CCSP SelfStudy CCSP CSI: Exam Certification Guide, Second Edition [Electronic resources] نسخه متنی

How to Use This Book to Pass the Exam

One way to use this book is to read it from cover to cover. Although that might be helpful to many people, it also might not be very time efficient, especially if you already know much of the material covered by this book.

One effective method is to take the "Do I Know This Already?" quiz at the beginning of each chapter. You can determine how to proceed with the material in the chapter based on your score on the quiz. If you get a high score, you might simply review the "Foundation Summary" section of that chapter. Otherwise, you should review the entire chapter. These are simply guidelines to help you effectively manage your time while preparing for this exam.

This book is broken into six parts that cover each of the CSI exam topics.

Part I, "Cisco SAFE Overview," includes Chapters 1 to 4:

• Chapter 1, "What Is SAFE?" introduces the SAFE network architecture blueprints and the purpose of each.

• Chapter 2, "SAFE Design Fundamentals," introduces some of the basic design principles that are used to develop the SAFE small, medium-size, and remote-user network designs and the classifications of security threats.

• Chapter 3, "SAFE Design Concepts," reviews the .ve axioms described in the SAFE blueprints.

• Chapter 4, "Understanding SAFE Network Modules," describes the Campus, Corporate Internet, and WAN modules.

Part II, "Understanding Security Risks and Mitigation Techniques," includes Chapters 5 to 10:

• Chapter 5, "Defining a Security Policy," explains the need for a security policy and the goals and components it should contain. This chapter also describes the Security Wheel concept.

• Chapter 6, "Classifying Rudimentary Network Attacks," covers many common attacks, including reconnaissance attacks, unauthorized access, DoS attacks, application layer attacks, and trust exploitation attacks.

• Chapter 7, "Classifying Sophisticated Network Attacks," builds on Chapter 6 by covering more advanced attacks, including IP spoofing attacks, traffic sniffing, password attacks, man-in-the middle attacks, port redirection, and virus and Trojan-horse applications.

• Chapter 8, "Mitigating Rudimentary Network Attacks," includes methods to protect your network against the attacks discussed in Chapter 6.

• Chapter 9, "Mitigating Sophisticated Network Attacks," describes methods to protect your network against the attacks described in Chapter 7.

• Chapter 10, "Network Management," describes in-band and out-of-band network management and network-management protocols, including Telnet, SSH, SSL, syslog, SNMP, TFTP, and NTP.

Part III, "Cisco Security Portfolio," includes Chapters 11 and 12:

• Chapter 11, "Cisco Perimeter Security Products," concentrates on the perimeter security and intrusion-detection options offered by Cisco.

• Chapter 12, "Cisco Network Core Security Products," describes Cisco products for securing network connectivity, securing identity, and managing security; it also describes Cisco AVVID.

Part IV, "Designing and Implementing SAFE Networks," includes Chapters 13 to 20:

• Chapter 13, "Designing Small SAFE Networks," describes the components of a SAFE small network design and shows examples of the Campus module and the Corporate Internet module in a small network.

• Chapter 14, "Implementing Small SAFE Networks," uses the design recommendations discussed in Chapter 13 as a basis for examining the specific configuration requirements for each component of the small network.

• Chapter 15, "Designing Medium-Sized SAFE Networks," examines the specific security design requirements of the SAFE medium-sized network, including design guidelines and alternatives for each module.

• Chapter 16, "Implementing Medium-Sized SAFE Networks," builds on Chapter 15 by describing the configuration requirements for achieving the desired functionality in your medium-sized network.

• Chapter 17, "Designing Remote SAFE Networks," examines the security design requirements of a remote-user network.

• Chapter 18, "Designing Enterprise SAFE Networks," introduces the SAFE network design for enterprises, including security requirements for data centers, e-commerce, employee remote access, business-to-business extranets, and remote branch offices.

• Chapter 19, "SAFE IP Telephony Design," examines the fundamentals of SAFE IP telephony design axioms.

• Chapter 20, "SAFE Wireless LAN Design," focuses on the security requirements specific to WLANs and includes design guidelines and mitigation techniques for potential threats.

Part V, "Scenarios," includes Chapter 21:

• Chapter 21, "Scenarios for Final Preparation," combines the topics discussed throughout the book into nine scenarios. This chapter emphasizes an overall understanding of the SAFE design philosophy, associated security threats, threat mitigation, the Cisco Secure product portfolio, and the implementation of these products used in the small, midsize, Enterprise, wireless, and remote-user network designs.

Part VI, "Appendixes," includes the following:

• Appendix A, "Answers to the 'Do I Know This Already?' Quizzes and Q&A Sections," provides the answers to the quizzes that appear in each chapter.

• Appendix B, "General Configuration Guidelines for Cisco Router and Switch Security," summarizes general recommendations that you should consider adopting on all Cisco routers and switches to tighten the security of these devices.

The following sections provide answers to common questions related to the CSI exam.