CCSP Cisco Secure PIX Firewall Advanced Exam Certification Guide (CCSP Self-Study) (2nd Edition) [Hardcover]

Greg Bastien (Author), Christian Degu (Author), Earl Carter (Author)

Book Description

ISBN-10: 1587201232 | ISBN-13: 978-1587201233 | Publication Date: October 12, 2004 | Edition: 2

Official self-study test preparation guide for the Cisco CSPFA 642-521 exam

Coverage of the CSPFA topics enables you to fill your knowledge gaps before the exam date. You'll learn about:

• The comprehensive line of Cisco PIX Firewall products and the technology and features central to each one
• Transport protocols, Network Address Translation (NAT), and Port Address Translation (PAT)
• Reporting, tool use, and administration using Firewall MC
• Using access control lists and URL filtering
• Attack guards and intrusion detection
• Cisco Firewall Services Module (FWSM) deployment and configuration
• Concepts and configurations that support failovers
• Enabling a secure virtual private network (VPN)
• Using Cisco PIX Device Manager to configure a firewall and create VPNs

Becoming a CCSP distinguishes you as part of an exclusive group of experts, ready to take on today's most challenging security tasks. Administration of the Cisco PIX Firewall is a difficult and complex task, critical for protecting a network. Whether you are seeking a PIX-focused certification or the full-fledged CCSP certification, learning what you need to know to pass the Cisco Secure PIX Firewall Advanced (CSPFA) exam will qualify you to keep your company's network safe while meeting business needs.

Each chapter of the CCSP Cisco Secure PIX Firewall Advanced Exam Certification Guide, Second Edition, tests your knowledge of the exam subjects through features such as quizzes, sections that detail exam topics to master, and summary sections that highlight essential subjects for quick reference and review. Because experienced IT professionals agree that the most demanding portion of their jobs is troubleshooting, the final section of this book includes scenarios dedicated to troubleshooting Cisco PIX Firewall configuration. This includes a description of the problem, a portion of the system configuration, debug output, and suggestions to help you resolve the issue. The companion CD-ROM's customizable testing engine enables you to take practice exams that mimic the real testing environment, focus on particular topic areas, randomize answers for reusability, track your progress, and refer to the electronic text for review.

CCSP Cisco Secure PIX Firewall Advanced Exam Certification Guide, Second Edition, is part of a recommended learning path from Cisco Systems that includes simulation and hands-on training from authorized Cisco Learning Partners and self-study products from Cisco Press. To find out more about instructor-led training, e-learning, and hands-on instruction offered by authorized Cisco Learning Partners worldwide, please visit www.cisco.com/go/authorizedtraining.

Companion CD-ROM
This companion CD-ROM contains a test bank with more than 100 practice exam questions unique to this book.

CD-ROM test engine powered by www.boson.com. Boson Software is a Cisco Learning Partner.

This volume is part of the Exam Certification Guide Series from Cisco Press. Books in this series provide officially developed exam preparation materials that offer assessment, review, and practice to help Cisco Career Certification candidates identify weaknesses, concentrate their study efforts, and enhance their confidence as exam day nears.

Editorial Reviews

Amazon.com Review

It's a tough market these days for network consultants, but the one commodity there's lots of is fear. There's loads of stuff to be scared of. Which means that canny network experts can get some work by offering to protect computer networks from unauthorized access. It's best to earn a certification before you go touting yourself for work, though. Cisco Systems' Cisco Secure PIX Firewall Advanced (CSPFA) rating is a good vendor-specific one, and is sure to help get you in the door for security work at places with lots of Cisco equipment. CCSP Cisco Secure PIX Firewall Advanced Exam Certification Guide brings you up to speed on the PIX firewall line, with emphasis on the coverage of the CSPFA exam.

Like the other books in the Cisco Press certification line, this one reads like an instructor's lecture, albeit frequently supplemented by reference material (command documentation, for example). The authors begin with material that should be familiar to a Cisco Certified Network Associate (CCNA) or anyone else with basic network grounding, and build from there into the more specialized areas of VPNs, NAT, and access-control lists as they pertain to PIX environments. As always, you'll learn more if you have a testbed PIX firewall on which to try the procedures that appear in the text (the companion CD-ROM holds no simulator, only a quiz program), but this book gives test candidate a great base from which to work. --David Wall

Topics covered: The stated objectives of the two CSPFA exams, one of which candidates must pass in order to earn the Cisco Secure PIX Firewall Advanced (CSPFA) certification. The two exams are 9E0-111 (soon to be retired) and 642-521. Coverage includes PIX firewall installation and configuration, as well as techniques for adding such services as remote access management, virtual private networks (VPNs), network address translation (NAT, and accounting features. --This text refers to an out of print or unavailable edition of this title.

From the Back Cover

Official self-study test preparation guide for the Cisco 9E0-111 and 642-521 CSPFA exams

Coverage of the CSPFA topics enables you to identify and fill your knowledge gaps before the exam date. You'll learn about:

* The comprehensive line of Cisco PIX Firewall products and the technology and features central to each one
* Transport protocols, Network Address Translation (NAT), and Port Address Translation (PAT)
* Using access control lists and URL filtering
* Use and configuration of group objects
* Attack guards and intrusion detection
* Concepts that support failover as well as configuration information
* Enabling a secure virtual private network (VPN)
* Using Cisco PIX Device Manager to configure a firewall and to create VPNs

Becoming a CCSP distinguishes you as part of an exclusive group of experts, ready to take on today's most challenging security tasks. Administration of the Cisco PIX Firewall is a difficult and complex task, critical for protecting a network. Whether you are seeking a PIX Focused Certification or the full-fledged CCSP Certification, learning what you need to know to pass the CSPFA (Cisco Secure PIX Firewall Advanced) exam will qualify you to keep your company's network safe while meeting business needs.

Each chapter of the CCSP Cisco Secure PIX Firewall Advanced Exam Certification Guide tests your knowledge of the exam subjects through features such as quizzes that assess your knowledge, sections that detail exam topics to master, and areas that highlight essential subjects for quick reference and review. Because experienced IT professionals will agree that the most demanding portion of their jobs is troubleshooting, the final section of this book includes scenarios dedicated to troubleshooting Cisco PIX Firewall configuration. This includes a description of the problem, a portion of the system configuration, debug output, and suggestions to help you resolve the issue. The companion CD-ROM's customizable testing engine enables you to take practice exams that mimic the real testing environment, focus on particular topic areas, randomize answers for reusability, track your progress, and refer to the electronic text for review.

CCSP Cisco Secure PIX Firewall Advanced Exam Certification Guide is part of a recommended learning path from Cisco Systems that can include simulation and hands-on training from authorized Cisco Learning Partners and self-study products from Cisco Press. --This text refers to an out of print or unavailable edition of this title.

See all Editorial Reviews

Product Details

• Hardcover: 816 pages
• Publisher: Cisco Press; 2 edition (October 12, 2004)
• Language: English
• ISBN-10: 1587201232
• ISBN-13: 978-1587201233
• Product Dimensions: 9.1 x 7.7 x 2 inches
• Shipping Weight: 3.5 pounds
• Average Customer Review: 2.4 out of 5 stars  See all reviews (31 customer reviews)
• Amazon Best Sellers Rank: #2,394,783 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

Most Helpful Customer Reviews

3 of 3 people found the following review helpful:

2.0 out of 5 stars Worst Cisco Press Book, December 26, 2003

By 

Shamim Khan (Farmington Hills, MI United States) - See all my reviews

This review is from: CCSP Cisco Secure PIX Firewall Advanced Exam Certification Guide (CCSP Self-Study) (Hardcover)

I have been using Cisco Press books since 1998. I have achieved CCNA, CCDA, CCNP, CCDP all by self study using Cisco Press books combined with field experience and lab work. Prior to this book, I was overall satisfied with Cisco Press books and recommended others to use them. When I read this book, I was totally frustrated by the volume of incorrect information and syntax errors. This book was written by authors who are inexperienced with PIX product line. The technical reviewers have done a poor job too. Cisco Press should recall this book until a revised version is released.

The cover says this book is for 9E0-111 (expired) and 642-521. However, the book does not address FWSM and Pix Firewall MC at all. Both of these are 642-521 exam objective. Most command syntax are incorrect. Go to www.cisco.com, on the search engine type "Cisco PIX Firewall Command Reference". Pick the Version 6.2 command reference. Commands are listed by alphabetic order. Check the syntax there. In some sections, the book does not give enough information to get the job done. The list of errors is too long to put here but following is a sampler:

Chapter 4:
Page 49 under "Accessing the Cisco PIX Firewall with Secure Shell" it must be mentioned that the user needs to generate an RSA key pair before attempting to use an SSH client. Setup PIX hostname and domain-name and use "ca generate rsa key" followed by "ca save all", in addition to what has been said under this section otherwise SSH will fail.
Chapter 5:
Page 69, Sentence before the numbered items (1,2,3,4) says "The connection requires four different..." It should be "The connection requires three different..." TCP connection establishment is a 3-way handshake: SYN, ACK+SYN, ACK. So the fourth list should be merged to item 3 above. Also it uses starting TCP sequence number of 125 and 388. Note that this is an example and could be any other number (system dependent).
Page 73, Table 5-1 lists "Translations Commands". This table should be entirely re-written. Only the first 3 are the commands. Rest are argument keywords and variables (user specified values). All three commands (nat, global, and static) should be re-written separately with their own arguments or remove the table entirely.
Page 74, syntax for "global" command has "[global_ip]" indicating a single IP (as in PAT). The syntax should be corrected to indicate a range for NAT pool. The example below is correct, however.
Page 76, syntax for "static" command is wrong and incomplete. Why is the "static" command in "[]" to start with?
Page 77, syntax for "static" for port redirection is wrong.
Page 78, Example 5-1, access-list 101 line 1 and 3 has "[specific source]". I can understand this type of thing in syntax, but when output of a config is given, where did this come from? Mind replacing this with "any" or something more specific??
Chapter 6:
Page 101 lists 6 steps to enable DHCP Server on PIX. What is listed as "Step 1" should be the last step. If you try to do "Step 1" without doing "Step 2", PIX gives error "need to define address pool range first"
Chapter 7:
Page 115, under "nat 0 Command", it mentions the use of nat 0 but fails to mention one of the most important use of it, i.e., VPN configuration.
Page 121, Example 7-6, shows "object-group protocol_grp_citrix" it should be "object-group protocol protocol_grp_citrix" or "object-group protocol grp_citrix". It should be "protocol" keyword followed by protocol object group name.
Chapter 9:
Page 145, under "What is Required for a Failover Configuration", the sentence before the bullets say "Both must be the same for" and the last bullet says "Activation key". How can the activation key be the same on two PIX units? The activation key is unique to each individual unit. It should read "Activation key type" (e.g., both DES or 3DES). One important information that is missing is, one unit must have unrestricted license (UR) while the other unit can have failover license (FO) or restricted license (R) or yet another UR license. UR+FO is the most practical choice (cost wise).
Page 151, "Step 1" should be after "Step 6".
Chapter 10:
Page 162-163, Figure 10-3, 10-4 shows ESP and AH but neglects to mention that the packet format shown are for IPSec transport mode. PIX supports both transport and tunnel mode but tunnel mode is the default and is used mostly.
Page 163, under "NOTE" not sure what is implied. If it means you need DES/3DES, PIX 6.2 came with DES and can now be freely upgraded to 3DES by visiting cisco.com
Page 164, under "Internet Key Exchange (IKE)" the second sentence says "IKE is the short name for ISAKMP/Oakley". This is wrong. IKE is a combination of three different protocols: ISAKMP, Oakley, and SKEME
Page 165, under "NOTE" editors comment can be seen "Please change this sentence to read:". Way to go Cisco Press.
Page 177, all keywords "crypto-map" should be replaced with "crypto map" those are 2 separate keywords.
Page 177, before the "crypto map" command syntax the paragraph says "Normally you have at least 5 crypto-map entries with the same name". It should be 4 crypto map entries and the 5th one is to apply to the interface. As always syntax error on the 5th command syntax. There is no "seq-num" when applying to an interface.
NOTE: None of the configs in this chapter will work until you use the "nat 0" command to bypass IPSec traffic from being natted.
Page 184, "Cisco VPN Client" is misleading and incomplete.
Page 185, Table 10-8 should be frustrating to anybody new to PIX. You have to use "vpngroup group_name" and a space and one of the others in the following list, e.g., "vpngroup my_group_name address-pool my_pool_name"
** Word count of 1000 limits me from adding more to this list

Shamim Khan, BSEE, MSCS
NetPlus, Inc.

3 of 3 people found the following review helpful:

3.0 out of 5 stars Fine if it had been proofread properly, May 11, 2003

By A Customer

This review is from: CCSP Cisco Secure PIX Firewall Advanced Exam Certification Guide (CCSP Self-Study) (Hardcover)

Wait for the next edition of this book is my advice. There are numerous errors in the text which some basic proofreading would have discovered and the exam provided with it is a joke, there are so many incorrect answers.

2 of 2 people found the following review helpful:

1.0 out of 5 stars This book was worthless..., April 21, 2005

By 

C. Ledford (Gainesvill, VA) - See all my reviews
(REAL NAME)   

This review is from: CCSP Cisco Secure PIX Firewall Advanced Exam Certification Guide (CCSP Self-Study) (Hardcover)

Just took the exam and passed - barely. If I hadn't taken the actual Cisco training class I would have failed and this book would have been the prime reason. The exam was MUCH more in depth on a NUMBER of areas that the book did not even being to go deeper then about a paragraph into, if at all. This book was poorly written, difficult to use, the examples were horrible and it CERTAINLY WAS NO USE FOR EXAM PREP - DO NOT BUY THIS BOOK.

The Pix FOS is already pretty unfriendly (compared to IOS) and a book that didn't just show you the help output and then break the option into tables (which looked lifted from CCO) would have been a big help - you know, something with actual explanations of how things are configured an such. This book was nowhere near this and a real disappointment, especially since it's a "Cisco Press" book. What the book turned out to be is was a hack job that was poorly put together, inaccurate, and useless for exam prep - which is horrible since it is marketed as a CCSP "self study guide." There were even examples that were wrong within the book.

BEWARE.

-Calvin