CCNA Security Study Guide: Exam 210-260 for New Students

CCNA Security Study Guide: Exam 210-260

Lay the foundation for a successful career in network security

CCNA Security Study Guide offers comprehensive review for Test4actual 210-260. Packed with concise explanations of core security concepts, this book is designed to help you successfully prepare for the exam. Expert instruction guides you through critical concepts relating to secure network infrastructure, access management, VPN encryption, Firewalls, intrusion prevention and more, with complete coverage of the CCNA exam objectives. Practical examples allow you to apply your skills in real-world scenarios, helping you transition effectively from "learning" to "doing". You also get access to the Sybex online learning environment, featuring the tools you need to maximize your study time: key terminology and flash cards allow you to study anytime, anywhere, while chapter tests and practice exams help you track your progress and gauge your readiness along the way.

f:id:Test4Actual210-260Braindumps:20180314190907j:plain

 

The CCNA Security certification 210-260 dumps your knowledge of secure network installation, monitoring, and troubleshooting using Cisco security hardware and software solutions. When you're ready to get serious about preparing for the exam, this book gives you the advantage of complete coverage, real-world application, and extensive learning aids to help you pass with confidence.

 

  • Master Cisco security essentials, standards, and core technologies
  • Work through practical examples drawn from real-world examples
  • Track your progress with online study aids and self-tests
  • Develop critical competencies in maintaining data integrity, confidentiality, and availability

 

Earning your CCNA Security certification validates your abilities in areas that define careers including network security, administrator, and network security support engineer. With data threats continuing to mount, the demand for this skill set will only continue to grow—and in an employer's eyes, a CCNA 210-260 practice test makes you a true professional. CCNA Security Study Guide is the ideal preparation resource for candidates looking to not only pass the exam, but also succeed in the field.

 

Table of Contents

  • Introduction xxi
  • Assessment Test xxxi

 

Chapter 1 Understanding Security Fundamentals 1

 

  • Goals of Security 2
  • Confidentiality 2
  • Integrity 3
  • Availability 3
  • Guiding Principles 3
  • Common Security Terms 6
  • Risk Management Process 7
  • Network Topologies 15
  • CAN 15
  • WAN 16
  • Data Center 16
  • SOHO 17
  • Virtual 17
  • Common Network Security Zones 17
  • DMZ 17
  • Intranet and Extranet 18
  • Public and Private 18
  • VLAN 18
  • Summary 19
  • Exam Essentials 19
  • Review Questions 20

 

Chapter 2 Understanding Security Threats 25

 

  • Common Network Attacks 26
  • Motivations 26
  • Classifying Attack Vectors 27
  • Spoofing 28
  • Password Attacks 29
  • Reconnaissance Attacks 30
  • Buffer Overflow 34
  • DoS 34
  • DDoS 36
  • Man-in-the-Middle Attack 37
  • ARP Poisoning 37
  • Social Engineering 38
  • Phishing/Pharming 38
  • Prevention 38
  • Malware 39
  • Data Loss and Exfiltration 39
  • Summary 40
  • Exam Essentials 40
  • Review Questions 42

 

Chapter 3 Understanding Cryptography 45

  • Symmetric and Asymmetric Encryption 46
  • Ciphers 46
  • Algorithms 48
  • Hashing Algorithms 53
  • MD5 54
  • SHA-1 54
  • SHA-2 54
  • HMAC 55
  • Digital Signatures 55
  • Key Exchange 57
  • Application: SSH 57
  • Public Key Infrastructure 57
  • Public and Private Keys 58
  • Certificates 60
  • Certificate Authorities 61
  • PKI Standards 63
  • PKI Topologies 64
  • Certificates in the ASA 65
  • Cryptanalysis 67
  • Summary 68
  • Exam Essentials 68
  • Review Questions 69

 

Chapter 4 Securing the Routing Process 73

 

  • Securing Router Access 74
  • Configuring SSH Access 74
  • Configuring Privilege Levels in IOS 76
  • Configuring IOS Role-Based CLI 77
  • Implementing Cisco IOS Resilient Configuration 79
  • Implementing OSPF Routing Update Authentication 80
  • Implementing OSPF Routing Update Authentication 80
  • Implementing EIGRP Routing Update Authentication 82
  • Securing the Control Plane 82
  • Control Plane Policing 83
  • Summary 84
  • Exam Essentials 85
  • Review Questions 86

 

Chapter 5 Understanding Layer 2 Attacks 91

 

  • Understanding STP Attacks 92
  • Understanding ARP Attacks 93
  • Understanding MAC Attacks 95
  • Understanding CAM Overflows 96
  • Understanding CDP/LLDP Reconnaissance 97
  • Understanding VLAN Hopping 98
  • Switch Spoofing 98
  • Double Tagging 99
  • Understanding DHCP Spoofing 99
  • Summary 101
  • Exam Essentials 101
  • Review Questions 102

 

Chapter 6 Preventing Layer 2 Attacks 107

 

  • Configuring DHCP Snooping 108
  • Configuring Dynamic ARP Inspection 110
  • Configuring Port Security 112
  • Configuring STP Security Features 114
  • BPDU Guard 114
  • Root Guard 115
  • Loop Guard 115
  • Disabling DTP 116
  • Verifying Mitigations 116
  • DHCP Snooping 116
  • DAI 117
  • Port Security 118
  • STP Features 118
  • DTP 120
  • Summary 120
  • Exam Essentials 121
  • Review Questions 122

 

Chapter 7 VLAN Security 127

 

  • Native VLANs 128
  • Mitigation 128
  • PVLANs 128
  • PVLAN Edge 131
  • PVLAN Proxy Attack 132
  • ACLs on Switches 133
  • Port ACLs 133
  • VLAN ACLs 133
  • Summary 134
  • Exam Essentials 134
  • Review Questions 136

 

Chapter 8 Securing Management Traffic 141

 

  • In-Band and Out-of-Band Management 142
  • AUX Port 142
  • VTY Ports 143
  • HTTPS Connection 144
  • SNMP 144
  • Console Port 145
  • Securing Network Management 146
  • SSH 146
  • HTTPS 146
  • ACLs 146
  • Banner Messages 147
  • Securing Access through SNMP v3 149
  • Securing NTP 150
  • Using SCP for File Transfer 151
  • Summary 151
  • Exam Essentials 152
  • Review Questions 153

 

Chapter 9 Understanding 802.1x and AAA 157

 

  • 802.1x Components 158
  • RADIUS and TACACS+ Technologies 159
  • Configuring Administrative Access with TACACS+ 160
  • Local AAA Authentication and Accounting 160
  • SSH Using AAA 161
  • Understanding Authentication and Authorization
  • Using ACS and ISE 161
  • Understanding the Integration of Active Directory with AAA 162
  • TACACS+ on IOS 162
  • Verify Router Connectivity to TACACS+ 164
  • Summary 164
  • Exam Essentials 165
  • Review Questions 166

 

Chapter 10 Securing a BYOD Initiative 171

 

  • The BYOD Architecture Framework 172
  • Cisco ISE 172
  • Cisco TrustSec 174
  • The Function of Mobile Device Management 177
  • Integration with ISE Authorization Policies 177
  • Summary 178
  • Exam Essentials 179
  • Review Questions 180

Chapter 11 Understanding VPNs 185

  • Understanding IPsec 186
  • Security Services 186
  • Protocols 189
  • Delivery Modes 192
  • IPsec with IPV6 194
  • Understanding Advanced VPN Concepts 195
  • Hairpinning 195
  • Split Tunneling 196
  • Always-on VPN 197
  • NAT Traversal 198
  • Summary 199
  • Exam Essentials 199
  • Review Questions 200

 

Chapter 12 Configuring VPNs 203

 

  • Configuring Remote Access VPNs 204
  • Basic Clientless SSL VPN Using ASDM 204
  • Verify a Clientless Connection 207
  • Basic AnyConnect SSL VPN Using ASDM 207
  • Verify an AnyConnect Connection 209
  • Endpoint Posture Assessment 209
  • Configuring Site-to-Site VPNs 209
  • Implement an IPsec Site-to-Site VPN with Preshared Key Authentication 209
  • Verify an IPsec Site-to-Site VPN 212
  • Summary 212
  • Exam Essentials 213
  • Review Questions 214

 

Chapter 13 Understanding Firewalls 219

 

  • Understanding Firewall Technologies 220
  • Packet Filtering 220
  • Proxy Firewalls 220
  • Application Firewall 221
  • Personal Firewall 221
  • Stateful vs. Stateless Firewalls 222
  • Operations 222
  • State Table 223
  • Summary 224
  • Exam Essentials 224
  • Review Questions 225

 

Chapter 14 Configuring NAT and Zone-Based Firewalls 229

  • Implementing NAT on ASA 9.x 230
  • Static 231
  • Dynamic 232
  • PAT 233
  • Policy NAT 233
  • Verifying NAT Operations 235
  • Configuring Zone-Based Firewalls 236
  • Class Maps 237
  • Default Policies 237
  • Configuring Zone-to-Zone Access 239
  • Summary 240
  • Exam Essentials 240
  • Review Questions 241

 

Chapter 15 Configuring the Firewall on an ASA 245

 

  • Understanding Firewall Services 246
  • Understanding Modes of Deployment 247
  • Routed Firewall 247
  • Transparent Firewall 247
  • Understanding Methods of Implementing High Availability 247
  • Active/Standby Failover 248
  • Active/Active Failover 248
  • Clustering 249
  • Understanding Security Contexts 249
  • Configuring ASA Management Access 250
  • Initial Configuration 250
  • Configuring Cisco ASA Interface Security Levels 251
  • Security Levels 251
  • Configuring Security Access Policies 253
  • Interface Access Rules 253
  • Object Groups 254
  • Configuring Default Cisco Modular Policy Framework (MPF) 256
  • Summary 257
  • Exam Essentials 257
  • Review Questions 259

 

Chapter 16 Intrusion Prevention 263

 

  • IPS Terminology 264
  • Threat 264
  • Risk 264
  • Vulnerability 265
  • Exploit 265
  • Zero-Day Threat 265
  • Actions 265
  • Network-Based IPS vs. Host-Based IPS 266
  • Host-Based IPS 266
  • Network-Based IPS 266
  • Promiscuous Mode 266
  • Detection Methods 267
  • Evasion Techniques 267
  • Packet Fragmentation 267
  • Injection Attacks 270
  • Alternate String Expressions 271
  • Introducing Cisco FireSIGHT 271
  • Capabilities 271
  • Protections 272
  • Understanding Modes of Deployment 273
  • Inline 275
  • Positioning of the IPS within the Network 275
  • Outside 275
  • DMZ 276
  • Inside 277
  • Understanding False Positives, False Negatives, True Positives, and True Negatives 277
  • Summary 278
  • Exam Essentials 278
  • Review Questions 280

 

Chapter 17 Content and Endpoint Security 285

 

  • Mitigating Email Threats 286
  • Spam Filtering 286
  • Context-Based Filtering 287
  • Anti-malware Filtering 287
  • DLP 287
  • Blacklisting 288
  • Email Encryption 288
  • Cisco Email Security Appliance 288
  • Putting the Pieces Together 290
  • Mitigating Web-Based Threats 292
  • Understanding Web Proxies 292
  • Cisco Web Security Appliance 293
  • Mitigating Endpoint Threats 294
  • Cisco Identity Services Engine (ISE) 294
  • Antivirus/Anti-malware 294
  • Personal Firewall 294
  • Hardware/Software Encryption of Local Data 294
  • HIPS 295
  • Summary 295
  • Exam Essentials 295
  • Review Questions 296
  • Appendix Answers to Review Questions 301

 

 

Chapter 1: Understanding Security Fundamentals 302
Chapter 2: Understanding Security Threats 304
Chapter 3: Understanding Cryptography 305
Chapter 4: Securing the Routing Process 307
Chapter 5: Understanding Layer 2 Attacks 309
Chapter 6: Preventing Layer 2 Attacks 311
Chapter 7: VLAN Security 312
Chapter 8: Securing Management Traffic 314
Chapter 9: Understanding 802.1x and AAA 316
Chapter 10: Securing a BYOD Initiative 317
Chapter 11: Understanding VPNs 319
Chapter 12: Configuring VPNs 321
Chapter 13: Understanding Firewalls 322
Chapter 14: Configuring NAT and Zone-Based Firewalls 324
Chapter 15: Configuring the Firewall on an ASA 325
Chapter 16: Intrusion Prevention 327
Chapter 17: Content and Endpoint Security 328
Index 331