May 2019 Pass Blue Prism ARA01 Exam Questions Answers with Dumpscollection.com

ARA01 Practice Test Questions Answers

Worlds leading internet networking company Blue Prism Certification Exams providing solutions to each and every company has traveled a long distance in a short time. Blue Prism has introduced many information technology certifications to cater everyday industry needs. These certifications are today dreams of young IT professionals entering the field of networking. It’s worth it having these listed in your resume when you apply for any job. One of these highly worthy certifications is Blue Prism ARA01. There is a big demand of such certified professionals in the international job market and they are offered lucrative salary packages.

                                                                                                            

Blue Prism ARA01 exam deals with the topics related to IP routing, bridging, non-IP desktop protocols, some equipment commands and switch-related technologies. This is basically a closed book exam. If you are already an IT professional then this certifications will not only enhance you current career but it will also offer much better opportunities in the market. Due to high demanding certification Blue Prism ARA01 guide and other helping materials for exams are easily available in the market.       

Why Dumpscollection.com for Your ARA01 Exam

There are many sites which provide information on Blue Prism ARA01 exams dumps and provide you study material like Blue Prism ARA01 dumps and others. To make a good preparation for this highly professional exam you must have a complete knowledge and for that you must use an authentic source. Dumpscollection is the best source to prepare for your Blue Prism ARA01 exam for 100 percent results. There are many reasons for using Dumpscollection but the best one is the Blue Prism ARA01 pass4sure results. There is a long list of students who have passed this certification with the help of Dumpscollection and now they are working at that place where they always wanted to be. Dumpscollection offers a number of tools to prepare yourself for ARA01 test coming ahead in a full professional way. One of these professionally created tools include ARA01 braindump which helps to know what sort of exam it will be. Information technology experts at Dumpscollection design these tools with complete requirement of exams in mind and mental approach of the students of a particular level. All the Blue Prism ARA01 Dumpscollection books are written to facilitate students in getting the basic concepts and techniques.

The ARA01 answers in the Dumpscollection books are written in detail to explain each and every point and completely answers ARA01 questions that can come in your final exams. Moreover Dumpscollection provides you every thing online and you can download anything anytime you want. Books are available in Blue Prism ARA01 pdf format so they can be downloaded and used easily. Now you can also get help from the ARA01 book which is available in audio format. Besides this another reason to use Dumpscollection is the ARA01 lab tests which you can give to enhance your technical skills. https://www.dumpscollection.com/Blue-Prism.html

100% Passing Ratio with Dumpscollection Value Pack

No one else except Dumpscollection assures you 100 percent ratio with its value pack. This value pack offers complete ARA01 training to get top grades. This value pack is specially designed and includes things like ARA01 real exam questions as well as ARA01 notes to clear certain points that are complicated in the syllabus. Another key feature that makes Dumpscollection’s value pack important is that is has all ARA01 simulation in it that are very important. These important features in the Dumpscollection value pack has increased its importance for passing Blue Prism ARA01 test with top ranks.

The ARA01 Real Questions guarantees with Dumpscollection value pack is the hottest issue among information technology professionals and it’s been on the top list of ARA01 forum for discussing network related issues. This is the only easiest way to get excellent results in your highly professional and demanding certification exam.

Top 7 Blue Prism Certifications Exams with Questions Answers

AD01 Questions Answers - AIE02 Questions Answers - APD01 Questions Answers

ASD01 Questions Answers - ATA02 Questions Answers - ATA01 Questions Answers

AIE01 Questions Answers

Top Certification Avaya 71200X Exam Braindumps Questions Answers 2019

71200X Practice Test Questions Answers

Worlds leading internet networking company Avaya Certification Exams providing solutions to each and every company has traveled a long distance in a short time. Avaya has introduced many information technology certifications to cater everyday industry needs. These certifications are today dreams of young IT professionals entering the field of networking. It’s worth it having these listed in your resume when you apply for any job. One of these highly worthy certifications is Avaya 71200X. There is a big demand of such certified professionals in the international job market and they are offered lucrative salary packages.

           

Avaya 71200X exam deals with the topics related to IP routing, bridging, non-IP desktop protocols, some equipment commands and switch-related technologies. This is basically a closed book exam. If you are already an IT professional then this certifications will not only enhance you current career but it will also offer much better opportunities in the market. Due to high demanding certification Avaya 71200X guide and other helping materials for exams are easily available in the market.

Why Dumpscollection.com for Your 71200X Exam

There are many sites which provide information on Avaya 71200X exams and provide you study material like Avaya 71200X dumps and others. To make a good preparation for this highly professional exam you must have a complete knowledge and for that you must use an authentic source. Dumpscollection is the best source to prepare for your Avaya 71200X exam for 100 percent results. There are many reasons for using Dumpscollection but the best one is the Avaya 71200X pass4sure results. There is a long list of students who have passed this certification with the help of Dumpscollection and now they are working at that place where they always wanted to be. Dumpscollection offers a number of tools to prepare yourself for 71200X test coming ahead in a full professional way. One of these professionally created tools include 71200X braindump which helps to know what sort of exam it will be. Information technology experts at Dumpscollection design these tools with complete requirement of exams in mind and mental approach of the students of a particular level. All the Avaya 71200X Dumpscollection Exam Questions Answers books are written to facilitate students in getting the basic concepts and techniques.

The 71200X answers in the Dumpscollection books are written in detail to explain each and every point and completely answers 71200X questions that can come in your final exams. Moreover Dumpscollection provides you every thing online and you can download anything anytime you want. Books are available in Avaya 71200X pdf format so they can be downloaded and used easily. Now you can also get help from the 71200X book which is available in audio format. Besides this another reason to use Dumpscollection is the 71200X lab tests which you can give to enhance your technical skills.

100% Passing Ratio with Dumpscollection Value Pack

No one else except Dumpscollection assures you 100 percent ratio with its value pack. This value pack offers complete 71200X training to get top grades. This value pack is specially designed and includes things like 71200X real exam questions as well as 71200X notes to clear certain points that are complicated in the syllabus. Another key feature that makes Dumpscollection’s value pack important is that is has all 71200X simulation in it that are very important. These important features in the Dumpscollection value pack has increased its importance for passing Avaya 71200X test with top ranks.

The 71200X Real Questions guarantees with Dumpscollection value pack is the hottest issue among information technology professionals and it’s been on the top list of 71200X forum for discussing network related issues. This is the only easiest way to get excellent results in your highly professional and demanding certification exam.

Top 10 Avaya Certification Exam with Questions Answers

7498X Questions Answers - 3313 Questions Answers - 3312 Questions Answers

7497X Questions Answers - 7492X Questions Answers - 7495X Questions Answers

78200X Questions Answers - 72200X Questions Answers - 7392X Questions Answers

3314 Questions Answers

Recognizing Current Network Threats

Recognizing Current Network Threats

Threats today are constantly changing, with new ones emerging. Moving targets are often difficult to zero in on, but understanding the general nature of threats can prepare you to deal with new threats. This section covers the various network threat categories and identifies some strategies to stay ahead of those threats.

Potential Attackers

We could devote an entire book to attacks that have been launched in the past 15 minutes somewhere in the world against a network resource. Instead of trying to list the thousands of attacks that could threaten vulnerable networks, let’s begin by looking at the types of adversaries that may be behind attacks:

• Terrorists
• Criminals
• Government agencies
• Nation-states
• Hackers
• Disgruntled employees
• Competitors

Anyone with access to a computing device (sad, but true)

Different terms are used to refer to these individuals, including hacker/cracker (criminal hacker), script-kiddie, hactivists, and the list goes on. As a security practitioner, you want to “understand your enemy.” This is not to say that everyone should learn to be a hacker or write malware, because that is really not going to help. Instead, the point is that it is good to understand the motivations and interests of the people involved in breaking all those things you seek to protect.

Some attackers seek financial gain (as mentioned previously). Others might want the notoriety that comes from attacking a well-known company or brand. Sometimes attackers throw their net wide and hurt companies both intended and unintended.

Back in the “old days,” attacks were much simpler. We had basic intrusions, war-dialing, and things like that. Viruses were fairly new. But it was all about notoriety. The Internet was in its infancy, and people sought to make names for themselves. In the late 1990s and early 2000s, we saw an increase in the number of viruses and malware, and it was about fame.

More recently, many more attacks and threats revolve around actual theft of information and damage with financial repercussions. Perhaps that is a sign of the economy, maybe it is just an evolution of who is computer literate or incented to be involved. Attackers may also be motivated by government or industrial espionage.

Attack Methods

Most attackers do not want to be discovered and so they use a variety of techniques to remain in the shadows when attempting to compromise a network, as described in Table 1-4 .

Table 1-4 Attack Methods

Attack Vectors

Be aware that attacks are not launched only from individuals outside your company. They are also launched from people and devices inside your company who have current user accounts. Perhaps the user is curious, or maybe a back door is installed on the computer that the user is on. In either case, it is important to implement a security policy that takes nothing for granted, and to be prepared to mitigate risk at several levels. You can implement a security policy that takes nothing for granted by requiring authentication from users before their computer is allowed on the network (for which you could use 802.1x and Cisco Access Control Server [ACS] ). This means that the workstation the user is on must go through a profiling before being allowed on the network. You could use Network Admission Control (NAC) or an Identity Service Engine (ISE) to enforce such a policy. In addition, you could use security measures at the switch port, such as port security and others. We cover many of these topics, in great detail, in later chapters.

Man-in-the-Middle Attacks

A man-in-the-middle attack results when attackers place themselves in line between two devices that are communicating, with the intent to perform reconnaissance or to manipulate the data as it moves between them. This can happen at Layer 2 or Layer 3. The main purpose is eavesdropping, so the attacker can see all the traffic. If this happens at Layer 2, the attacker spoofs Layer 2 MAC addresses to make the devices on a LAN believe that the Layer 2 address of the attacker is the Layer 2 address of their default gateway. This is called ARP poisoning . Frames that are supposed to go to the default gateway are forwarded by the switch to the Layer 2 address of the attacker on the same network. As a courtesy, the attacker can forward the frames to the correct destination so that the client will have the connectivity needed and the attacker now sees all the data between the two devices. To mitigate this risk, you could use techniques such as Dynamic Address Resolution Protocol (ARP) Inspection (DAI) on switches to prevent spoofing of the Layer 2 addresses.

The attacker could also implement the attack by placing a switch into the network and manipulating the Spanning Tree Protocol (STP) to become the root switch (and thus gain the ability to see any traffic that needs to be sent through the root switch). You can mitigate this through techniques such as root guard and other spanning-tree controls discussed later in this book.

A man-in-the-middle attack can occur at Layer 3 by a rogue router being placed on the network and then tricking the other routers into believing that the new router has a better path. This could cause network traffic to flow through the rogue router and again allow the attacker to steal network data. You can mitigate attacks such as these in various ways, including routing authentication protocols and filtering information from being advertised or learned on specific interfaces.

To safeguard data in motion, one of the best things you can do is to use encryption for the confidentiality of the data in transit. If you use plaintext protocols for management, such as Telnet or HTTP, an attacker who has implemented a man-in-the-middle attack can see the contents of your cleartext data packets, and as a result will see everything that goes across the attacker’s device, including usernames and passwords that are used. Using management protocols that have encryption built in, such as SSH and HTTPS, is considered best practice, and using VPN protection for cleartext sensitive data is also considered a best practice.

Other Miscellaneous Attack Methods

No standards groups for attackers exist, so not all the attacks fit clearly in one category. In fact, some attacks fit into two or more categories at the same time. Table 1-5

describes a few additional methods attackers might use.

Table 1-5 Additional Attack Methods

 

Foundation Topics - Understanding Network and Information Security Basics

Foundation Topics

Understanding Network and Information Security Basics

Pass4sure 640-554 Security is important, and the lack of it risks financial implications. This section covers some of the concepts, terms, and methodologies used in preparing for and working with secure networks.

Networks Security Objectives

When considering networks, you can view them from different perspectives. For example, senior management might view the network as a business tool to facilitate the goals of the company. Network technicians (at least some) might consider their networks to be the center of the universe. End users might consider the network to be just a tool for them to get their job done, or possibly as a source for recreation. Not all users appreciate their role in keeping data safe, and unfortunately the users of the network represent a significant vulnerability, in that they have usernames and passwords (or other credentials, such as one-time password token generators) that allow them access to the network. If a user is compromised or an unauthorized individual gains access, the security of the network may still fail as a result, even after you apply all the concepts that you learn in this 640-554 best book. So, an important point to remember is that the users themselves represent a security risk and that training users is a key part of a comprehensive security policy.

Confidentiality, Integrity, and Availability

Network security objectives usually involve three basic concepts:

Confidentiality:- There are two types of data: data in motion as it moves across the network; and data at rest, when data is sitting on storage media (server, local workstation, in the cloud, and so forth). Confidentiality means that only the authorized individuals/systems can view sensitive or classified information. This also implies that unauthorized individuals should not have any type of access to the data. Regarding data in motion, the primary way to protect that data is to encrypt it before sending it over the network. Another option you can use with encryption is to use separate networks for the transmission of confidential data. Several chapters in this book focus on these two concepts.

Integrity:- Integrity for data means that changes made to data are done only by authorized individuals/systems. Corruption of data is a failure to maintain data integrity.
Availability:- This applies to systems and to data. If the network or its data is not available to authorized users—perhaps because of a denial-of-service (DoS) attack or maybe because of a general network failure—the impact may be significant to companies and users who rely on that network as a business tool. The failure of a network generally equates to loss of revenue. Perhaps thinking of these security concepts as the CIA might help you remember them: confidentiality integrity, and availability

Cost-Benefit Analysis of Security

Network security engineers must understand not only what they protect, but also from whom. Risk management is the key phrase that you will hear over and over, and although not very glamorous, it is based on specific principles and concepts related to both asset protection and security management. What is an asset ? It is anything that is valuable to an organization. These could be tangible items (people, computers, and so on) or intangible items (intellectual property, database information, contact lists, accounting info). Knowing the assets that you are trying to protect and their value, location, and exposure can help you more effectively determine the time and money to spend securing those assets.

A vulnerability is an exploitable weakness in a system or its design. Vulnerabilities can be found in protocols, operating systems, applications, and system designs. Vulnerabilities abound, with more discovered every day.

A threat is any potential danger to an asset. If a vulnerability exists but has not yet been exploited, the threat is latent and not yet realized. If someone is actively launching an attack against your system and successfully accesses something or compromises your security against an asset, the threat is realized 640-554 questions & answers download. The entity that takes advantage of the vulnerability is known as the threat agent or
threat vector.

A countermeasure is a safeguard that somehow mitigates a potential risk. It does so by either reducing or eliminating the vulnerability, or at least reduces the likelihood of the threat agent to actually exploit the risk. For example, you might have an unpatched machine on your network, making it highly vulnerable. If that machine is unplugged from the network and ceases to have any interaction with exchanging data with any other device, you have successfully mitigated all of those vulnerabilities. You have likely rendered that machine no longer an asset, though; but it is safer.

Note that thresholds apply to how we classify things. We do not spend more than the asset is worth to protect it because doing so makes no sense. For example, purchasing a used car for $200 and then spending $2000 on a secure garage facility so that nobody can harm the car or $1500 on an alarm system for that car seems to be a fairly silly proposition. If you identify the data with the greatest value/worth, you usually automatically identify where the greatest effort to secure that information will be. Keep in mind, however, that beyond a company’s particular view about the value of any data, regulatory entities might also be involved (government regulations or laws, business partner agreements, contractual agreements, and so forth).

Just accepting the full risk (the all-or-nothing approach) is not really acceptable. After all, you can implement security measures to mitigate the risk. In addition, those same security devices, such as firewalls and intrusion prevention systems (IPS) , can protect multiple devices simultaneously, thus providing a cost benefit. So, you can reduce risk by spending money on appropriate security measures, and usually do a good job of protecting an asset. You can never completely eliminate risk, so you must find the balance. Table 1-2 describes a number of security terms and the appliances to which they relate.

Networking Security Concepts

Networking Security Concepts

Security has been important for a long time, with an increasing focus on it over the years. When LANs connecting personal computers began to emerge back in the early 1980s, security was not goal number one, and maybe not even in the top two or three when implementing a network. It was more of an afterthought. Today, however, security for corporate networks is at or near the top of the list.

One challenge to network security is that the threats to a network constantly change. You can deal with this in a couple of ways. One way is to just stick your head in the sand and hope attackers do not harm your network. An alternative approach is to design the network with the best practices for security 640-554 ebook download, and then monitor your current security and vigilantly update it.

The concept of location of data is becoming blurred by concepts of cloud computing and content-data networks and global load balancing. As we strive to empower employees around the world with ubiquitous access to important data, it is increasingly important to remain constantly vigilant about 640-554 iins syllabus protecting data and the entities using it (individuals, businesses, governments, and so on).

This chapter covers the fundamental building blocks of network security (implementing and improving), an essential topic that you are ready to master now that you better understand its importance.

“ Do I Know This Already ? ” Quiz

The “Do I Know This Already?” quiz helps you determine your level of knowledge of this chapter’s topics before you begin. Table 1-1 details the major topics discussed in this chapter and their corresponding quiz questions.

6 CCNA Security 640-554 Official Cert Guide

1 . Which security term refers to a person, property, or data of value to a company?

a . Risk
b . Asset
c . Threat prevention
d . Mitigation technique

2 . Which asset characteristic refers to risk that results from a threat and lack of a coun termeasure?

a . High availability
b . Liability
c . Threat prevention
d . Vulnerability

3 . Which three items are the primary network security objectives for a company?

a . Revenue generation
b . Confidentiality
c . Integrity
d . Availability

4 . Which data classification label is usually not found in a government organization?

a . Unclassified
b . Classified but not important
c . Sensitive but unclassified
d . For official use only
e . Secret

5 . Which of the following represents a physical control?

a . Change control policy
b . Background checks
c . Electronic lock
d . Access lists

6  What is the primary motivation for most attacks against networks today?

a . Political
b . Financial
c . Theological
d . Curiosity

7 . Which type of an attack involves lying about the source address of a frame or p a c k e t ?

a . Man-in-the-middle attack
b . Denial-of-service attack
c . Reconnaissance attack
d . Spoofing attack

8 . Which two approaches to security provide the most secure results on day one?

a . Role based
b . Defense in depth
c . Authentication
d . Least privilege

9 . Which of the following might you find in a network that is based on a defense-in-depth security implementation? (Choose all that apply.)

a . Firewall
b . IPS
c . Access lists
d . Current patches on servers

1 0 . In relation to production networks, which of the following are viable options when dealing with risk? (Choose all that apply.)

a . Ignore it
b . Transfer it
c . Mitigate it
d . Remove it

(IINSv2) 640-554 Official Pass4sure Guide

640-554 IINSv2 Exam

Table I-1 lists the topics of the 640-554 IINSv2 exam and indicates the parts in the book where these topics are covered.

About the Implementing Cisco IOS Network Security
(IINSv2) 640-554 Official Pass4sure Guide
This book maps to the topic areas of the 640-554 exam and uses a number of features to help you understand the topics and prepare for your exam.

O b j e c t i v e s a n d M e t h o d s

This book uses several key methodologies to help you discover the exam topics for which you need more review, to help you fully understand and remember those details, and to help you prove to yourself that you have retained your knowledge of those top  - ics. So, this book does not try to help you pass the 640-554 lab simulation exam only by memorization, but by truly learning and understanding the topics.

This book is designed to assist you in the exam by using the following methods:

• Using a conversational style that reflects the fact that we wrote this book as if we made it just for you, as a friend, discussing the topics with you, one step at a time
• Helping you discover which exam topics you may want to invest more time studying, to really “get it”
• Providing explanations and information to fill in your knowledge gaps
• Supplying three bonus videos (on the CD) to reinforce some of the critical concepts and techniques that you have learned from in your study of this book
• Providing practice questions to assess your understanding of the topic

 B o o k F e a t u r e s

To help you customize your study time using this book, the core chapters have several
features that help you make the best use of your time:

“Do I Know This Already?” quiz:- Each chapter begins with a quiz that helps you determine how much time you need to spend studying that chapter.

• Foundation Topics:- These are the core sections of each chapter. They explain the concepts for the topics in that chapter.
• Exam Preparation Tasks:- After the “Foundation Topics” section of each chapter, the “Exam Preparation Tasks” section lists a series of study activities that you should do when you finish the chapter. Each chapter includes the activities that make the most sense for studying the topics in that chapter:
• Review All the Key Topics:- The Key Topic icon appears next to the most important items in the “Foundation Topics” section of the chapter. The “Review All the Key Topics” activity lists the key topics from the chapter, along with their page numbers. Although the contents of the entire chapter could be on the exam, you should definitely know the information listed in each key topic, so you should review these.
• Complete the Tables and Lists from Memory:- To help you memorize some lists of facts, many of the more important lists and tables from the chapter are included in a document on the CD. This document lists only partial information, allowing you to complete the table or list.
• Define Key Terms: -Although the exam material 640-554 is unlikely to ask a “define this term” type of question, the CCNA exams do require that you learn and know a lot of networking terminology. This section lists the most important terms from the chapter, asking you to write a short definition and compare your answer to the glossary at the end of the book.
• Command Reference to Check Your Memory: - Review important commands covered in the chapter.
• CD-based practice exam:- The companion CD contains an exam engine that enables you to review practice exam questions. Use these to prepare with a sample exam and to pinpoint topics where you need more study.

How This Book Is Organized

This book contains 21 core chapters. Chapter 22 includes some preparation tips and suggestions for how to approach the exam. Each core chapter covers a subset of the topics on the CCNA Security exam. The core chapters are organized into parts. They cover the following topics:

Part I: Fundamentals of Network Security

• Chapter 1 , “Networking Security Concepts”:- This chapter covers the need for and the building blocks of network and information security, threats to our networks today, and fundamental principles of secure network design.
• Chapter 2 , “Understanding Security Policies Using a Lifecycle Approach”:- This chapter covers risk analysis and management and security policies.
• Chapter 3 , “Building a Security Strategy”:- This chapter covers securing borderless networks and controlling and containing data loss. Part II: Protecting the Network Infrastructure
• Chapter 4 , “Network Foundation Protection”:- This chapter covers introduction to securing the network using the network foundation protection (NFP) approach, the management plane, the control plane, and the data plane. 
• Chapter 5 , “Using Cisco Configuration Professional to Protect the Network Infrastructure”: - This chapter covers introduction to Cisco Configuration Professional, CCP features and the GUI, setting up a new devices, CCP building blocks, and CCP audit features.
• Chapter 6 , “Securing the Management Plane on Cisco IOS Devices”:- This chapter covers management traffic and how to make it more secure and the implementation of security measures to protect the management plane. 
• Chapter 7 , “Implementing AAA Using IOS and the ACS Server”:- This chapter covers the role of Cisco Secure ACS and the two primary protocols used with it, RADIUS and TACACS. It also covers configuration of a router to interoperate with an ACS server and configuration of the ACS server to interoperate with a router. The chapter also covers router tools to verify and troubleshoot router-to-ACS server interactions. 
• Chapter 8 , “Securing Layer 2 Technologies”:- This chapter covers VLANs and trunking fundamentals, spanning-tree fundamentals, and common Layer 2 threats and how to mitigate them.
• Chapter 9 , “Securing the Data Plane in IPv6”:- This chapter covers IPv6 (basics, configuring, and developing a security plan for IPv6). Part III: Mitigating and Controlling Threats
• Chapter 10 , “Planning a Threat Control Strategy”: - This chapter covers the design considerations for threat mitigation and containment and the hardware, software, and services used to implement a secure network.
• Chapter 11 , “Using Access Control Lists for Threat Mitigation”:- This chapter covers the benefits and fundamentals for access control lists (ACL) , implementing IPv4 ACLs as packet filters, and implementing IPv6 ACLs as packet filters.
• Chapter 12 , “Understanding Firewall Fundamentals”:- This chapter covers fire-wall concepts and the technologies used by them, the function of Network Address Translation (NAT) including its building blocks, and the guidelines and consider ations for creating and deploying firewalls.
• Chapter 13 , “Implementing Cisco IOS Zone-Based Firewalls”:- This chaptercovers the operational and functional components of the IOS Zone-Based Firewall and how to configure and verify the IOS Zone-Based Firewall.
• Chapter 14 , “Configuring Basic Firewall Policies on Cisco ASA”:- This chapter covers the Adaptive Security Appliance (ASA) family and features, ASA firewall fundamentals, and configuring the ASA.
• Chapter 15 , “Cisco IPS/IDS Fundamentals”:- This chapter compares intrusion prevention systems (IPS) to intrusion detection systems (IDS) and covers how to identify malicious traffic on the network, manage signatures, and monitor and manage alarms and alerts.
• Chapter 16 , “Implementing IOS-Based IPS”:- This chapter covers the features included in IOS-based IPS (in software) and installing the IPS feature, working with signatures in IOS-based IPS, and managing and monitoring IPS alarms. Part IV: Using VPNs for Secure Connectivity
• Chapter 17 , “Fundamentals of VPN Technology”:- This chapter covers what VPNs are and why we use them and the basic ingredients of cryptography.
• Chapter 18 , “Fundamentals of the Public Key Infrastructure”: - This chapter covers the concepts, components, and operations of the public key infrastructure (PKI) and includes an example of putting the pieces of PKI to work.
• Chapter 19 , “Fundamentals of IP Security”: - This chapter covers the concepts, components, and operations of IPsec and how to configure and verify IPsec.
• Chapter 20 , “Implementing IPsec Site-to-Site VPNs”: - This chapter covers planning and preparing to implement an IPsec site-to-site VPN and implementing and verifying the IPsec site-to-site VPN.
• Chapter 21 , “Implementing SSL VPNs Using Cisco ASA”:- This chapter covers the functions and use of SSL for VPNs, configuring SSL clientless VPN on the ASA, and configuring the full SSL AnyConnect VPN on the ASA.
• Chapter 22 , “Final Preparation”: - This chapter identifies tools for final exam preparation and helps you develop an effective study plan.Appendixes
• Appendix A , “Answers to the ’Do I Know This Already?’ Quizzes”:- Includes the answers to all the questions from Chapters 1 through 21 .
• Appendix B , “CCNA Security 640-554 (IINSv2) Exam Updates”:- This appendix provides instructions for finding updates to the exam and this book when and if they occur. CD-Only Appendixes
• Appendix C , “Memory Tables”:- This CD-only appendix contains the key tables and lists from each chapter, with some of the contents removed. You can print this appendix and, as a memory exercise, complete the tables and lists. The goal is to help you memorize facts that can be useful on the exams. This appendix is available in PDF format on the CD; it is not in the printed book.
• Appendix D , “Memory Tables Answer Key”:- This CD-only appendix contains the answer key for the memory tables in Appendix C . This appendix is available in PDF format on the CD; it is not in the printed book.

Introduction - Prepare for the CCNA Security certification exam

Introduction

Congratulations! If you are reading this, you have in your possession a powerful tool that can help you to

■ Improve your awareness and knowledge of network security
■ Increase your skill level related to the implementation of that security
■ Prepare for the CCNA Security certification exam

When writing this book, it was done with you in mind, and together we will discover the critical ingredients that make up the recipe for a secure network and work through examples of how to implement these features. By focusing on both covering the objectives for the CCNA Security exam and integrating that with real-world best practices and examples, Scott Morris and I created this content with the intention of being your personal tour guides, as we take you on a journey through the world of network security. The 640-554 official cert guide pdf Implementing Cisco IOS Network Security (IINSv2) exam is required for the CCNA Security certification. The prerequisite for CCNA Security is the CCNA Route/Switch certification (or any CCIE certification). 

The CCNA Security exam tests your knowledge of securing Cisco routers and switches and their associated networks, and this book prepares you for that exam. This book covers all the topics listed in Cisco’s exam blueprint, and each chapter includes key topics and preparation tasks to assist you in mastering this information. The CD that accompanies this book also includes bonus videos to assist you in your journey toward becoming a CCNA in Security. Of course, the CD included with the printed book also includes several practice questions to help you prepare for the exam.

About the 640-554 Implementing Cisco IOS Network Security (IINSv2) Exam
Cisco’s objective of the CCNA Security exam is to verify the candidate’s understanding, implementation, and verification of security best practices on Cisco hardware and software 640-554 review.

The focus points for the exam (which this book prepares you for) are as follows:

Cisco routers and switches

• Common threats, including blended threats, and how to mitigate them.
• The lifecycle approach for a security policy
• Understanding and implementing network foundation protection for the control, data, and management planes
• Understanding, implementing, and verifying AAA (authentication, authorization, and accounting) , including the details of TACACS+ and RADIUS
• Understanding and implementing basic rules inside of Cisco Access Control Server (ACS) Version 5.x, including configuration of both ACS and a router for communications with each otherStandard, extended, and named access control lists used for packet filtering and for the classification of traffic
• Understanding and implementing protection against Layer 2 attacks, including CAM table overflow attacks, and VLAN hopping

Cisco firewall technologies

• Understanding and describing the various methods for filtering implemented by firewalls, including stateful filtering. Compare and contrast the strengths and weaknesses of the various firewall technologies.
• Understanding the methods that a firewall may use to implement Network Address Translation (NAT) and Port Address Translation (PAT) .
• Understanding, implementing, and interpreting a Zone-Based Firewall policy through Cisco Configuration Professional (CCP) .
• Understanding and describing the characteristics and defaults for interfaces, security levels, and traffic flows on the Adaptive Security Appliance (ASA) .
• Implementing and interpreting a firewall policy on an ASA through the GUI tool named the ASA Security Device Manager (ASDM) .
• Intrusion prevention systems
• Comparing and contrasting intrusion prevention systems (IPS) versus intrusion detection systems (IDS) , including the pros and cons of each and the methods used by these systems for identifying malicious traffic
• Describing the concepts involved with IPS included true/false positives/negatives
• Configuring and verifying IOS-based IPS using CCP
• VPN technologies
• Understanding and describing the building blocks used for virtual private networks (VPN) today, including the concepts of symmetrical, asymmetrical, encryption, hashing, Internet Key Exchange (IKE) , public key infrastructure
• (PKI) , authentication, Diffie-Hellman, certificate authorities, and so on
• Implementing and verifying IPsec VPNs on IOS using CCP and the commandline
• interface (CLI)
• Implementing and verifying Secure Sockets Layer (SSL) VPNs on the ASA firewall using ASDM
• As you can see, it is an extensive list, but together we will not only address and learn each of these, but we will also have fun doing it. You can take the exam at Pearson VUE testing centers. You can register with VUE at vue.com/cisco/ .