 407

SAN Technologies.. 408

SAN Address Vulnerabilities. 408

Virtual SANs (VSANs). 409

SAN Security Strategies. 409

Exploring Voice Security.. 411

VoIP Components.. 411

Threats to VoIP Endpoints. 413

Fraud... 414

SIP Vulnerabilities.. 414

Mitigating VoIP Hacking. 415

Exam Prep Questions.. 418

Answers to Exam Prep Questions. 420

Chapter 10: Protecting Switch Infrastructure.. 421

VLAN Hopping Attacks.. 422

VLAN Hopping by Rogue Trunk. 423

VLAN Hopping by Double-Tagging. 424

STP Manipulation Attack.. 425

STP Manipulation Attack Mitigation: Portfast 426

STP Manipulation Attack Mitigation: BPDU Guard 427

STP Manipulation Attack Mitigation: Root Guard 428

CAM Table Overflow Attack.. 428

CAM Table Overflow Attack Mitigation: Port Security 429

MAC Address Spoofing Attack. 429

MAC Address Spoofing Attack Mitigation: Port Security 429

Configuring Port Security.. 429

Port Security Basic Settings. 430

Port Security Optional Settings. 430

Port Security Verification. 433

Miscellaneous Switch Security Features. 434

Intrusion Notification.. 434

Switched Port Analyzer (SPAN). 435

Storm Control.. 436

Switch Security Best Practices. 438

Exam Prep Questions.. 439

Answers to Exam Prep Questions. 440

Part V: Practice Exams and Answers

Practice Exam 1... 443

Answers to Practice Exam 1.. 461

Practice Exam 2... 471

Answers to Practice Exam 2.. 487

Part VI: Appendixes

Appendix A: What’s on the CD-ROM.. 499

Appendix B: Need to Know More?... 503

TOC, 0789738007, 10/3/08

Read More Show Less

Preface

Introduction

Welcome to CCNA Security Exam Cram! The fact that you are reading this means that you are interested in the CCNA Security certification that Cisco announced in July of 2008. Cisco has done a thorough job of revamping the certification path for the Cisco Certified Security Professional (CCSP), with the CCNA Security certification being the cornerstone upon which the CCSP certification depends. Implementing Cisco IOS Network Security (IINS) is the recommended training course for CCNA Security certification. If you already hold the prerequisite valid CCNA certification, passing the 640-553 IINS exam enables you to obtain the CCNA Security certification—likely to become one of the hottest certifications in IT. This book helps prepare you for that exam. The book assumes that you already have your CCNA certification or an equivalent level of knowledge. If you do not have a CCNA level of knowledge, you should consider putting down this book and first pursuing more robust fundamental training, such as a full CCNA course book or a recommended CCNA course. And remember that CCNA is a prerequisite to CCNA Security certification.

This book is a synthesized, distilled, and pared-down effort, with only enough information as is necessary to provide context for the information you need to pass the exam. This is not to say that this book is not a good read, but it is a fair reflection of the type of material that you will need to master in order to be successful with the exam. Read this book, understand the material, and drill yourself with the practice exams, and you stand a very good chance of passing the exam. That said, it's possible that in the course of working through this book, depending on your prior CCNA Security training or on-the-job experience, you might identify topics you are struggling with and might require you to look up more fundamental resources to deal with. This book discusses all the topics on the exam and tests you on all of them, but it does not always provide detailed coverage of all those topics.

Organization and Elements of This Book

When designing a secure network infrastructure, the workflow moves from the perimeter of the network to the inside of the network. After the perimeter is properly secured, the security architect can turn his or her attention to securing devices on the inside of the network perimeter where the endpoints reside. This structured approach is mimicked in the basic organization of this book.

The chapters of this book are organized into four major parts, with each part encapsulating a major idea in the field of network security:

  • Part I: Network Security Architecture
  • Part II: Perimeter Security
  • Part III: Augmenting Depth of Defense
  • Part IV: Security Inside the Perimeter

You can use this book's organization to your advantage while studying for the CCNA Security 640-553 IINS exam because each part of the book is selfcontained. Although it is recommended that you follow the parts sequentially, there are frequent cross-references to content contained in other chapters if you choose to follow your own path through this book.

Each chapter follows a uniform structure, with graphical cues about especially important or useful material. The structure of a typical chapter is as follows:

  • Terms You'll Need to Understand: Each chapter begins with a list of the terms you'll need to understand, which define the concepts that you'll need to master before you can be fully conversant with the chapter's subject matter.
  • Exam Topics Covered in This Chapter: Cisco publishes a list of exam topics for the 640-553 IINS exam. Each chapter of this book begins by listing the exam topics covered in that chapter. See the following "Self Assessment" element for a complete list of the topics and the chapters where they are covered.
  • Exam Alerts: Throughout the topical coverage, Exam Alerts highlight material most likely to appear on the exam by using a special layout that looks like this:

  • Warning - This is what an Exam Alert looks like. An Exam Alert stresses concepts, terms, or activities that will most likely appear in one or more certification exam questions. For that reason, any information found offset in Exam Alert format is worthy of unusual attentiveness on your part.


    Even if material isn't flagged as an Exam Alert, all content in this book is associated in some way with test-related material. What appears in the chapter content is critical knowledge.

  • Notes: This book is an overall examination of basic Cisco network security concepts and practice. As such, there are a number of side excursions into other aspects of network security and prerequisite networking knowledge. So that these do not distract from the topic at hand, this material is placed in notes.

  • Note - Cramming for an exam will get you through a test, but it won't make you a competent network security practitioner. Although you can memorize just the facts you need to become certified, your daily work in the field will rapidly put you in water over your head if you don't know the underlying principles behind a Cisco Self-Defending Network.


  • Practice Questions: This section presents a short list of test questions (most chapters have 10 of these) related to the specific chapter topics. Each question has a follow-on explanation of both correct and incorrect answers—this is very important because it is more important to know why you were wrong. Computers are binary and will accept right or wrong as answers, but we aren't, so we don't!

In addition to the topical chapters, this book also provides the following:

  • Practice Exams: Part V contains the sample tests that are a very close approximation of the types of questions you are likely to see on the current CCNA Security exam.
  • Answer Keys for Practice Exams: Part V also contains detailed answers to the practice exam questions. Like the questions at the end of the chapters, these explain both the correct answers and the incorrect answers and are therefore very helpful to go through thoroughly as you grade your practice exam. Knowing the topics you struggle with and why you got a question wrong is crucial.
  • Cram Sheet: This appears as a tear-away sheet inside the front cover of the book. It is a valuable tool that represents a collection of the most difficult-to-remember facts and numbers that the author thinks you should memorize before taking the test.
  • CD: The CD that accompanies this book features an innovative practice test engine powered by MeasureUp, including 100 practice questions. The practice exam contains question types covering all the topics on the CCNA Security exam, providing you with a challenging and realistic exam simulation environment.

Contacting the Author

I've tried to create a real-world tool and clearly written book that you can use to prepare for and pass the CCNA Security certification exam. That said, I am interested in any feedback that you have that might help make this Exam Cram better for future test-takers. Constructive and reasonable criticism is always welcome and will most certainly be responded to. You can contact the publisher, or you can reach me by email at eric@breezy.ca.

Please also share your exam experience. Did this book help you pass this exam? Did you feel better prepared after you read the book? Was it a confidence booster? Would you recommend this book to your colleagues?

Thanks for choosing me as your personal trainer, and enjoy the book!

—Eric Stewart

© Copyright Pearson Education. All rights reserved.

Read More Show Less

Customer Reviews

Average Rating 1
( 1 )
Rating Distribution

5 Star

(0)

4 Star

(0)

3 Star

(0)

2 Star

(0)

1 Star

(1)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously
Sort by: Showing 1 Customer Reviews
  • Posted October 2, 2011

    Can't download nook color doesn' t support file type???

    See headline

    0 out of 2 people found this review helpful.

    Was this review helpful? Yes  No   Report this review
Sort by: Showing 1 Customer Reviews

If you find inappropriate content, please report it to Barnes & Noble
Why is this product inappropriate?
Comments (optional)