(IINSv2) 640-554 Official Pass4sure Guide

640-554 IINSv2 Exam

Table I-1 lists the topics of the 640-554 IINSv2 exam and indicates the parts in the book where these topics are covered.

About the Implementing Cisco IOS Network Security
(IINSv2) 640-554 Official Pass4sure Guide
This book maps to the topic areas of the 640-554 exam and uses a number of features to help you understand the topics and prepare for your exam.

O b j e c t i v e s a n d M e t h o d s

This book uses several key methodologies to help you discover the exam topics for which you need more review, to help you fully understand and remember those details, and to help you prove to yourself that you have retained your knowledge of those top  - ics. So, this book does not try to help you pass the 640-554 lab simulation exam only by memorization, but by truly learning and understanding the topics.

This book is designed to assist you in the exam by using the following methods:

• Using a conversational style that reflects the fact that we wrote this book as if we made it just for you, as a friend, discussing the topics with you, one step at a time
• Helping you discover which exam topics you may want to invest more time studying, to really “get it”
• Providing explanations and information to fill in your knowledge gaps
• Supplying three bonus videos (on the CD) to reinforce some of the critical concepts and techniques that you have learned from in your study of this book
• Providing practice questions to assess your understanding of the topic

 B o o k F e a t u r e s

To help you customize your study time using this book, the core chapters have several
features that help you make the best use of your time:

“Do I Know This Already?” quiz:- Each chapter begins with a quiz that helps you determine how much time you need to spend studying that chapter.

• Foundation Topics:- These are the core sections of each chapter. They explain the concepts for the topics in that chapter.
• Exam Preparation Tasks:- After the “Foundation Topics” section of each chapter, the “Exam Preparation Tasks” section lists a series of study activities that you should do when you finish the chapter. Each chapter includes the activities that make the most sense for studying the topics in that chapter:
• Review All the Key Topics:- The Key Topic icon appears next to the most important items in the “Foundation Topics” section of the chapter. The “Review All the Key Topics” activity lists the key topics from the chapter, along with their page numbers. Although the contents of the entire chapter could be on the exam, you should definitely know the information listed in each key topic, so you should review these.
• Complete the Tables and Lists from Memory:- To help you memorize some lists of facts, many of the more important lists and tables from the chapter are included in a document on the CD. This document lists only partial information, allowing you to complete the table or list.
• Define Key Terms: -Although the exam material 640-554 is unlikely to ask a “define this term” type of question, the CCNA exams do require that you learn and know a lot of networking terminology. This section lists the most important terms from the chapter, asking you to write a short definition and compare your answer to the glossary at the end of the book.
• Command Reference to Check Your Memory: - Review important commands covered in the chapter.
• CD-based practice exam:- The companion CD contains an exam engine that enables you to review practice exam questions. Use these to prepare with a sample exam and to pinpoint topics where you need more study.

How This Book Is Organized

This book contains 21 core chapters. Chapter 22 includes some preparation tips and suggestions for how to approach the exam. Each core chapter covers a subset of the topics on the CCNA Security exam. The core chapters are organized into parts. They cover the following topics:

Part I: Fundamentals of Network Security

• Chapter 1 , “Networking Security Concepts”:- This chapter covers the need for and the building blocks of network and information security, threats to our networks today, and fundamental principles of secure network design.
• Chapter 2 , “Understanding Security Policies Using a Lifecycle Approach”:- This chapter covers risk analysis and management and security policies.
• Chapter 3 , “Building a Security Strategy”:- This chapter covers securing borderless networks and controlling and containing data loss. Part II: Protecting the Network Infrastructure
• Chapter 4 , “Network Foundation Protection”:- This chapter covers introduction to securing the network using the network foundation protection (NFP) approach, the management plane, the control plane, and the data plane. 
• Chapter 5 , “Using Cisco Configuration Professional to Protect the Network Infrastructure”: - This chapter covers introduction to Cisco Configuration Professional, CCP features and the GUI, setting up a new devices, CCP building blocks, and CCP audit features.
• Chapter 6 , “Securing the Management Plane on Cisco IOS Devices”:- This chapter covers management traffic and how to make it more secure and the implementation of security measures to protect the management plane. 
• Chapter 7 , “Implementing AAA Using IOS and the ACS Server”:- This chapter covers the role of Cisco Secure ACS and the two primary protocols used with it, RADIUS and TACACS. It also covers configuration of a router to interoperate with an ACS server and configuration of the ACS server to interoperate with a router. The chapter also covers router tools to verify and troubleshoot router-to-ACS server interactions. 
• Chapter 8 , “Securing Layer 2 Technologies”:- This chapter covers VLANs and trunking fundamentals, spanning-tree fundamentals, and common Layer 2 threats and how to mitigate them.
• Chapter 9 , “Securing the Data Plane in IPv6”:- This chapter covers IPv6 (basics, configuring, and developing a security plan for IPv6). Part III: Mitigating and Controlling Threats
• Chapter 10 , “Planning a Threat Control Strategy”: - This chapter covers the design considerations for threat mitigation and containment and the hardware, software, and services used to implement a secure network.
• Chapter 11 , “Using Access Control Lists for Threat Mitigation”:- This chapter covers the benefits and fundamentals for access control lists (ACL) , implementing IPv4 ACLs as packet filters, and implementing IPv6 ACLs as packet filters.
• Chapter 12 , “Understanding Firewall Fundamentals”:- This chapter covers fire-wall concepts and the technologies used by them, the function of Network Address Translation (NAT) including its building blocks, and the guidelines and consider ations for creating and deploying firewalls.
• Chapter 13 , “Implementing Cisco IOS Zone-Based Firewalls”:- This chaptercovers the operational and functional components of the IOS Zone-Based Firewall and how to configure and verify the IOS Zone-Based Firewall.
• Chapter 14 , “Configuring Basic Firewall Policies on Cisco ASA”:- This chapter covers the Adaptive Security Appliance (ASA) family and features, ASA firewall fundamentals, and configuring the ASA.
• Chapter 15 , “Cisco IPS/IDS Fundamentals”:- This chapter compares intrusion prevention systems (IPS) to intrusion detection systems (IDS) and covers how to identify malicious traffic on the network, manage signatures, and monitor and manage alarms and alerts.
• Chapter 16 , “Implementing IOS-Based IPS”:- This chapter covers the features included in IOS-based IPS (in software) and installing the IPS feature, working with signatures in IOS-based IPS, and managing and monitoring IPS alarms. Part IV: Using VPNs for Secure Connectivity
• Chapter 17 , “Fundamentals of VPN Technology”:- This chapter covers what VPNs are and why we use them and the basic ingredients of cryptography.
• Chapter 18 , “Fundamentals of the Public Key Infrastructure”: - This chapter covers the concepts, components, and operations of the public key infrastructure (PKI) and includes an example of putting the pieces of PKI to work.
• Chapter 19 , “Fundamentals of IP Security”: - This chapter covers the concepts, components, and operations of IPsec and how to configure and verify IPsec.
• Chapter 20 , “Implementing IPsec Site-to-Site VPNs”: - This chapter covers planning and preparing to implement an IPsec site-to-site VPN and implementing and verifying the IPsec site-to-site VPN.
• Chapter 21 , “Implementing SSL VPNs Using Cisco ASA”:- This chapter covers the functions and use of SSL for VPNs, configuring SSL clientless VPN on the ASA, and configuring the full SSL AnyConnect VPN on the ASA.
• Chapter 22 , “Final Preparation”: - This chapter identifies tools for final exam preparation and helps you develop an effective study plan.Appendixes
• Appendix A , “Answers to the ’Do I Know This Already?’ Quizzes”:- Includes the answers to all the questions from Chapters 1 through 21 .
• Appendix B , “CCNA Security 640-554 (IINSv2) Exam Updates”:- This appendix provides instructions for finding updates to the exam and this book when and if they occur. CD-Only Appendixes
• Appendix C , “Memory Tables”:- This CD-only appendix contains the key tables and lists from each chapter, with some of the contents removed. You can print this appendix and, as a memory exercise, complete the tables and lists. The goal is to help you memorize facts that can be useful on the exams. This appendix is available in PDF format on the CD; it is not in the printed book.
• Appendix D , “Memory Tables Answer Key”:- This CD-only appendix contains the answer key for the memory tables in Appendix C . This appendix is available in PDF format on the CD; it is not in the printed book.