CCNA Security Official Exam Certification Guide (Exam 64... and over one million other books are available for Amazon Kindle. Learn more
Buy Used
$4.00
FREE Shipping on orders over $35.
Used: Good | Details
Sold by apex_media
Condition: Used: Good
Comment: Ships direct from Amazon! Qualifies for Prime Shipping and FREE standard shipping for orders over $25. Overnight and 2 day shipping available!
Access codes and supplements are not guaranteed with used items.
Have one to sell? Sell on Amazon
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See this image

CCNA Security Official Exam Certification Guide (Exam 640-553) Hardcover – June 24, 2008

ISBN-13: 978-1587202209 ISBN-10: 1587202204 Edition: 1st

Used
Price: $4.00
17 New from $9.10 43 Used from $0.01
Amazon Price New from Used from
Kindle
"Please retry"
Hardcover
"Please retry"
$9.10 $0.01

There is a newer edition of this item:

Free%20Two-Day%20Shipping%20for%20College%20Students%20with%20Amazon%20Student


NO_CONTENT_IN_FEATURE

Save up to 90% on Textbooks
Rent textbooks, buy textbooks, or get up to 80% back when you sell us your books. Shop Now

Product Details

  • Hardcover: 672 pages
  • Publisher: Cisco Press; 1 edition (June 24, 2008)
  • Language: English
  • ISBN-10: 1587202204
  • ISBN-13: 978-1587202209
  • Product Dimensions: 7.7 x 1.6 x 9.3 inches
  • Shipping Weight: 2.8 pounds
  • Average Customer Review: 3.7 out of 5 stars  See all reviews (21 customer reviews)
  • Amazon Best Sellers Rank: #618,660 in Books (See Top 100 in Books)

Editorial Reviews

About the Author

Michael Watkins, CCNA/CCNP/CCVP/CCSP, is a full-time senior technical instructor with SkillSoft Corporation. With 13 years of network management, training, and consulting experience, he has worked with organizations such as Kraft Foods, Johnson and Johnson, Raytheon, and the U.S. Air Force to help them implement and learn about the latest network technologies. In addition to holding more than 20 industry certifications in the areas of networking and programming technologies, he holds a bachelor of arts degree from Wabash College.

 

Kevin Wallace, CCIE No. 7945, is a certified Cisco instructor working full time for SkillSoft, where he teaches courses in the Cisco CCSP, CCVP, and CCNP tracks. With 19 years of Cisco networking experience, he has been a network design specialist for the Walt Disney World Resort and a network manager for Eastern Kentucky University. He holds a bachelor of science degree in electrical engineering from the University of Kentucky. He is also a CCVP, CCSP, CCNP, and CCDP, with multiple Cisco security and IP communications specializations.

Excerpt. © Reprinted by permission. All rights reserved.

Introduction

Introduction

Congratulations on your decision to pursue a Cisco Certification! If you're reading far enough to look at the introduction to this book, you likely already have a sense of what you ultimately would like to achieve—the Cisco CCNA Security certification. Achieving Cisco CCNA Security certification requires that you pass the Cisco IINS (640-553) exam. Cisco certifications are recognized throughout the networking industry as a rigorous test of a candidate's knowledge of and ability to work with Cisco technology. Through its quality technologies, Cisco has garnered a significant market share in the router and switch marketplace, with more than 80 percent market share in some markets. For many industries and markets around the world, networking equals Cisco. Cisco certification will set you apart from the crowd and allow you to display your knowledge as a networking security professional.

Historically speaking, the first entry-level Cisco certification is the Cisco Certified Network Associate (CCNA) certification, first offered in 1998.

With the introduction of the CCNA Security certification, Cisco has for the first time provided an area of focus at the associate level. The CCNA Security certification is for networking professionals who work with Cisco security technologies and who want to demonstrate their mastery of core network security principles and technologies.

Format of the IINS Exam

The 640-553 IINS exam follows the same general format of other Cisco exams. When you get to the testing center and check in, the proctor gives you some general instructions and then takes you into a quiet room with a PC. When you're at the PC, you have a few things to do before the timer starts on your exam. For instance, you can take a sample quiz, just to get accustomed to the PC and the testing engine. If you have user-level PC skills, you should have no problems with the testing environment. Additionally, Chapter 16 points to a Cisco website where you can see a demo of the actual Cisco test engine.

When you start the exam, you are asked a series of questions. You answer the question and then move on to the next question. The exam engine does not let you go back and change your answer. When you move on to the next question, that's it for the earlier question.

The exam questions can be in one of the following formats:

  • Multiple-choice (MC)

  • Testlet

  • Drag-and-drop (DND)

  • Simulated lab (Sim)

  • Simlet

The first three types of questions are relatively common in many testing environments. The multiple-choice format simply requires that you point and click a circle beside the correct answer(s). Cisco traditionally tells you how many answers you need to choose, and the testing software prevents you from choosing too many answers. Testlets are questions with one general scenario, with multiple MC questions about the overall scenario. Drag-and-drop questions require you to click and hold, move a button or icon to another area, and release the mouse button to place the object somewhere else—typically in a list. For example, to get the question correct, you might need to put a list of five things in the proper order.

The last two types both use a network simulator to ask questions. Interestingly, these two types allow Cisco to assess two very different skills. Sim questions generally describe a problem, and your task is to configure one or more routers and switches to fix the problem. The exam then grades the question based on the configuration you changed or added. Interestingly, Sim questions are the only questions that Cisco (to date) has openly confirmed that partial credit is given for.

The Simlet questions may well be the most difficult style of question on the exams. Simlet questions also use a network simulator, but instead of answering the question by changing the configuration, the question includes one or more MC questions. The questions require that you use the simulator to examine the current behavior of a network, interpreting the output of any show commands that you can remember to answer the question. Whereas Sim questions require you to troubleshoot problems related to a configuration, Simlets require you to analyze both working networks and networks with problems, correlating show command output with your knowledge of networking theory and configuration commands.

What's on the IINS Exam?

Cisco wants the public to know both the variety of topics and the kinds of knowledge and skills that are required for each topic, for every Cisco certification exam. To that end, Cisco publishes a set of exam topics for each exam. The topics list the specific subjects, such as ACLs, PKI, and AAA, that you will see on the exam. The wording of the topics also implies the kinds of skills required for that topic. For example, one topic might start with "Describe...", and another might begin with "Describe, configure, and troubleshoot...". The second objective clearly states that you need a thorough and deep understanding of that topic. By listing the topics and skill level, Cisco helps you prepare for the exam.

Although the exam topics are helpful, keep in mind that Cisco adds a disclaimer that the posted exam topics for all its certification exams are guidelines. Cisco makes an effort to keep the exam questions within the confines of the stated exam topics. I know from talking to those involved that every question is analyzed to ensure that it fits within the stated exam topics.

IINS Exam Topics

Table I-1 lists the exam topics for the 640-553 IINS exam. Although the posted exam topics are not numbered at Cisco.com, Cisco Press does number the exam topics for easier reference. Notice that the topics are divided among nine major topic areas. The table also notes the part of this book in which each exam topic is covered. Because it is possible that the exam topics may change over time, it may be worthwhile to double-check the exam topics as listed on Cisco.com (http://www.cisco.com/go/certification). If Cisco later adds exam topics, you may go to http://www.ciscopress.com and download additional information about the newly added topics.

Table I-1Å@640-553 IINS Exam Topics

Reference Number

Exam Topic

Book Part(s) Where Topic Is Covered

1.0

Describe the security threats facing modern network infrastructures

 

1.1

Describe and mitigate the common threats to the physical installation

I

1.2

Describe and list mitigation methods for common network attacks

I

1.3

Describe and list mitigation methods for Worm, Virus, and Trojan Horse attacks

II

1.4

Describe the main activities in each phase of a secure network lifecycle

I

1.5

Explain how to meet the security needs of a typical enterprise with a comprehensive security policy

I

1.6

Describe the Cisco Self Defending Network architecture

I

1.7

Describe the Cisco security family of products and their interactions

I, II, III

2.0

Secure Cisco routers

 

2.1

Secure Cisco routers using the SDM Security Audit feature

I

2.2

Use the One-Step Lockdown feature in SDM to secure a Cisco router

I

2.3

Secure administrative access to Cisco routers by setting strong encrypted passwords, exec timeout, login failure rate and using IOS login enhancements

I

2.4

Secure administrative access to Cisco routers by configuring multiple privilege levels

I

2.5

Secure administrative access to Cisco routers by configuring role based CLI

I

2.6

Secure the Cisco IOS image and configuration file

I

3.0

Implement AAA on Cisco routers using local router database and external ACS

 

3.1

Explain the functions and importance of AAA

I

3.2

Describe the features of TACACS+ and RADIUS AAA protocols

I

3.3

Configure AAA authentication

I

3.4

Configure AAA authorization

I

3.5

Configure AAA accounting

I

4.0

Mitigate threats to Cisco routers and networks using ACLs

 

4.1

Explain the functionality of standard, extended, and named IP ACLs used by routers to filter packets

II

4.2

Configure and verify IP ACLs to mitigate given threats (filter IP traffic destined for Telnet, ...


More About the Authors

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

3.7 out of 5 stars
5 star
9
4 star
2
3 star
5
2 star
5
1 star
0
See all 21 customer reviews
Let me just say this....This book is overkill.
Worldmac1
You know this books are good when your are able to understand the material and pass the Cisco exams.
Avid reader
I read and reviewed this book prior to taken the exam, and passed with flying colors.
Martin T. Lewis

Most Helpful Customer Reviews

7 of 8 people found the following review helpful By Worldmac1 on February 24, 2010
Format: Hardcover
Let me just say this....This book is overkill. It is just words. It has redundant information in all the wrong areas, misspellings, incorrect IP addresses, and one other pet peeve of mine is this. When you have illustrations, try to have them on the same layout as the description. It is so difficult to read about an example and have to turn the page to view it back and forth - back and forth. I also found that most of the time the descriptions of the illustrated examples were vague as well. I have read Wendell Odom's Intro and ICND set as well as the ICND1 ICND2 set. I have read Jeremy Cioara's (CBT Nuggets Trainer) CCNA-Voice book about halfway and all of these Cisco Press books were well written. My head hurts from trying to obtain the CCNA-Sec knowledge in this one. I am very disappointed. I have started reading Implementing Cisco IOS Network Security (IINS): (CCNA Security exam 640-553) (Authorized Self-Study Guide) by Catherine Paquet, and it is a much better written book. Visit [...] for others commenting on this book. I am very surprised Cisco allowed this book through.

I give it 2 stars because of the Boson Testing sim on CD...
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
5 of 5 people found the following review helpful By P. Southerington on April 2, 2010
Format: Hardcover
As other reviewers have noted, this book's quality is very uneven. It contains many typographical errors, some of which completely alter the meaning of a given sentence (e.g., referring to asymmetric encryption when it means symmetric encryptions). The authors repeat themselves often, and the quality seems to decline as the book progresses. The chapter on firewalls is absolutely dreadful.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
1 of 1 people found the following review helpful By Kevin Breit on January 10, 2012
Format: Hardcover Verified Purchase
I haven't taken the CCNA Security (640-553) yet but will by the end of this month. I have been using this book as my primary source to study from and have been very disappointed.

The book covers most of what is in the stated exam topics. However, there are some missing. For example, the book lists "Configure Zone-Based Firewalls in SDM" as a topic covered on the test. However, nowhere does the book show how to accomplish this task.

When topics are reviewed, it is often confusing. There are a few passages I'd read and think "I don't know what they meant by any of this". Maybe it is because cryptography can be complex, but i read the chapters on cryptography and got very little out of it. The order of content is often a cause for this and sometimes the actual text itself.

I do not yet know whether this book is enough to pass the test but I'd be surprised if it is. Of course you will need some lab time but that is expected. In the future, Cisco Press should be a little more particular about the quality of the books released. I did purchase IINS by Catherine Paquet per Amazon reviews and it is a significantly better book.

Note: I don't hold this against the authors of these books. But the CCNA Security exam is outdated because it is using SDM. SDM has been replaced by CCP and is no longer maintained. Furthermore, it requires an old Java version (1.4.2-05 from best I can tell) which isn't overly compatible with Windows 7. The exam itself should probably be updated.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
1 of 1 people found the following review helpful By Papa on August 22, 2011
Format: Hardcover
The writing in this book is heinous, no sense of flow whatsoever. Makes one wonder if the author did any post writing reading. The most difficult to read section deals with Firewalls; extremely convoluted..
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
1 of 1 people found the following review helpful By SavageShooter on August 29, 2010
Format: Hardcover Verified Purchase
This book is an easy read unlike other Cisco books which put you to sleep in 15 minutes or less. Written extremely well, and did the job of getting me my cert. Who can complain about that?
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
1 of 1 people found the following review helpful By D. Wilson on May 7, 2010
Format: Hardcover
I would say this book and the CCNA Security Lab Manual covered about 70-80% of what is on the exam. I would highly recommend spending some time in some ASA books, Security+ and reading up on remote access technologies. The old CCNP guides cover that pretty well.

I found incorrect IP addresses and a lack of real world information in this book. Overall a serious disconnect between the creators of the exam and authors of the book.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
1 of 1 people found the following review helpful By Andre Lima on March 17, 2010
Format: Hardcover
The book explains very poorly the Site-to-Site VPN topic (chapter 5), which practically forces you to check other sources for better explanation. Also, the Fundamentals of Cryptography (chapter 4) is terrible if you really want to learn cryptography. Chapter 4 is mostly a review guide, and therefore intended for people who have already studied Cryptography in another decent book (say: Bruce Schneier's "Applied Cryptography"). Hence an induced fear of other chapters not covering exactly everything one needs to know to pass the exam!
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
1 of 1 people found the following review helpful By J. Slomski Jr. on October 19, 2009
Format: Hardcover Verified Purchase
I read this book, as well as the Exam Cram book for this exam, and studied a little bit from the other CCNA Security book by Richard Deal. Overall I think the Cisco Press book was the best as far as what it covers and how it words things. The key topics are clearly marked throughout the chapters so you can easily flip through the book and review them, this helps keep from having to highlight and mark things on your own. The many screen shots of SDM where helpful and the configuration examples where easy to understand. So yeah, best single study source.

Some final advice:
I think this book was better than the other two I studied. But I'd suggest studying from at least one other book just to get a different taste of it. You may be able to answer all the questions in this book, but fail miserably at the questions from another book because they're different. This was a tough exam, I was lucky to have SDM and a router at home to practice the stuff on and passed the exam, not a great score, but still. I honestly don't think studying ONLY this book will enable you to pass, I don't think studying any ONE book will enable you to pass, at the least you should have some way to practice everything hands-on, or "simulate" it however you can, because Cisco has questions on the exams that require you to know how to do some of the stuff hands on.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again

Customer Images