640-554 CCNA Security (IINSv2) Exam

640-554 IINSv2 Exam
Table I-1 lists the topics of the 640-554 IINSv2 exam and indicates the parts in the book where these topics are covered.

Table I-1 640-554 CCNA Security (IINSv2) Exam Topics



About the Implementing Cisco IOS Network Security (IINSv2) 640-554 Study Guide
This book maps to the topic areas of the 640-554 exam and uses a number of features to help you understand the topics and prepare for your exam.

Objectives and Methods
This book uses several key methodologies to help you discover the exam topics for which you need more review, to help you fully understand and remember those details, and to help you prove to yourself that you have retained your knowledge of those topics. So, this book does not try to help you pass the exams only by memorization, but by truly learning and understanding the topics. 

This book is designed to assist you in the exam by using the following methods:

  • Using a conversational style that reflects the fact that we wrote this book as if we made it just for you, as a friend, discussing the topics with you, one step at a time
  • Helping you discover which exam topics you may want to invest more time studying, to really “get it”
  • Providing explanations and information to fill in your knowledge gaps
  • Supplying three bonus videos (on the CD) to reinforce some of the critical concepts and techniques that you have learned from in your study of this book
  • Providing practice questions to assess your understanding of the topics

Book Features
To help you customize your study time using this book, the core chapters have several features that help you make the best use of your time:
  • “Do I Know This Already?” quiz: Each chapter begins with a quiz that helps you determine how much time you need to spend studying that chapter.
  • Foundation Topics: These are the core sections of each chapter. They explain the
  • concepts for the topics in that chapter.
  • Exam Preparation Tasks: After the “Foundation Topics” section of each chapter, the “Exam Preparation Tasks” section lists a series of study activities that you should
  • do when you finish the chapter. Each chapter includes the activities that make the most sense for studying the topics in that chapter:
  • Review All the Key Topics: The Key Topic icon appears next to the most important items in the “Foundation Topics” section of the chapter. The “Review All the Key Topics” activity lists the key topics from the chapter, along with their page numbers. Although the contents of the entire chapter could be on the exam, you should definitely know the information listed in each key topic, so you should review these.
  • Complete the Tables and Lists from Memory: To help you memorize some lists of facts, many of the more important lists and tables from the chapter are included in a document on the CD. This document lists only partial information, allowing you to complete the table or list.
  • Define Key Terms: Although the exam is unlikely to ask a “define this term” type of question, the CCNA exams do require that you learn and know a lot of networking terminology. This section lists the most important terms from the chapter, asking you to write a short definition and compare your answer to the glossary at the end of the book.
  • Command Reference to Check Your Memory: Review important commands covered in the chapter.
  • CD-based practice exam: The companion CD contains an exam engine that enables you to review practice exam questions. Use these to prepare with a sample exam and to pinpoint topics where you need more study.
No comments:

640-554 Implementing Cisco IOS Network Security (IINSv2) Exam

Introduction
Congratulations! If you are reading this, you have in your possession a powerful tool that can help you to
  • Improve your awareness and knowledge of network security
  • Increase your skill level related to the implementation of that security
  • Prepare for the CCNA Security certification exam
When writing this book, it was done with you in mind, and together we will discover the critical ingredients that make up the recipe for a secure network and work through examples of how to implement these features. By focusing on both covering the objectives for the CCNA Security exam and integrating that with real-world best practices and examples, Scott Morris and I created this content with the intention of being your personal tour guides, as we take you on a journey through the world of network security.


The 640-554 Implementing Cisco IOS Network Security (IINSv2) exam is required for the CCNA Security certification. The prerequisite for CCNA Security is the CCNA Route/Switch certification (or any CCIE certification). The CCNA Security exam tests your knowledge of securing Cisco routers and switches and their associated networks, and this book prepares you for that exam. This book covers all the topics listed in Cisco’s exam blueprint, and each chapter includes key topics and preparation tasks
to assist you in mastering this information. The CD that accompanies this book also includes bonus videos to assist you in your journey toward becoming a CCNA in Security. Of course, the CD included with the printed book also includes several practice questions to help you prepare for the exam.

About the 640-554 Implementing Cisco IOS Network Security (IINSv2) Exam
Cisco’s objective of the CCNA Security exam is to verify the candidate’s understanding,  implementation, and verification of security best practices on Cisco hardware and software.

The focus points for the exam (which this book prepares you for) are as follows:
  • Cisco routers and switches
  • Common threats, including blended threats, and how to mitigate them.
  • The lifecycle approach for a security policy
  • Understanding and implementing network foundation protection for the control, data, and management planes
  • Understanding, implementing, and verifying AAA (authentication, authorization, and accounting) , including the details of TACACS+ and RADIUS
  • Understanding and implementing basic rules inside of Cisco Access Control Server (ACS) Version 5.x, including configuration of both ACS and a router for communications with each other
  • Standard, extended, and named access control lists used for packet filtering and for the classification of traffic
  • Understanding and implementing protection against Layer 2 attacks, including CAM table overflow attacks, and VLAN hopping
  • Cisco firewall technologies
  • Understanding and describing the various methods for filtering implemented by firewalls, including stateful filtering. Compare and contrast the strengths and
  • weaknesses of the various firewall technologies.
  • Understanding the methods that a firewall may use to implement Network  Address Translation (NAT) and Port Address Translation (PAT) .
  • Understanding, implementing, and interpreting a Zone-Based Firewall policy through Cisco Configuration Professional (CCP) .
  • Understanding and describing the characteristics and defaults for interfaces, security levels, and traffic flows on the Adaptive Security Appliance (ASA) .
  • Implementing and interpreting a firewall policy on an ASA through the GUI tool named the ASA Security Device Manager (ASDM) .
 
  • Intrusion prevention systems
  • Comparing and contrasting intrusion prevention systems (IPS) versus intrusion detection systems (IDS) , including the pros and cons of each and the methods used by these systems for identifying malicious traffic
  • Describing the concepts involved with IPS included true/false positives/negatives
  • Configuring and verifying IOS-based IPS using CCP
  • VPN technologies
  • Understanding and describing the building blocks used for virtual private networks (VPN) today, including the concepts of symmetrical, asymmetrical,
  • encryption, hashing, Internet Key Exchange (IKE) , public key infrastructure (PKI) , authentication, Diffie-Hellman, certificate authorities, and so on
  • Implementing and verifying IPsec VPNs on IOS using CCP and the commandline interface (CLI)
  • Implementing and verifying Secure Sockets Layer (SSL) VPNs on the ASA firewall using ASDM
As you can see, it is an extensive list, but together we will not only address and learn each of these, but we will also have fun doing it.  You can take the exam at Pearson VUE testing centers. You can register with VUE at  http://www.vue.com/cisco/ .
1 comment:
Subscribe to: Posts (Atom)