CCNP Security Cisco Secure Firewall and Intrusion Prevention System Official Cert Guide - Nazmul Rajib

CCNP Security Cisco Secure Firewall and Intrusion Prevention System Official Cert Guide

Nazmul Rajib (Autor)

Media-Kombination
656 Seiten
2022
Cisco Press
978-0-13-658970-9 (ISBN)
83,70 inkl. MwSt
Trust the best-selling Official Cert Guide series from Cisco Press to help you learn, prepare, and practice for exam success. They are built with the objective of providing assessment, review, and practice to help ensure you are fully prepared for your certification exam and excel in your day-to-day security work.


CCNP Security Cisco Secure Firewall and Intrusion Prevention System Official Cert Guide presents you with an organized test preparation routine using proven series elements and techniques. "Do I Know This Already?" quizzes open each chapter and enable you to decide how much time you need to spend on each section. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly.

* Master the topics on the CCNP Security concentration exam that focuses on the Cisco Secure Firewall and IPS (formerly known as Cisco Firepower)
* Assess your knowledge with chapter-opening quizzes
* Review key concepts with exam preparation tasks
* Practice with realistic exam questions in the practice test software


CCNP Security Cisco Secure Firewall and Intrusion Prevention System Official Cert Guide from Cisco Press enables you to succeed on the exam the first time and is the only self-study resource approved by Cisco. Long-time Cisco security insider Nazmul Rajib shares preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills.

This complete study package includes

* A test-preparation routine proven to help you pass the exams
* Do I Know This Already? quizzes, which enable you to decide how much time you need to spend on each section
* Chapter-ending and part-ending exercises, which help you drill on key concepts you must know thoroughly
* The powerful Pearson Test Prep Practice Test software, with two full exams comprised of well-reviewed, exam-realistic questions, customization options, and detailed performance reports
* A final preparation chapter, which guides you through tools and resources to help you craft your review and test-taking strategies
* Study plan suggestions and templates to help you organize and optimize your study time


Well regarded for its level of detail, study plans, assessment features, and challenging review questions and exercises, this official study guide helps you master the concepts and techniques that ensure your exam success.


This official study guide helps you master the topics on the CCNP Security concentration exam that focuses on the Cisco Secure Firewall and IPS (formerly known as Cisco Firepower). Use it to deepen your knowledge of

* Configurations
* Integrations
* Deployments
* Management
* Troubleshooting, and more

Companion Website:
The companion website contains two full practice exams, an interactive Flash Cards application, Study Planner, Glossary, memory table and config checklist review exercises, and more.

Includes Exclusive Offers for Up to 80% Off Video Training, Practice Tests, and more

Pearson Test Prep online system requirements:
Browsers: Chrome version 73 and above, Safari version 12 and above, Microsoft Edge 44 and above.
Devices: Desktop and laptop computers, tablets running Android v8.0 and above or iPad OS v13 and above, smartphones running Android v8.0 and above or iOS v13 and above with a minimum screen size of 4.7.

Pearson Test Prep offline system requirements:
Windows 10, Windows 8.1; Microsoft .NET Framework 4.5 Client; Pentium-class 1 GHz processor (or equivalent); 512 MB RAM; 650 MB disk space plus 50 MB for each downloaded practice exam; access to the Internet to register and download exam databases.


Also available from Cisco Press for CCNP Security study is the CCNP Security Cisco Secure Firewall and Intrusion Prevention System Official Cert Guide Premium Edition eBook and Practice Test. This digital-only certification preparation product combines an eBook with enhanced Pearson Test Prep Practice Test.


This integrated learning package

* Enables you to focus on individual topic areas or take complete, timed exams
* Includes direct links from each question to detailed tutorials to help you understand the concepts behind the questions
* Provides unique sets of exam-realistic practice questions
* Tracks your performance and provides feedback on a module-by-module basis, laying out a complete assessment of your knowledge to help you focus your study where it is needed most

Nazmul Rajib is a senior product marketing manager of Cisco Systems, Inc. He leads Cisco's global initiatives on cybersecurity enablement, focusing on the firewall and intrusion prevention technologies. As a senior member of the Security Business Group (SBG), Nazmul regularly advises Cisco on security product roadmaps, content strategies, and technical communications. He develops training programs for the Global Security Sales Organization (GSSO) and worldwide channel partners. Nazmul also worked as a technical marketing engineer in the product management organization, where he was responsible for validating security designs, researching best practices, publishing white papers, and presenting new security capabilities. Prior to joining Cisco's core business group, Nazmul served as a senior information security consultant in the Cisco advanced services organization. With more than a decade of experience, Nazmul assisted many Fortune 500 companies, government agencies, and international organizations. He frequently met Cisco customers to address their critical security concerns and to run workshops. Previously, Nazmul was a technical lead in the Cisco Customer Experiences (CX) organization, where he consistently assisted the security engineers, and spearheaded the engineering efforts to solve business-critical escalations. He developed several training programs and taught many Cisco engineers worldwide. Nazmul published numerous articles on the Cisco website. In addition to this book, he has authored the best-selling security book Cisco Firepower Threat Defense (ISBN: 9781587144806). Nazmul is a veteran of Sourcefire, Inc., which developed the world's greatest open-source intrusion prevention system. At Sourcefire, Nazmul created and managed the customer knowledge base, new hire onboarding process, and partner certification program. He routinely trained Sourcefire's security engineers and managed security service providers (MSSP) in the United States. Nazmul has a master of science degree in Internetworking. He also holds many certifications in the areas of cybersecurity, information technology, technical communication, and product marketing. He is a Sourcefire Certified Expert and Sourcefire Certified Security Engineer.

Introduction xxv
Part I General Deployment
Chapter 1 Introduction to Cisco Secure Firewall and IPS 2
“Do I Know This Already?” Quiz 3
Foundation Topics 4
Evolution of Next-Generation Firewall 4
Cisco Secure Firewall Solutions 8
Product Evolution and Lifecycle 11
Software and Hardware Architecture 14
Scalability and Resiliency 18
    Clustering 18
    Multi-Instance 19
    High Availability 20
    Resiliency in Connectivity 21
Summary 22
Exam Preparation Tasks 22
Chapter 2 Deployment of Secure Firewall Virtual 24
“Do I Know This Already?” Quiz 24
Foundation Topics 26
Cisco Secure Firewall on a Virtual Platform 26
    Hosting Environment Settings 27
    Virtual Resource Allocation 28
    Software Package Selection 28
Best Practices 30
Configuration 31
    Virtual Network for Management Traffic 32
    Virtual Network for Data Traffic 33
    Virtual Machine Creation for Secure Firewall 35
System Initialization and Validation 41
Summary 45
Exam Preparation Tasks 46
Chapter 3 Licensing and Registration 48
Do I Know This Already? 48
Foundation Topics 50
Cisco Licensing Architecture 50
    Direct Cloud Access 52
    On-Premises Server 52
    Offline Access 53
Cisco Secure Firewall Licenses 54
    Feature License 54
    Export-Controlled License 55
    Evaluation License 56
Validation of Licensing 59
Device Registration 61
    Best Practices for Registration 61
    Configurations on Threat Defense 62
    Configurations on Management Center 63
    Management Communication over the Internet 65
Validation of Registration 67
Summary 68
Exam Preparation Tasks 69
Chapter 4 Firewall Deployment in Routed Mode 70
“Do I Know This Already?” Quiz 70
Foundation Topics 72
Routed Mode Essentials 72
Best Practices for Routed Mode Configuration 73
Fulfilling Prerequisites 73
    Enabling the Routed Firewall Mode 75
Configuration of the Routed Interface 75
    Configuring Interfaces with Static IP Addresses 76
    Configuring Interfaces with Automatic IP Addresses 80
Validation of Interface Configuration 82
Summary 88
Exam Preparation Tasks 89
Chapter 5 Firewall Deployment in Transparent Mode 90
“Do I Know This Already?” Quiz 90
Foundation Topics 92
Transparent Mode Essentials 92
Best Practices for Transparent Mode Configuration 93
Fulfilling Prerequisites 94
    Enabling the Transparent Firewall Mode 95
Configuring Transparent Mode in a Layer 2 Network 96
    Configuring the Physical and Virtual Interfaces 96
    Verifying the Interface Status 103
    Verifying Basic Connectivity and Operations 104
Deploying a Threat Defense Between Layer 3 Networks 108
    Selecting a Default Action 108
    Adding an Access Control Rule for a Routing Protocol 111
    Creating an Access Control Rule for the SSH Protocol 113
    Verifying Access Control Lists 115
Integrated Routing and Bridging (IRB) 118
Summary 118
Exam Preparation Tasks 118
Chapter 6 IPS-Only Deployment in Inline Mode 120
“Do I Know This Already?” Quiz 120
Foundation Topics 122
Inline Mode Essentials
    Inline Mode Versus Passive Mode 123
    Inline Mode Versus Transparent Mode 125
Best Practices for Inline Mode 125
Inline Mode Configuration 126
    Fulfilling Prerequisites 126
    Interface Setup 127
    Inline Set Configuration 129
Verification 132
    Event Analysis in IPS-Only Mode 135
Summary 136
Exam Preparation Tasks 136
Chapter 7 Deployment in Detection-Only Mode 138
“Do I Know This Already?” Quiz 139
Foundation Topics 141
Detection-Only Mode Essentials 141
    Passive Monitoring Technology 141
    Interface Modes: Inline, Inline Tap, and Passive 142
Best Practices for Detection-Only Deployment 143
Inline Tap Mode 145
    Configuration of Inline Tap Mode 145
    Verification of Inline Tap Configuration 147
Passive Interface Mode 149
    Configuration of Passive Interface Mode 149
        Configuring Passive Interface Mode on a Threat Defense 150
        Configuring a SPAN Port on a Switch 151
    Verification of Passive Interface Configuration 152
Event Analysis in Detection-Only Mode 153
Summary 154
Exam Preparation Tasks 154
Part II Basic Security Operations
Chapter 8 Capturing Traffic for Advanced Analysis 156
“Do I Know This Already?” Quiz 157
Foundation Topics 158
Packet Capture Essentials 158
Best Practices for Capturing Traffic 160
Capturing of Packets Using Secure Firewall 162
    Configuration 162
    Verification 165
    Packet Capture versus Packet Tracer 169
Summary 170
Exam Preparation Tasks 170
Chapter 9 Network Discovery Policy 172
“Do I Know This Already?” Quiz 172
Foundation Topics 174
Network Discovery Essentials 174
    Application Detectors 175
    Network Discovery Operations 176
Best Practices for Network Discovery 178
Fulfilling Prerequisites 179
Configurations 180
    Reusable Objects 181
    Network Discovery Policy 183
Verification 186
    Analyzing Application Discovery 186
    Analyzing Host Discovery 186
    Undiscovered New Hosts 188
Summary 191
Exam Preparation Tasks 191
Chapter 10 Access Control Policy 194
“Do I Know This Already?” Quiz 194
Foundation Topics 196
Access Control Policy Essentials 196
    Policy Editor 196
    Rule Editor 198
Best Practices for Access Control Policy 199
Access Control Policy Configuration 200
    Fulfilling Prerequisites 201
    Creating Rules 202
Verification 208
Summary 222
Exam Preparation Tasks 222
Chapter 11 Prefilter Policy 224
“Do I Know This Already?” Quiz 224
Foundation Topics 226
Prefilter Policy Essentials 226
    Prefilter Policy: Rules and Actions 226
    Bypassing Deep Packet Inspection 227
Best Practices for a Prefilter Policy 230
Enabling Bypass Through a Prefilter Policy 230
    Fulfilling Prerequisites 230
    Configuring a Rule in a Prefilter Policy 230
    Invoking a Prefilter Policy into an Access Control Policy 235
Establishing Trust Through an Access Control Policy 237
Verification 240
Managing Encapsulated Traffic Inspection 242
Summary 245
Exam Preparation Tasks 245
Chapter 12 Security Intelligence 248
“Do I Know This Already?” Quiz 249
Foundation Topics 251
Security Intelligence Essentials 251
Best Practices for Security Intelligence 256
Fulfilling Prerequisites 257
Automatic Blocking Using Cisco Intelligence Feed 259
    Verifying the Action of Cisco Intelligence Feed 262
    Overriding the Cisco Intelligence Feed Outcome 265
Instant Blocking Using Context Menu 267
    Adding an Address to the Block List 267
    Deleting an Address from the Block List 268
Manual Blocking Using Custom List 269
    Enabling Security Intelligence in Monitor-Only Mode 272
Threat Intelligence Director 274
    Enabling Threat Intelligence Director 276
    Adding Sources and Importing Indicators 277
Summary 280
Exam Preparation Tasks 281
Chapter 13 Domain Name System (DNS) Policy 282
“Do I Know This Already?” Quiz 282
Foundation Topics 284
DNS Policy Essentials 284
    Domain Name System (DNS) 284
    Blocking of a DNS Query Using a Secure Firewall 285
    DNS Rule Actions 287
        Actions That Can Interrupt DNS Queries 288
        Actions That Allow DNS Queries 292
    Sources of Intelligence 293
Best Practices for Blocking DNS Queries 295
Fulfilling Prerequisites 296
Configuring DNS Policy 297
    Add a New Rule to a DNS Policy 298
    Invoke the DNS Policy 301
Verification 302
Summary 307
Exam Preparation Tasks 307
Chapter 14 URL Filtering 310
“Do I Know This Already?” Quiz 310
Foundation Topics 312
URL Filtering Essentials 312
    Category and Reputation 312
    URL Database 314
Fulfilling Prerequisites 315
Best Practices for URL Filtering Configuration 317
Enabling URL Filtering 322
    Blocking URLs of a Certain Category 323
    Verifying the Operation of a URL Filtering Rule 325
    Allowing a Specific URL 329
    Analyzing the Default Category Override 331
    Handling Uncategorized URLs 335
    Investigating the Uncategorized URLs 338
Summary 340
Exam Preparation Tasks 341
Part III Advanced Configurations
Chapter 15 Network Analysis and Intrusion Policies 342
“Do I Know This Already?” Quiz 343
Foundation Topics 345
Intrusion Prevention System Essentials 345
    Network Analysis Policy 346
    Intrusion Policy 346
    System-Provided Variable Sets 352
    System-Provided Base Policies 353
Best Practices for Intrusion Policy Deployment 356
Configuring a Network Analysis Policy 359
Configuring an Intrusion Policy 364
    Creating a Policy with a Default Ruleset 364
    Incorporating Intrusion Rule Recommendations 365
    Enabling or Disabling an Intrusion Rule 368
    Setting Up a Variable Set 369
Policy Deployment 371
Verification 373
Summary 379
Exam Preparation Tasks 379
Chapter 16 Malware and File Policy 380
“Do I Know This Already?” Quiz 380
Foundation Topics 382
File Policy Essentials 382
    File Type Detection 382
    Malware Analysis 382
Best Practices for File Policy Configuration 386
Fulfilling Prerequisites 387
Configuring a File Policy 390
    Creating a File Policy 390
    Deploying a File Policy 396
Verification 398
    Analyzing File Events 399
    Analyzing Malware Events 404
        The Management Center Is Unable to Communicate with the Cloud 404
        The Management Center Performs a Cloud Lookup 408
        The Threat Defense Blocks Malware 409
    Overriding a Malware Disposition 412
    Network Trajectory 413
Summary 414
Exam Preparation Tasks 414
Chapter 17 Network Address Translation (NAT) 416
“Do I Know This Already?” Quiz 417
Foundation Topics 418
NAT Essentials 418
    NAT Techniques 420
    NAT Rule Types 422
Best Practices for NAT Deployment 423
Fulfilling Prerequisites 425
Configuring NAT 427
    Masquerading a Source Address (Source NAT for Outbound Connection) 427
        Configuring a Dynamic NAT Rule 427
        Verifying the Configuration 433
        Verifying the Operation: Inside to Outside 434
        Verifying the Operation: Outside to Inside 441
    Connecting to a Masqueraded Destination (Destination NAT for Inbound Connection) 446
        Configuring a Static NAT Rule 446
        Verifying the Operation: Outside to DMZ 449
Summary 457
Exam Preparation Tasks 457
Chapter 18 Traffic Decryption Policy 460
“Do I Know This Already?” Quiz 460
Foundation Topics 462
Traffic Decryption Essentials 462
    Overview of SSL and TLS Protocols 462
    Decryption Techniques on Secure Firewall 466
Best Practices for Traffic Decryption 467
Configuring a Decryption Policy 468
    PKI Objects 468
        Internal CAs Object 469
        Internal Certs Object 469
    SSL Policy 470
    File Policy 474
    Access Control Policy 474
Verification 476
Summary 480
Exam Preparation Tasks 480
Chapter 19 Virtual Private Network (VPN) 482
“Do I Know This Already?” Quiz 483
Foundation Topics 484
VPN Essentials 484
    Site-to-Site VPN 485
    Remote-Access VPN 488
IPsec Essentials 489
    Mode of Operation 490
    Security Association and Key Exchange 492
        IKEv1 492
        IKEv2 494
    Authentication 495
Site-to-Site VPN Deployment 496
    Prerequisites 496
    Configurations 499
        Access Control Policy 503
        NAT Policy 504
    Verification 507
Remote-Access VPN Deployment 513
    Prerequisites 513
    Configuration 516
        AnyConnect File 517
        RADIUS Server Group 518
        Certificate Enrollment 518
        Network and IP Address Pool 521
        Remote-Access VPN Policy 522
    Verification 527
Summary 534
Exam Preparation Tasks 535
Chapter 20 Quality of Service (QoS) 536
“Do I Know This Already?” Quiz 536
Foundation Topics 538
Quality of Service Essentials 538
Best Practices for Enabling QoS 541
Fulfilling Prerequisites 541
Configuring QoS Policy 542
Verification 546
    Analyzing QoS Events and Statistics 550
Summary 554
Exam Preparation Tasks 554
Chapter 21 System Logging (Syslog) 556
“Do I Know This Already?” Quiz 557
Foundation Topics 558
Secure Firewall Logging Essentials 558
Best Practices for Logging 560
Prerequisites 560
Sending Syslog from Threat Defense 564
    Add a Syslog Server on Platform Settings 564
    Enable Logging on Access Control Policy 568
    Verification 568
Sending Syslog from Management Center 569
    Create Syslog Alerts 569
    Verification 572
    Correlate Events to Send Syslog Alerts 574
Troubleshooting Logs 578
Summary 581
Exam Preparation Tasks 581
Part IV Conclusion
Chapter 22 Final Preparation 582
Getting Ready for the Exam 582
    Tools for Final Review 582
Exam Day 583
Practice Tests 583
    Pearson Cert Practice Test Engine and Questions on the Website 583
    Accessing the Pearson Test Prep Software Online 584
    Accessing the Pearson Test Prep Software Offline 584
    Customizing Your Exams 585
    Updating Your Exams 585
    Premium Edition 586
Chapter-Ending Review Tools 586
Summary 586
Part V Appendixes
Appendix A Answers to the “Do I Know This Already?” Questions 588
Appendix B CCNP Security Cisco Secure Firewall and Intrusion Prevention System Official Cert Guide Updates 598
Glossary 601

Online Elements
Appendix C Memory Tables
Appendix D Memory Tables Answer Key
Appendix E Study Planner
Glossary


9780136589709   TOC   4/21/2022

Erscheint lt. Verlag 4.12.2022
Reihe/Serie Official Cert Guide
Verlagsort Indianapolis
Sprache englisch
Maße 192 x 236 mm
Gewicht 1360 g
Themenwelt Informatik Weitere Themen Zertifizierung
ISBN-10 0-13-658970-7 / 0136589707
ISBN-13 978-0-13-658970-9 / 9780136589709
Zustand Neuware
Haben Sie eine Frage zum Produkt?
Mehr entdecken
aus dem Bereich