About the Author
Eric Stewart is a self-employed network security contractor who finds his home in Ottawa, Canada. Trained as a computer engineer at the Royal Military College, and later in computer science and economics at Carleton University, Eric has over 20 years of experience in the information technology field–the last 12 years focusing primarily on Cisco Systems routers, switches, VPN concentrators, and security appliances. He likes to divide his time evenly between his two great loves in the field: teaching and doing! The majority of Eric’s consulting work has been in the implementation of major security infrastructure initiatives and architectural reviews with the Canadian Federal Government, working at such departments as Foreign Affairs and International Trade (DFAIT) and the Canadian Air Transport Security Authority (CATSA). A Cisco Certified Systems Instructor (CCSI), he especially enjoys imparting the joy that he takes in his work to his students, as he will often be found enthusiastically teaching Cisco CCNA, CCNP, and CCSP curriculum to students throughout North America and the world.
His previous work with Cisco Press has been as the development editor for two titles, Authorized CCDA Self-Study Guide: Designing for Cisco Internetwork Solutions (DESGN) (Exam 640-863) and Router Security Strategies: Securing IP Network Traffic Planes.
Eric has a lovely wife, Carol Ann, who is an accomplished music teacher, as well as two teenage children, Scott and Meaghan.
Excerpt. © Reprinted by permission. All rights reserved.
Welcome to CCNA Security Exam Cram! The fact that you are reading this means that you are interested in the CCNA Security certification that Cisco announced in July of 2008. Cisco has done a thorough job of revamping the certification path for the Cisco Certified Security Professional (CCSP), with the CCNA Security certification being the cornerstone upon which the CCSP certification depends. Implementing Cisco IOS Network Security (IINS) is the recommended training course for CCNA Security certification. If you already hold the prerequisite valid CCNA certification, passing the 640-553 IINS exam enables you to obtain the CCNA Security certificationlikely to become one of the hottest certifications in IT. This book helps prepare you for that exam. The book assumes that you already have your CCNA certification or an equivalent level of knowledge. If you do not have a CCNA level of knowledge, you should consider putting down this book and first pursuing more robust fundamental training, such as a full CCNA course book or a recommended CCNA course. And remember that CCNA is a prerequisite to CCNA Security certification.
This book is a synthesized, distilled, and pared-down effort, with only enough information as is necessary to provide context for the information you need to pass the exam. This is not to say that this book is not a good read, but it is a fair reflection of the type of material that you will need to master in order to be successful with the exam. Read this book, understand the material, and drill yourself with the practice exams, and you stand a very good chance of passing the exam. That said, it's possible that in the course of working through this book, depending on your prior CCNA Security training or on-the-job experience, you might identify topics you are struggling with and might require you to look up more fundamental resources to deal with. This book discusses all the topics on the exam and tests you on all of them, but it does not always provide detailed coverage of all those topics.
Organization and Elements of This Book
When designing a secure network infrastructure, the workflow moves from the perimeter of the network to the inside of the network. After the perimeter is properly secured, the security architect can turn his or her attention to securing devices on the inside of the network perimeter where the endpoints reside. This structured approach is mimicked in the basic organization of this book.
The chapters of this book are organized into four major parts, with each part encapsulating a major idea in the field of network security:
Part I: Network Security Architecture
Part II: Perimeter Security
Part III: Augmenting Depth of Defense
Part IV: Security Inside the Perimeter
You can use this book's organization to your advantage while studying for the CCNA Security 640-553 IINS exam because each part of the book is selfcontained. Although it is recommended that you follow the parts sequentially, there are frequent cross-references to content contained in other chapters if you choose to follow your own path through this book.
Each chapter follows a uniform structure, with graphical cues about especially important or useful material. The structure of a typical chapter is as follows:
Terms You'll Need to Understand: Each chapter begins with a list of the terms you'll need to understand, which define the concepts that you'll need to master before you can be fully conversant with the chapter's subject matter.
Exam Topics Covered in This Chapter: Cisco publishes a list of exam topics for the 640-553 IINS exam. Each chapter of this book begins by listing the exam topics covered in that chapter. See the following "Self Assessment" element for a complete list of the topics and the chapters where they are covered.
Exam Alerts: Throughout the topical coverage, Exam Alerts highlight material most likely to appear on the exam by using a special layout that looks like this:
Warning - This is what an Exam Alert looks like. An Exam Alert stresses concepts, terms, or activities that will most likely appear in one or more certification exam questions. For that reason, any information found offset in Exam Alert format is worthy of unusual attentiveness on your part.
Even if material isn't flagged as an Exam Alert, all content in this book is associated in some way with test-related material. What appears in the chapter content is critical knowledge.
Notes: This book is an overall examination of basic Cisco network security concepts and practice. As such, there are a number of side excursions into other aspects of network security and prerequisite networking knowledge. So that these do not distract from the topic at hand, this material is placed in notes.
Note - Cramming for an exam will get you through a test, but it won't make you a competent network security practitioner. Although you can memorize just the facts you need to become certified, your daily work in the field will rapidly put you in water over your head if you don't know the underlying principles behind a Cisco Self-Defending Network.
Practice Questions: This section presents a short list of test questions (most chapters have 10 of these) related to the specific chapter topics. Each question has a follow-on explanation of both correct and incorrect answersthis is very important because it is more important to know why you were wrong. Computers are binary and will accept right or wrong as answers, but we aren't, so we don't!
In addition to the topical chapters, this book also provides the following:
Practice Exams: Part V contains the sample tests that are a very close approximation of the types of questions you are likely to see on the current CCNA Security exam.
Answer Keys for Practice Exams: Part V also contains detailed answers to the practice exam questions. Like the questions at the end of the chapters, these explain both the correct answers and the incorrect answers and are therefore very helpful to go through thoroughly as you grade your practice exam. Knowing the topics you struggle with and why you got a question wrong is crucial.
Cram Sheet: This appears as a tear-away sheet inside the front cover of the book. It is a valuable tool that represents a collection of the most difficult-to-remember facts and numbers that the author thinks you should memorize before taking the test.
CD: The CD that accompanies this book features an innovative practice test engine powered by MeasureUp, including 100 practice questions. The practice exam contains question types covering all the topics on the CCNA Security exam, providing you with a challenging and realistic exam simulation environment.
Contacting the Author
I've tried to create a real-world tool and clearly written book that you can use to prepare for and pass the CCNA Security certification exam. That said, I am interested in any feedback that you have that might help make this Exam Cram better for future test-takers. Constructive and reasonable criticism is always welcome and will most certainly be responded to. You can contact the publisher, or you can reach me by email at email@example.com.
Please also share your exam experience. Did this book help you pass this exam? Did you feel better prepared after you read the book? Was it a confidence booster? Would you recommend this book to your colleagues?
Thanks for choosing me as your personal trainer, and enjoy the book!
© Copyright Pearson Education. All rights reserved.