CCNP Security SISAS 300-208 Official Cert Guide

Name: CCNP Security SISAS 300-208 Official Cert Guide
Brand: Cisco Press
Price: 84.14 EUR
Availability: OutOfStock

Aaron Woland Kevin Redmon(Autor*in)

Cisco Press

Erschienen am 11. Juni 2015

Buch

Mixed media Artikel

928 Seiten

978-1-58714-426-4 (ISBN)

84,14 €inkl. 7% MwSt.

Artikel ist vergriffen; keine Neuauflage

Beschreibung

CCNP Security SISAS 300-208 Official Cert Guide

CCNP Security SISAS 300-208 Official Cert Guide from Cisco Press enables you to succeed on the exam the first time and is the only self-study resource approved by Cisco. Cisco security experts Aaron Woland and Kevin Redmon share preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills.

This complete study package includes

A test-preparation routine proven to help you pass the exam
"Do I Know This Already?" quizzes, which enable you to decide how much time you need to spend on each section
The powerful Pearson IT Certification Practice Testsoftware, complete with hundreds of well-reviewed, exam-realistic questions, customization options, and detailed performance reports
A final preparation chapter, which guides you through tools and resources to help you craft your review and test-taking strategies
Study plan suggestions and templates to help you organize and optimize your study time

Well regarded for its level of detail, study plans, assessment features, challenging review questions and exercises, video instruction, and hands-on labs, this official study guide helps you master the concepts and techniques that ensure your exam success.

Aaron T. Woland, CCIE No. 20113, is a Principal Engineer and works with the largest Cisco customers all over the world. His primary job responsibilities include Secure Access and Identity deployments with ISE, solution enhancements, standards development, and futures. Aaron is the author of Cisco ISE for BYOD and Secure Unified Access (Cisco Press) and many published white papers and design guides. He is one of the first six members of the Hall of Fame for Distinguished Speakers at Cisco Live, and is a security columnist for Network World, where he blogs on all things related to Identity.

Kevin Redmon is a Systems Test Engineer with the Cisco IoT Vertical Solutions Group, specializing in all things security. Previously with the Cisco Systems Development Unit, Kevin supported several iterations of the Cisco Validated Design Guide for BYOD and is the author of Cisco Bring Your Own Device (BYOD) Networking Live Lessons (Cisco Press). Since joining Cisco in October 2000, he has worked closely with several Cisco design organizations, and as Firewall/VPN Customer Support Engineer with the Cisco Technical Assistance Center (TAC). He holds several Cisco certifications and has an issued patent with the U.S. Patent and Trademark Office.

The official study guide helps you master topics on the CCNP Security SISAS 300-208 exam, including the following:

Identity management/secure access
Threat defense
Troubleshooting, monitoring and reporting tools
Threat defense architectures
Identity management architectures

The CD contains 150 practice questions for the exam and a study planner tool.

Includes Exclusive Offer for 70% Off Premium Edition eBook and Practice Test

Pearson IT Certification Practice Test minimum system requirements:

Windows Vista (SP2), Windows 7, or Windows 8.1; Microsoft .NET Framework 4.5 Client; Pentium-class 1GHz processor (or equivalent); 512MB RAM; 650MB disk space plus 50MB for each downloaded practice exam; access to the Internet to register and download exam databases

Weitere Details

Personen

Aaron T. Woland, CCIE No. 20113, is a principal engineer within Cisco's technical marketing organization and works with Cisco's largest customers all over the world. His primary job responsibilities include secure access and identity deployments with ISE,

solution enhancements, standards development, and futures. Aaron joined Cisco in 2005 and is currently a member of numerous security advisory boards and standards body working groups. Prior to joining Cisco, Aaron spent 12 years as a consultant and technical trainer. His areas of expertise include network and host security architecture and implementation, regulatory compliance, virtualization, as well as route-switch and wireless. Technology is certainly his passion, and Aaron currently has two patents in pending status with the United States Patent and Trade Office. Aaron is the author of the Cisco ISE for BYOD and Secure Unified Access book (Cisco Press) and many published whitepapers and design guides. Aaron is one of the first six members of the Hall of Fame for Distinguished Speakers at Cisco Live and is a security columnist for Network World, where he blogs on all things related to identity. In addition to being a proud holder of a CCIE-Security, his other certifications include GCIH, GSEC, CEH, MCSE, VCP, CCSP, CCNP, CCDP, and many other industry certifications.

Kevin Redmon is the youngest of 12 siblings and was born in Marion, Ohio. Since joining Cisco in October 2000, Kevin has worked closely with several Cisco design organizations; as a firewall/VPN customer support engineer with the Cisco Technical Assistant Center; as a systems test engineer in BYOD Smart Solutions Group; and now as a systems test engineer in the IoT Vertical Solutions Group in RTP, NC with a focus on the connected transportation systems. Besides co-authoring this book with Aaron Woland, Kevin is also the author of the Cisco Press Video Series titled Cisco Bring Your Own Device (BYOD) Networking LiveLessons. He has a bachelor of science in computer engineering from Case Western Reserve University and a master of science in information security from East Carolina University, as well as several Cisco certifications. Kevin enjoys presenting on network security-related topics and Cisco's latest solutions. He has presented several times at Cisco Live, focusing on network security-related topics and has achieved the honor of Distinguished Speaker. Kevin enjoys innovating new ideas to keep his mind fresh and currently has a patent listed with the United States Patent and Trade Office. He spends his free time relaxing with his wife, Sonya, and little girl, Melody, in Durham, North Carolina.

Inhalt

Contents

Introduction xxxi

Part I The CCNP Certification

Chapter 1 CCNP Security Certification 3

CCNP Security Certification Overview 3

Contents of the CCNP-Security SISAS Exam 4

How to Take the SISAS Exam 5

Who Should Take This Exam and Read This Book? 6

Format of the CCNP-Security SISAS Exam 9

CCNP-Security SISAS 300-208 Official Certification Guide 10

Book Features and Exam Preparation Methods 13

Part II "The Triple A" (Authentication, Authorization, and Accounting)

Chapter 2 Fundamentals of AAA 17

"Do I Know This Already?" Quiz 18

Foundation Topics 21

Triple-A 21

Compare and Select AAA Options 21

 Device Administration 21

 Network Access 22

TACACS+ 23

 TACACS+ Authentication Messages 25

  TACACS+ Authorization and Accounting Messages 26

RADIUS 28

 AV-Pairs 31

 Change of Authorization 31

Comparing RADIUS and TACACS+ 32

Exam Preparation Tasks 33

Review All Key Topics 33

Define Key Terms 33

Chapter 3 Identity Management 35

"Do I Know This Already?" Quiz 35

Foundation Topics 38

What Is an Identity? 38

Identity Stores 38

 Internal Identity Stores 39

External Identity Stores 41

 Active Directory 42

 LDAP 42

 Two-Factor Authentication 43

 One-Time Password Services 44

 Smart Cards 45

  Certificate Authorities 46

  Has the Certificate Expired? 47

  Has the Certificate Been Revoked? 48

Exam Preparation Tasks 51

Review All Key Topics 51

Define Key Terms 51

Chapter 4 EAP Over LAN (Also Known As 802.1X) 53

"Do I Know This Already?" Quiz 53

Foundation Topics 56

Extensible Authentication Protocol 56

 EAP over LAN (802.1X) 56

 EAP Types 58

  Native EAP Types (Nontunneled EAP) 58

  Tunneled EAP Types 59

  Summary of EAP Authentication Types 62

  EAP Authentication Type Identity Store Comparison Chart 62

 Network Access Devices 63

 Supplicant Options 63

  Windows Native Supplicant 64

  Cisco AnyConnect NAM Supplicant 75

  EAP Chaining 89

Exam Preparation Tasks 90

Review All Key Topics 90

Define Key Terms 90

Chapter 5 Non-802.1X Authentications 93

"Do I Know This Already?" Quiz 93

Foundation Topics 97

Devices Without a Supplicant 97

MAC Authentication Bypass 98

Web Authentication 100

 Local Web Authentication 101

 Local Web Authentication with a Centralized Portal 102

 Centralized Web Authentication 104

Remote Access Connections 106

Exam Preparation Tasks 107

Review All Key Topics 107

Define Key Terms 107

Chapter 6 Introduction to Advanced Concepts 109

"Do I Know This Already?" Quiz 109

Foundation Topics 113

Change of Authorization 113

Automating MAC Authentication Bypass 113

Posture Assessments 117

Mobile Device Managers 118

Exam Preparation Tasks 120

Review All Key Topics 120

Define Key Terms 120

Part III Cisco Identity Services Engine

Chapter 7 Cisco Identity Services Engine Architecture 123

"Do I Know This Already?" Quiz 123

Foundation Topics 127

What Is Cisco ISE? 127

Personas 129

 Administration Node 129

 Policy Service Node 129

 Monitoring and Troubleshooting Node 130

 Inline Posture Node 130

Physical or Virtual Appliance 131

ISE Deployment Scenarios 133

 Single-Node Deployment 133

 Two-Node Deployment 135

 Four-Node Deployment 136

 Fully Distributed Deployment 137

 Communication Between Nodes 138

Exam Preparation Tasks 148

Review All Key Topics 148

Define Key Terms 148

Chapter 8 A Guided Tour of the Cisco ISE Graphical User Interface 151

"Do I Know This Already?" Quiz 151

Foundation Topics 155

Logging In to ISE 155

 Initial Login 155

 Administration Dashboard 161

 Administration Home Page 162

  Server Information 162

  Setup Assistant 163

  Help 163

Organization of the ISE GUI 164

 Operations 165

  Authentications 165

  Reports 169

  Endpoint Protection Service 170

  Troubleshoot 171

 Policy 173

  Authentication 173

  Authorization 173

  Profiling 174

  Posture 175

  Client Provisioning 175

  Security Group Access 176

  Policy Elements 177

 Administration 178

  System 178

  Identity Management 183

  Network Resources 186

  Web Portal Management 189

  Feed Service 191

Type of Policies in ISE 192

 Authentication 192

 Authorization 193

 Profiling 193

 Posture 193

 Client Provisioning 193

 Security Group Access 193

Exam Preparation Tasks 195

Review All Key Topics 195

Define Key Terms 195

Chapter 9 Initial Configuration of Cisco ISE 197

"Do I Know This Already?" Quiz 197

Foundation Topics 201

Cisco Identity Services Engine Form Factors 201

Bootstrapping Cisco ISE 201

 Where Are Certificates Used with the Cisco Identity Services Engine? 204

  Self-Signed Certificates 206

  CA-Signed Certificates 206

Network Devices 216

 Network Device Groups 216

 Network Access Devices 217

Local User Identity Groups 218

Local Endpoint Groups 219

Local Users 220

External Identity Stores 220

 Active Directory 221

  Prerequisites for Joining an Active Directory Domain 221

  Joining an Active Directory Domain 222

 Certificate Authentication Profile 226

 Identity Source Sequences 227

Exam Preparation Tasks 230

Review All Key Topics 230

Chapter 10 Authentication Policies 233

"Do I Know This Already?" Quiz 233

Foundation Topics 237

The Relationship Between Authentication and Authorization 237

Authentication Policy 237

 Goals of an Authentication Policy 238

 Goal 1-Accept Only Allowed Protocols 238

 Goal 2-Select the Correct Identity Store 238

 Goal 3-Validate the Identity 239

 Goal 4-Pass the Request to the Authorization Policy 239

Understanding Authentication Policies 239

 Conditions 241

 Allowed Protocols 243

  Extensible Authentication Protocol Types 245

  Tunneled EAP Types 245

 Identity Store 247

 Options 247

Common Authentication Policy Examples 248

 Using the Wireless SSID 248

 Remote Access VPN 251

 Alternative ID Stores Based on EAP Type 253