Home > Store

31 Days Before Your CCNA Security Exam: A Day-By-Day Review Guide for the IINS 210-260 Certification Exam

Add To My Wish List

31 Days Before Your CCNA Security Exam: A Day-By-Day Review Guide for the IINS 210-260 Certification Exam

By Patrick Gargano
Published Jun 23, 2016 by Cisco Press. Part of the 31 Days series.

Book

Sorry, this book is no longer in print.

Not for Sale

About

Description

Sample Content

Updates

Features

Commit to taking the CCNA Security/IINS exam in one month and understand the process
Review key points of the Networking Academy information with a specific focus on CCNA Security objectives
Provides instructors with a creative way to present relatively dry topics using the book and online companion as well as review at the end of the class
Empowers an individual to fit CCNA Security studies into an otherwise busy schedule with a daily timeline

Copyright 2016
Dimensions: 6" x 9"
Pages: 352
Edition: 1st

Book
ISBN-10: 1-58720-578-5
ISBN-13: 978-1-58720-578-1

31 Days Before Your CCNA Security Exam

31 Days Before Your CCNA Security Exam offers you an engaging and practical way to understand the certification process, commit to taking the CCNA Security IINS 210-260 certification exam, and finish your preparation using a variety of Primary and Supplemental study resources.

The IINS 210-260 exam tests your knowledge of secure network infrastructure, core security concepts, secure access, VPN encryption, firewalls, intrusion prevention, web/email content security, and endpoint security. It also tests your skills for installing, troubleshooting, and monitoring secure networks to maintain the integrity, confidentiality, and availability of data and devices.

Sign up for the IINS 210-260 exam and use the book’s day-by-day guide and checklist to organize, prepare, and review. Each day in this guide breaks down an exam topic into a manageable bit of information to review using short summaries. A Study Resources section provides you with a quick reference for locating more in-depth treatment of a day’s topics within the Primary and Supplemental resources.

The features of the book empower you to fit exam preparation into a busy schedule:

· A visual calendar summarizing each day’s study topic

· A checklist providing advice for preparation activities leading up to the exam

· A description of the CCNA Security IINS 210-260 exam organization and sign-up process

· Strategies from the author to be mentally, organizationally, and physically prepared for exam day

· A conversational tone, which makes your study time more enjoyable

Primary Resources:

CCNA Security 210-260 Official Cert Guide ISBN-13: 978-1-58720-566-8

CCNA Security Course Booklet Version 2 ISBN-13: 978-1-58713-351-0

CCNA Security Lab Manual Version 2 ISBN-13: 978-1-58713-350-3

Supplemental Resources:

CCNA Security 210-260 Complete Video Course ISBN-13: 978-0-13-449931-4

CCNA Security Portable Command Guide, Second Edition ISBN-13: 978-1-58720-575-0

Cisco ASA: All-in-One Next-Generation Firewall, IPS, and VPN Services, Third Edition ISBN-13: 978-1-58714-307-6

Category: Certification

Covers: CCNA Security

Sample Pages

Download the sample pages (includes Chapter 29 and Index)

Introduction xxii

Digital Study Guide xxvi

Day 31: Common Security Principles 1

CCNA Security 210-260 IINS Exam Topics 1

Key Topics 1

Confidentiality, Integrity, and Availability (CIA) 1

SIEM 1

Common Network Security Terms 2

Security Zones 2

Study Resources 4

Day 30: Common Security Threats 5

CCNA Security 210-260 IINS Exam Topics 5

Key Topics 5

Network Attacks 5

Reconnaissance Attacks 5

Access Attacks 5

DoS and DDoS Attacks 6

Social Engineering 7

Types 7

Defenses 8

Malware 8

Data Loss 9

Study Resources 10

Day 29: Cryptographic Technologies 11

CCNA Security 210-260 IINS Exam Topics 11

Key Topics 11

CIA Triad 11

Key Exchange and Management 11

Hash Algorithms 12

Well-known Hash Functions 12

Authentication Using Hashing 13

Hashing in Cisco Products 14

Symmetric and Asymmetric Encryption 15

Encryption Overview 15

Symmetric Encryption Algorithms 15

Asymmetric Encryption Algorithms 16

Digital Signatures and RSA Certificates 18

Study Resources 19

Day 28: PKI and Network Security Architectures 21

CCNA Security 210-260 IINS Exam Topics 21

Key Topics 21

Public Key Infrastructure 21

PKI Terminology, Components, and Classes of Certificates 22

PKI Topologies 23

PKI Standards 24

PKI Operations 25

Enrollment and Revocation 27

Network Architectures and Topologies 28

Campus-Area Network (CAN) 28

WAN and Branch/SOHO 29

Data Center 31

Cloud and Virtual Networks 31

Study Resources 33

Day 27: Secure Management Systems 35

CCNA Security 210-260 IINS Exam Topics 35

Key Topics 35

In-band and Out-of-band Management 35

Management Plane Security 36

Access Security 36

SSH/HTTPS 38

Syslog 38

Simple Network Management Protocol (SNMP) 39

Network Time Protocol (NTP) 42

Secure Copy Protocol (SCP) 43

Study Resources 44

Day 26: AAA Concepts 45

CCNA Security 210-260 IINS Exam Topics 45

Key Topics 45

AAA 45

RADIUS and TACACS+ 46

RADIUS 46

TACACS+ 47

ACS and ISE 48

ACS 49

ISE 49

Study Resources 50

Day 25: TACACS+ and RADIUS Implementation 51

CCNA Security 210-260 IINS Exam Topics 51

Key Topics 51

Server-based AAA Authentication 51

Server-based AAA Authorization 53

Server-based AAA Accounting 54

Server-based AAA Verification and Troubleshooting 55

Study Resources 58

Day 24: 802.1X 61

CCNA Security 210-260 IINS Exam Topics 61

Key Topics 61

802.1X 61

Terminology and Concepts 61

Configuration and Verification 63

Study Resources 65

Day 23: BYOD 67

CCNA Security 210-260 IINS Exam Topics 67

Key Topics 67

BYOD Architecture 67

BYOD Management 69

Study Resources 72

Day 22: IPsec Technologies 73

CCNA Security 210-260 IINS Exam Topics 73

Key Topics 73

VPNs 73

IPsec Framework 76

IPsec Protocols 77

AH 77

ESP 78

IPsec Modes of Operations 78

Confidentiality 79

Data Integrity 79

Origin Authentication 80

Key Management 80

Suite B Cryptographic Standard 81

IKE 81

IKEv1 Phase 1 82

IKEv1 Phase 2 83

IKEv2 83

Study Resources 84

Day 21: Clientless Remote-Access VPN 85

CCNA Security 210-260 IINS Exam Topics 85

Key Concepts 85

Clientless SSL VPN Concepts 85

Clientless SSL VPN Configuration 87

Task 1: Launch Clientless SSL VPN Wizard from ASDM 88

Task 2: Configure the SSL VPN URL and Interface 88

Task 3: Configure User Authentication 89

Task 4: Configure User Group Policy 90

Task 5: Configure Bookmarks 90

Clientless SSL VPN Verification 95

Study Resources 97

Day 20: AnyConnect Remote Access VPN 99

CCNA Security 210-260 IINS Exam Topics 99

Key Topics 99

AnyConnect SSL VPN Concepts 99

SSL VPN Server Authentication 100

SSL VPN Client Authentication 100

SSL VPN Client IP Address Assignment 100

AnyConnect SSL VPN Configuration and Verification 101

Phase 1: Configure Cisco ASA for Cisco AnyConnect 101

Task 1: Connection Profile Identification 101

Task 2: VPN Protocols and Device Certificate 102

Task 3: Client Image 102

Task 4: Authentication Methods 103

Task 5: Client Address Assignment 103

Task 6: Network Name Resolution Servers 104

Task 7: Network Address Translation Exemption 104

Task 8: AnyConnect Client Deployment and Summary 105

Phase 2: Configure the Cisco AnyConnect VPN Client 106

Phase 3: Verify AnyConnect Configuration and Connection 108

Study Resources 111

Day 19: Site-to-Site VPN 113

CCNA Security 210-260 IINS Exam Topics 113

Key Topics 113

IPsec Negotiation 113

Cisco IOS CLI-based Site-to-Site IPsec VPN 114

Configuration 115

Step 1: ACL Compatibility 115

Step 2: IKE Phase 1–ISAKMP Policy 115

Step 3: IKE Phase 2–IPsec Transform Set 117

Step 4: Crypto ACLs 117

Step 5: IPsec Crypto Map 118

Verification 119

Cisco ASA Site-to-Site IPsec VPN 122

Configuration 123

Step 1: Launch the ASDM Site-to-Site VPN Wizard 123

Step 2: Peer Device Identification 123

Step 3: Traffic to Protect 124

Step 4: Security 124

Step 5: NAT Exempt 125

Verification 125

Study Resources 128

Day 18: VPN Advanced Topics 131

CCNA Security 210-260 IINS Exam Topics 131

Key Topics 131

Hairpinning and Client U-Turn 131

Split Tunneling 132

Always-on VPN 134

NAT Traversal 134

Endpoint Posture Assessment 135

Study Resources 136

Day 17: Secure Device Access 137

CCNA Security 210-260 IINS Exam Topics 137

Key Topics 137

Cisco IOS Authorization with Privilege Levels 137

Authorization with Role-Based CLI 138

Cisco IOS Resilient Configuration 139

Cisco IOS File Authenticity 140

Study Resources 142

Day 16: Secure Routing Protocols 143

CCNA Security 210-260 IINS Exam Topics 143

Key Topics 143

Routing Protocol Authentication 143

OSPF MD5 Authentication 144

MD5 Authentication with Key Chain 144

MD5 Authentication Without Key Chain 145

OSPF SHA Authentication 146

Study Resources 148

Day 15: Control Plane Security 149

CCNA Security 210-260 IINS Exam Topics 149

Key Topics 149

Functional Planes of the Network 149

Control Plane Policing 150

Control Plane Protection 151

Study Resources 152

Day 14: Layer 2 Infrastructure Security 153

CCNA Security 210-260 IINS Exam Topics 153

Key Topics 153

Common Layer 2 Attacks 153

STP Attacks 153

ARP Spoofing 155

MAC Spoofing 156

CAM Table Overflows 157

CDP/LLDP Reconnaissance 157

VLAN Hopping 157

DHCP Spoofing 158

Study Resources 159

Day 13: Layer 2 Protocols Security 161

CCNA Security 210-260 IINS Exam Topics 161

Key Topics 161

DHCP Snooping 161

Dynamic ARP Inspection 163

IP Source Guard 164

Port Security 165

STP Security Mechanisms 167

PortFast 167

BPDU Guard 168

Root Guard 168

Loop Guard 168

Study Resources 169

Day 12: VLAN Security 171

CCNA Security 210-260 IINS Exam Topics 171

Key Topics 171

Private VLANs 171

PVLAN Edge 174

ACLs on Switches 175

PACL Configuration 176

VACL Configuration 177

Native VLAN 178

Study Resources 180

Day 11: Firewall Technologies 181

CCNA Security 210-260 IINS Exam Topics 181

Key Topics 181

Firewall Overview 181

Packet Filtering 183

Proxy and Application Firewalls 185

Stateful Firewalls 187

Next-Generation Firewalls 188

Personal Firewall 189

Study Resources 189

Day 10: Cisco ASA NAT Implementation 191

CCNA Security 210-260 IINS Exam Topics 191

Key Topics 191

NAT Fundamentals 191

NAT on Cisco ASA 193

Static NAT 195

Dynamic NAT 198

Dynamic PAT 201

Policy NAT 203

Study Resources 208

Day 9: Cisco IOS Zone-Based Policy Firewall 209

CCNA Security 210-260 IINS Exam Topics 209

Key Topics 209

ZPF Concepts 209

ZPF Zones and Zone Pairs 210

Introduction to C3PL 211

Class Maps 212

Policy Maps 212

Service Policy 213

Default Policies and Traffic Flows 213

ZPF Configuration and Verification 214

Configuring Class Maps 214

Configuring Policy Maps 215

Configuration and Verification 216

Study Resources 218

Day 8: Cisco ASA Firewall Concepts 219

CCNA Security 210-260 IINS Exam Topics 219

Key Topics 219

Cisco ASA Family 219

ASA Features and Services 221

ASA Deployments 222

ASA High Availability 223

ASA Contexts 225

Study Resources 226

Day 7: ASA Firewall Configuration 227

CCNA Security 210-260 IINS Exam Topics 227

Key Topics 227

ASA Default Configuration 227

ASA Management Access 229

ASA Interfaces 230

ASA Access Rules 232

ASA Objects and Object Groups 234

ASA Modular Policy Framework 240

Study Resources 244

Day 6: IDS/IPS Concepts 245

CCNA Security 210-260 IINS Exam Topics 245

Key Topics 245

IDS vs. IPS 245

Host-based vs. Network-based IPS 247

IPS Deployment Options 248

IPS Placement 249

IPS Terminology 250

Study Resources 251

Day 5: IDS/IPS Technologies 253

CCNA Security 210-260 IINS Exam Topics 253

Key Topics 253

Detection Technologies 253

Signatures 254

Trigger Actions 255

Blacklisting 256

Next-Generation IPS with FirePOWER 256

Study Resources 257

Day 4: Email-based Threat Mitigation 259

CCNA Security 210-260 IINS Exam Topics 259

Key Topics 259

ESA Overview 259

ESA Deployment 260

ESA Features 263

Filtering Spam 263

Fighting Viruses and Malware 264

Email Data Loss Prevention 264

Advanced Malware Protection 264

ESA Mail Processing 265

Incoming Mail Processing 265

Outgoing Mail Processing 266

Study Resources 267

Day 3: Web-based Threat Mitigation 269

CCNA Security 210-260 IINS Exam Topics 269

Key Topics 269

Cisco WSA 269

Cisco CWS 272

Study Resources 274

Day 2: Endpoint Protection 275

CCNA Security 210-260 IINS Exam Topics 275

Key Topics 275

Endpoint Security Overview 275

Personal Firewalls 276

Antivirus 276

Antispyware 277

Antimalware 278

Data Encryption 279

Study Resources 280

Day 1: CCNA Security Skills Review and Practice 281

CCNA Security 210-260 IINS Exam Topics 281

Key Topics 281

CCNA Security Skills Practice 281

Introduction 281

Topology Diagram 281

Addressing Table 282

ISP Configuration 283

Implementation 283

Step 1: Cable the Network As Shown in the Topology 283

Step 2: Configure Initial Settings for R1_BRANCH 283

Step 3: Configure Initial Settings for HQ_SW 284

Step 4: Configure Initial Settings for HQ-ASA 285

Step 5: Configure Clientless SSL VPN 286

Step 6: Configure Site-to-Site IPsec VPN 286

Step 7: Configure a Zone-Based Policy Firewall 288

Answers to CCNA Security Skills Practice 289

Step 1: Cable the Network As Shown in the Topology 289

Step 2: Configure Initial Settings for R1_BRANCH 289

Step 3: Configure Initial Settings for HQ_SW 290

Step 4: Configure Initial Settings for HQ-ASA 291

Step 5: Configure Clientless SSL VPN 293

Step 6: Configure Site-to-Site IPsec VPN 294

Step 7: Configure a Zone-Based Policy Firewall 295

Exam Day 299

What You Need for the Exam 299

What You Should Receive After Completion 299

Summary 300

Post-Exam Information 301

Receiving Your Certificate 301

U.S. Government Recognition 301

Examining Certification Options 302

If You Failed the Exam 302

Summary 302

9781587205781 TOC 5/24/2016

Errata

We've made every effort to ensure the accuracy of this book and its companion content. Any errors that have been confirmed since this book was published can be downloaded below.

Download the errata

Submit Errata

Cisco Press Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from Cisco Press and its family of brands. I can unsubscribe at any time.

Privacy Notice

Overview

Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about Cisco Press products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information

To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.

Surveys

Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites; develop new products and services; conduct educational research; and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.

Newsletters

If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@ciscopress.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information

Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.

Security

Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.

Children

This site is not directed to children under the age of 13.

Marketing

Pearson may send or direct marketing communications to users, provided that

Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
Such marketing is consistent with applicable law and Pearson's legal obligations.
Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information

If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.

Choice/Opt-out

Users can always make an informed choice as to whether they should proceed with certain services offered by Cisco Press. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.ciscopress.com/u.aspx.

Sale of Personal Information

Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents

California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure

Pearson may disclose personal information, as follows:

As required by law.
With the consent of the individual (or their parent, if the individual is a minor)
In response to a subpoena, court order or legal process, to the extent permitted or required by law
To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
To investigate or address actual or suspected fraud or other illegal activities
To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.

Links

This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact

Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice

We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020

Email Address

Other Things You Might Like

31 Days Before your CCNA Exam: A Day-By-Day Review Guide for the CCNA 200-301 Certification Exam

31 Days Before your CCNA Exam: A Day-By-Day Review Guide for the CCNA 200-301 Certification Exam, 2nd Edition: By Allan Johnson; eBook $25.59

CCNA 200-301 Hands-on Mastery with Packet Tracer

CCNA 200-301 Hands-on Mastery with Packet Tracer: By Anthony J. Sequeira, Ronald Wong; Book $39.99

CCNA 200-301 Hands-on Mastery with Packet Tracer: By Anthony J. Sequeira, Ronald Wong; eBook $38.39