لطفا منتظر باشید ...
Certification Exam and This Preparation Guide
The questions for each certification exam are a closely guarded secret. The truth is that if you had the questions and could only pass the exam, you would be in for quite an embarrassing situation as soon as you arrived at your first job that required PIX skills. The point is to know the material, not just to pass the exam successfully. We do know what topics you must know to complete this exam. Coincidentally, these are the same topics required for you to be proficient with the PIX Firewall. We have broken down these topics into foundation topics and have covered each topic in the book. Chapter 2 discusses those technologies and the advantages of the technology utilized by the PIX Firewall.2
PIX Firewall ModelsThere are currently six different models of the PIX Firewall. Chapter 3 discusses each model, its specifications, and how/when each model would be applied.3PIX Services ModuleThe PIX Firewall Services Module (FWSM) is a blade that provides PIX Firewall functionality to the Catalyst 6000 Series switches. This component is discussed in Chapter 19.4PIX Firewall LicensingChapter 3 discusses the different licensing options available for the PIX Firewall and how each license applies.5User InterfaceThe command-line interface (CLI) is one of the methods used to configure the PIX Firewall. Chapter 6 covers the CLI and many of the commands used to configure the firewall.6Examining the PIX Firewall StatusVerifying the configuration of the PIX Firewall will assist you in troubleshooting connectivity issues. Troubleshooting is discussed as part of each task within the book.7ASA Security LevelsThe Adaptive Security Algorithm (ASA) is a key component of the PIX Firewall. It is discussed in great detail in Chapters 2, 3, 5, and 6.8Basic PIX Firewall ConfigurationThe basic configuration of the PIX Firewall is discussed in Chapter 6.9Syslog ConfigurationThe logging features of the PIX Firewall are covered in Chapter 8.10DHCP Server ConfigurationThe PIX Firewall can function both as a Dynamic Host Configuration Protocol (DHCP) server and client. These configurations are covered in Chapters 3, 6, and 12.11PPPoE and the PIX FirewallPoint-to-Point Protocol over Ethernet (PPPoE) is used to connect multiple hosts using a single dial-up or broadband connection. Some PIX Firewall models support PPPoE. This topic is covered in Chapter 12.12Transport ProtocolsThe transport protocols and how they are handled by the PIX Firewall are discussed in Chapters 5 and 8.13Network Address TranslationNetwork Address Translation (NAT) is used by many different firewalls to secure network segments. This is discussed in Chapters 5 and 6.14Configuring DNS SupportAs a perimeter device, the PIX Firewall will be required to support the Domain Name Service (DNS). Configuring DNS on the PIX is discussed in Chapter 6.15Port Address TranslationPort Address Translation (PAT) is a method used by the PIX Firewall to NAT multiple internal sources to a single external address. This configuration is covered in Chapters 5 and 6.16ACLsAccess control lists (ACLs) are used to allow or deny traffic between different network segments that attach by the PIX Firewall. Configuring ACLs is discussed in Chapter 7.17Converting Conduits to ACLsConduits are from a command set that predated ACLs. They tend to be broader in their function. Conduits and ACLs are covered in Chapter 7.18Using ACLsConfiguring and using ACLs are discussed in Chapter 7.19Overview of Object GroupingService, host, and network objects can be grouped to make processing by the firewall more efficient. Object grouping is discussed in Chapter 7.20Getting Started with Object GroupsObject grouping is discussed in Chapter 7.21Configuring Object GroupsObject grouping is discussed in Chapter 7.22Nested Object GroupsObject groups can be nested into other object groups. Object grouping is discussed in Chapter 7.23Advanced ProtocolsMany advanced protocols require special handling by the firewall. Some protocols require multiple inbound and outbound connections. The handling of advanced protocols by the PIX Firewall is discussed in Chapters 7 and 18.24Multimedia SupportMultimedia protocols are considered advanced protocols. The handling of advanced protocols by the PIX Firewall is discussed in Chapters 7 and 18.25Attack GuardsThe PIX Firewall can be configured to recognize an attack and react to it. This is covered in Chapter 18.26Intrusion DetectionThe PIX Firewall can be configured to perform as an intrusion detection system (IDS) as well as a firewall. It also can be configured to work with external IDSs. These issues are covered in Chapter 18.27Overview of AAAAAA is a method of ensuring that you can verify who is accessing your network resources, restrict their access to specific resources, and keep track of what actions they take on the network. Configuring the PIX Firewall to support AAA is discussed in Chapters 16 and 17.28Installation of Cisco Secure ACS for Windows NT/2000Cisco Secure ACS is a Cisco AAA server product. Installing and configuring Cisco Secure ACS is covered in Chapter 17.29Authentication ConfigurationConfiguring Cisco Secure ACS is discussed in Chapters 16 and 17.30Downloadable ACLsConfiguring Cisco Secure ACS is discussed in Chapters 16 and 17.31Understanding FailoverMission-critical systems require high-availability solutions to minimize any chance of network outages. Two PIX Firewalls can be configured as a high-availability solution. This configuration is covered in Chapter 10.32Serial Failover ConfigurationPIX failover configuration is discussed in Chapter 10.33LAN-Based Failover ConfigurationPIX failover configuration is discussed in Chapter 10.34PIX Firewall Enables a Secure VPNDedicated circuits between different locations can be cost-prohibitive. It is much less expensive and just as secure to create an encrypted connection between those locations across public network space. Configuring VPNs is discussed in Chapter 11.35Prepare to Configure VPN SupportBoth ends of a VPN must have a termination point. The PIX Firewall can be configured as a VPN termination point. Configuring VPNs is discussed in Chapter 11.36Configure IKE ParametersInternet Key Exchange (IKE) is a key exchange method used to ensure that the encrypted connection is not easily compromised. Configuring VPNs is discussed in Chapter 11.37Configure IPSec ParametersIP Security (IPSec) is a standard for creating an encrypted VPN connection. Configuring VPNs is discussed in Chapter 11.38Test and Verify VPN ConfigurationConfiguration and troubleshooting of VPNs is discussed in Chapter 11.39Cisco VPN ClientRemote users can create a VPN from their computers to the company network using VPN client software. Configuring VPNs and VPN client software is discussed in Chapter 12.40Scale PIX Firewall VPNsConfiguring VPNs is discussed in Chapter 11.41Remote AccessThe PIX Firewall can be managed either locally or remotely. Configuring the PIX to allow remote access is discussed in Chapter 4.42Command AuthorizationRemote management of the PIX Firewall is discussed in Chapter 4.43PDM OverviewThe PIX Device Manager (PDM) is a web-enabled tool for remote management of the PIX Firewall. Remote management of the PIX using the PDM is discussed in Chapter 13.44Prepare for PDMThe PDM is a web-enabled tool for remote management of the PIX Firewall. Remote management of the PIX using the PDM is discussed in Chapter 13.45Using PDM to Configure the PIX FirewallThe PDM is a web-enabled tool for remote management of the PIX Firewall. Remote management of the PIX using the PDM is discussed in Chapter 13.46Using PDM to Create a Site-to-Site VPNThe PDM is a web-enabled tool for remote management of the PIX Firewall. Remote management of the PIX using the PDM is discussed in Chapter 13.47Using PDM to Create a Remote Access VPNThe PDM is a web-enabled tool for remote management of the PIX Firewall. Remote management of the PIX using the PDM is discussed in Chapter 13.48Configuring Access and Translation RulesThe PIX MC is used for management of multiple PIX Firewalls on an enterprise network. Installation, configuration, and use of the PIX MC are addressed in Chapter 14.49Reporting, Tools, and AdministrationThe PIX MC is used for management of multiple PIX Firewalls on an enterprise network. Installation, configuration, and use of the PIX MC are addressed in Chapter 14.50Introduction to the Auto Update ServerThe auto update server is a component within the PIX MC that can be used to update the PIX Firewall. The auto update server is discussed in Chapter 14.51PIX Firewall and AUS Communication SettingsThe Auto Update Server (AUS) is a component within the PIX MC that can be used to update the PIX Firewall. The AUS is discussed in Chapter 14.52Devices, Images, and AssignmentsUse of the PIX MC and the AUS is covered in Chapter 14.53Reporting and AdministrationUse of the PIX MC and the AUS is covered in Chapter 14.54FWSM OverviewThe PIX FWSM is a blade that provides PIX Firewall functionality to the Catalyst 6000 Series switches. This component is discussed in Chapter 19.55Using PDM with FWSMThe PIX FWSM is a blade that provides PIX Firewall functionality to the Catalyst 6000 Series switches. Management of the FWSM using the PDM is discussed in Chapters 13 and 19.
