CCNP Security FIREWALL 642-617 Official Cert Guide, Rough Cuts

Rough Cuts

  • Available to Safari Subscribers
  • About Rough Cuts

    • Rough Cuts are manuscripts that are developed but not yet published, available through Safari. Rough Cuts provide you access to the very latest information on a given topic and offer you the opportunity to interact with the author to influence the final publication.

Not for Sale
  • Description
  • Sample Content
  • Updates
  • Copyright 2012
  • Dimensions: 7-3/8" x 9-1/8"
  • Pages: 704
  • Edition: 1st
  • Rough Cuts
  • ISBN-10: 0-13-237864-7
  • ISBN-13: 978-0-13-237864-2

This is the Rough Cut version of the printed book.

CCNP Security FIREWALL 642-617

Official Cert Guide

David Hucaby, CCIE® No. 4594

Dave Garneau

Anthony Sequeira, CCIE No. 15626

Learn, prepare, and practice for exam success

  • Master CCNP Security FIREWALL 642-617 exam topics
  • Assess your knowledge with chapter-opening quizzes
  • Review key concepts with exam preparation tasks
  • Practice with realistic exam questions on the CD-ROM

CCNP Security FIREWALL 642-617 Official Cert Guide is a best of breed Cisco exam study guide that focuses specifically on the objectives for the CCNP Security FIREWALL exam. Senior security consultants and instructors David Hucaby, Dave Garneau, and Anthony Sequeira share preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.

CCNP Security FIREWALL 642-617 Official Cert Guide presents you with an organized test-preparation routine through the use of proven series elements and techniques. “Do I Know This Already?” quizzes open each chapter and enable you to decide how much time you need to spend on each section. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly.

The companion CD-ROM contains the powerful Pearson IT Certification Practice Test engine that enables you to focus on individual topic areas or take a complete, timed exam. The assessment engine also tracks your performance and provides feedback on a module-by-module basis, laying out a complete assessment of your knowledge to help you focus your study where it is needed most.

Well-regarded for its level of detail, assessment features, and challenging review questions and exercises, this official study guide helps you master the concepts and techniques that will enable you to succeed on the exam the first time.

CCNP Security FIREWALL 642-617 Official Cert Guide is part of a recommended learning path from Cisco that includes simulation and hands-on training from authorized Cisco Learning Partners and self-study products from Cisco Press. To find out more about instructor-led training, e-learning, and hands-on instruction offered by authorized Cisco Learning Partners worldwide, please visit www.cisco.com/go/authorizedtraining.

The official study guide helps you master all the topics on the CCNP Security FIREWALL exam, including

  • ASA interfaces
  • IP connectivity
  • ASA management
  • Recording ASA activity
  • Address translation
  • Access control
  • Proxy services
  • Traffic inspection and handling
  • Transparent firewall mode
  • Virtual firewalls
  • High availability
  • ASA service modules

Companion CD-ROM

The CD-ROM contains a free, complete practice exam.

Includes Exclusive Offer for 70% Off Premium Edition eBook and Practice Test

Pearson IT Certification Practice Test minimum system require

Table of Contents

Introduction xxiii

Chapter 1 Cisco ASA Adaptive Security Appliance Overview 3

“Do I Know This Already?” Quiz 3

Foundation Topics 7

Firewall Overview 7

Firewall Techniques 11

    Stateless Packet Filtering 11

    Stateful Packet Filtering 12

    Stateful Packet Filtering with Application Inspection and Control 12

    Network Intrusion Prevention System 13

    Network Behavior Analysis 14

    Application Layer Gateway (Proxy) 14

Cisco ASA Features 15

Selecting a Cisco ASA Model 18

    ASA 5505 18

    ASA 5510, 5520, and 5540 19

    ASA 5550 20

    ASA 5580 21

    Security Services Modules 22

        Advanced Inspection and Prevention (AIP) SSM 22

        Content Security and Control (CSC) SSM 23

        4-Port Gigabit Ethernet (4GE) SSM 24

    ASA 5585-X 24

    ASA Performance Breakdown 25

Selecting ASA Licenses 28

Exam Preparation Tasks 31

    Review All Key Topics 31

    Define Key Terms 31

Chapter 2 Working with a Cisco ASA 33

“Do I Know This Already?” Quiz 33

Foundation Topics 38

Using the CLI 38

    Entering Commands 39

    Command Help 41

    Command History 43

    Searching and Filtering Command Output 43

    Terminal Screen Format 45

Using Cisco ASDM 45

Understanding the Factory Default Configuration 50

Working with Configuration Files 52

    Clearing an ASA Configuration 55

Working with the ASA File System 56

    Navigating an ASA Flash File System 57

    Working with Files in an ASA File System 58

Reloading an ASA 61

    Upgrading the ASA Software at the Next Reload 63

    Performing a Reload 64

    Manually Upgrading the ASA Software During a Reload 65

Exam Preparation Tasks 69

    Review All Key Topics 69

    Define Key Terms 69

    Command Reference to Check Your Memory 69

Chapter 3 Configuring ASA Interfaces 73

“Do I Know This Already?” Quiz 73

Foundation Topics 77

Configuring Physical Interfaces