CCNP Security SISAS 300-208 Official Cert Guide

Book description

CCNP Security SISAS 300-208 Official Cert Guide

CCNP Security SISAS 300-208 Official Cert Guide from Cisco Press enables you to succeed on the exam the first time and is the only self-study resource approved by Cisco. Cisco security experts Aaron Woland and Kevin Redmon share preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills.

This complete study package includes

  • A test-preparation routine proven to help you pass the exam
  • “Do I Know This Already?” quizzes, which enable you to decide how much time you need to spend on each section
  • The powerful Pearson IT Certification Practice Test software, complete with hundreds of well-reviewed, exam-realistic questions, customization options, and detailed performance reports
  • A final preparation chapter, which guides you through tools and resources to help you craft your review and test-taking strategies
  • Study plan suggestions and templates to help you organize and optimize your study time

Well regarded for its level of detail, study plans, assessment features, challenging review questions and exercises, video instruction, and hands-on labs, this official study guide helps you master the concepts and techniques that ensure your exam success.

Aaron T. Woland, CCIE No. 20113, is a Principal Engineer and works with the largest Cisco customers all over the world. His primary job responsibilities include Secure Access and Identity deployments with ISE, solution enhancements, standards development, and futures. Aaron is the author of Cisco ISE for BYOD and Secure Unified Access (Cisco Press) and many published white papers and design guides. He is one of the first six members of the Hall of Fame for Distinguished Speakers at Cisco Live, and is a security columnist for Network World, where he blogs on all things related to Identity.

Kevin Redmon is a Systems Test Engineer with the Cisco IoT Vertical Solutions Group, specializing in all things security. Previously with the Cisco Systems Development Unit, Kevin supported several iterations of the Cisco Validated Design Guide for BYOD and is the author of Cisco Bring Your Own Device (BYOD) Networking Live Lessons (Cisco Press). Since joining Cisco in October 2000, he has worked closely with several Cisco design organizations, and as Firewall/VPN Customer Support Engineer with the Cisco Technical Assistance Center (TAC). He holds several Cisco certifications and has an issued patent with the U.S. Patent and Trademark Office.

The official study guide helps you master topics on the CCNP Security SISAS 300-208 exam, including the following:

  • Identity management/secure access
  • Threat defense
  • Troubleshooting, monitoring and reporting tools
  • Threat defense architectures
  • Identity management architectures

The CD contains 150 practice questions for the exam and a study planner tool.*

*The companion material is not available with the online edition on O'Reilly Learning

Includes Exclusive Offer for 70% Off Premium Edition eBook and Practice Test

Pearson IT Certification Practice Test minimum system requirements:

Windows Vista (SP2), Windows 7, or Windows 8.1; Microsoft .NET Framework 4.5 Client; Pentium-class 1GHz processor (or equivalent); 512MB RAM; 650MB disk space plus 50MB for each downloaded practice exam; access to the Internet to register and download exam databases

Table of contents

  1. About This eBook
  2. Title Page
  3. Copyright Page
  4. About the Authors
  5. About the Technical Reviewers
  6. Dedications
  7. Acknowledgments
  8. Contents at a Glance
  9. Contents
  10. Icons
  11. Command Syntax Conventions
  12. Introduction
    1. Goals and Methods
    2. How This Book Is Organized
  13. Part I: The CCNP Certification
    1. Chapter 1. CCNP Security Certification
      1. CCNP Security Certification Overview
      2. Contents of the CCNP-Security SISAS Exam
      3. How to Take the SISAS Exam
      4. Who Should Take This Exam and Read This Book?
      5. Format of the CCNP-Security SISAS Exam
      6. CCNP-Security SISAS 300-208 Official Certification Guide
      7. Book Features and Exam Preparation Methods
  14. Part II: “The Triple A” (Authentication, Authorization, and Accounting)
    1. Chapter 2. Fundamentals of AAA
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
        1. Triple-A
        2. Compare and Select AAA Options
        3. TACACS+
        4. RADIUS
        5. Comparing RADIUS and TACACS+
      3. Exam Preparation Tasks
        1. Review All Key Topics
        2. Define Key Terms
    2. Chapter 3. Identity Management
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
        1. What Is an Identity?
        2. Identity Stores
        3. External Identity Stores
      3. Exam Preparation Tasks
        1. Review All Key Topics
        2. Define Key Terms
    3. Chapter 4. EAP Over LAN (Also Known As 802.1X)
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
        1. Extensible Authentication Protocol
      3. Exam Preparation Tasks
        1. Review All Key Topics
        2. Define Key Terms
    4. Chapter 5. Non-802.1X Authentications
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
        1. Devices Without a Supplicant
        2. MAC Authentication Bypass
        3. Web Authentication
        4. Remote Access Connections
      3. Exam Preparation Tasks
        1. Review All Key Topics
        2. Define Key Terms
    5. Chapter 6. Introduction to Advanced Concepts
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
        1. Change of Authorization
        2. Automating MAC Authentication Bypass
        3. Posture Assessments
        4. Mobile Device Managers
      3. Exam Preparation Tasks
        1. Review All Key Topics
        2. Define Key Terms
  15. Part III: Cisco Identity Services Engine
    1. Chapter 7. Cisco Identity Services Engine Architecture
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
        1. What Is Cisco ISE?
        2. Personas
        3. Physical or Virtual Appliance
        4. ISE Deployment Scenarios
      3. Exam Preparation Tasks
        1. Review All Key Topics
        2. Define Key Terms
    2. Chapter 8. A Guided Tour of the Cisco ISE Graphical User Interface
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
        1. Logging In to ISE
        2. Organization of the ISE GUI
        3. Type of Policies in ISE
      3. Exam Preparation Tasks
        1. Review All Key Topics
        2. Define Key Terms
    3. Chapter 9. Initial Configuration of Cisco ISE
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
        1. Cisco Identity Services Engine Form Factors
        2. Bootstrapping Cisco ISE
        3. Network Devices
        4. Local User Identity Groups
        5. Local Endpoint Groups
        6. Local Users
        7. External Identity Stores
      3. Exam Preparation Tasks
        1. Review All Key Topics
    4. Chapter 10. Authentication Policies
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
        1. The Relationship Between Authentication and Authorization
        2. Authentication Policy
        3. Understanding Authentication Policies
        4. Common Authentication Policy Examples
        5. More on MAB
        6. Restore the Authentication Policy
      3. Exam Preparation Tasks
        1. Review All Key Topics
    5. Chapter 11. Authorization Policies
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
        1. Authentication Versus Authorization
        2. Authorization Policies
        3. Saving Conditions for Reuse
      3. Exam Preparation Tasks
        1. Review All Key Topics
        2. Define Key Terms
  16. Part IV: Implementing Secure Network Access
    1. Chapter 12. Implement Wired and Wireless Authentication
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
        1. Authentication Configuration on Wired Switches
        2. Authentication Configuration on WLCs
        3. Verifying Dot1X and MAB
        4. Live Sessions Log
        5. Looking Forward
      3. Exam Preparation Tasks
        1. Review All Key Topics
        2. Define Key Terms
    2. Chapter 13. Web Authentication
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
        1. Web Authentication Scenarios
        2. Configuring Centralized Web Authentication
        3. Building CWA Authorization Policies
        4. Configuring Device Registration Web Authentication
        5. Verifying Centralized Web Authentication
      3. Exam Preparation Tasks
        1. Review All Key Topics
    3. Chapter 14. Deploying Guest Services
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
        1. Guest Services Overview
      3. Exam Preparation Tasks
        1. Review All Key Topics
        2. Define Key Terms
    4. Chapter 15. Profiling
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
        1. ISE Profiler
        2. Cisco ISE Probes
        3. Infrastructure Configuration
        4. Profiling Policies
        5. ISE Profiler and CoA
        6. Profiles in Authorization Policies
        7. Verify Profiling
      3. Exam Preparation Tasks
        1. Review All Key Topics
  17. Part V: Advanced Secure Network Access
    1. Chapter 16. Certificate-Based User Authentications
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
        1. Certificate Authentication Primer
        2. A Common Misconception About Active Directory
        3. EAP-TLS
        4. Configuring ISE for Certificate-Based Authentications
        5. Verifying Certificate Authentications
      3. Exam Preparation Tasks
        1. Review All Key Topics
        2. Define Key Terms
    2. Chapter 17. Bring Your Own Device
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
        1. BYOD Challenges
        2. Onboarding Process
        3. Configuring NADs for Onboarding
        4. ISE Configuration for Onboarding
        5. BYOD Onboarding Process Detailed
        6. Verifying BYOD Flows
        7. MDM Onboarding
        8. Managing Endpoints
        9. The Opposite of BYOD: Identify Corporate Systems
      3. Exam Preparation Tasks
        1. Review All Key Topics
        2. Define Key Terms
    3. Chapter 18. TrustSec and MACSec
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
        1. Ingress Access Control Challenges
        2. What Is TrustSec?
        3. What Is a Security Group Tag?
        4. Defining the SGTs
        5. Classification
        6. Transport: Security Group Exchange Protocol
        7. Transport: Native Tagging
        8. Enforcement
        9. MACSec
      3. Exam Preparation Tasks
        1. Review All Key Topics
        2. Define Key Terms
    4. Chapter 19. Posture Assessment
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
        1. Posture Service Overview
        2. Posture Flow
        3. Agent Types
        4. Posture Conditions
        5. CoA with Posture
        6. Configuring Posture
      3. Exam Preparation Tasks
        1. Review All Key Topics
        2. Define Key Terms
  18. Part VI: Safely Deploying in the Enterprise
    1. Chapter 20. Deploying Safely
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
        1. Why Use a Phased Approach?
        2. A Phased Approach
        3. Transitioning from Monitor Mode to Your End State
        4. Wireless Networks
      3. Exam Preparation Tasks
        1. Review All Key Topics
    2. Chapter 21. ISE Scale and High Availability
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
        1. Configuring ISE Nodes in a Distributed Environment
        2. Making the First Node a Primary Device
        3. Registering an ISE Node to the Deployment
        4. Licensing in a Multinode ISE Cube
        5. Understanding the HA Options Available
        6. Using Load Balancers
        7. IOS Load Balancing
        8. Maintaining ISE Deployments
      3. Exam Preparation Tasks
        1. Review All Key Topics
        2. Define Key Terms
    3. Chapter 22. Troubleshooting Tools
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
        1. Logging
        2. Diagnostics Tools
        3. Troubleshooting Outside of ISE
      3. Exam Preparation Tasks
        1. Review All Key Topics
  19. Part VII: Final Preparation
    1. Chapter 23. Final Preparation
      1. Advice About the Exam Event
        1. Learning the Question Types Using the Cisco Certification Exam Tutorial
        2. Thinking About Your Time Budget Versus Number of Questions
        3. A Suggested Time-Check Method
        4. Miscellaneous Pre-Exam Suggestions
        5. Exam-Day Advice
      2. Exam Review
        1. Taking Practice Exams
        2. Finding Knowledge Gaps Through Question Review
        3. Other Study Tasks
        4. Final Thoughts
  20. Part VIII: Appendixes
    1. Appendix A. Answers to the “Do I Know This Already?” Quizzes
      1. Chapter 2
      2. Chapter 3
      3. Chapter 4
      4. Chapter 5
      5. Chapter 6
      6. Chapter 7
      7. Chapter 8
      8. Chapter 9
      9. Chapter 10
      10. Chapter 11
      11. Chapter 12
      12. Chapter 13
      13. Chapter 14
      14. Chapter 15
      15. Chapter 16
      16. Chapter 17
      17. Chapter 18
      18. Chapter 19
      19. Chapter 20
      20. Chapter 21
      21. Chapter 22
    2. Appendix B. Configuring the Microsoft CA for BYOD
      1. CA Requirements
        1. Other Useful Information
        2. Microsoft Hotfixes
        3. AD Account Roles
      2. Configuration Steps
        1. Installing the CA
        2. Adding the Remaining Roles
        3. Configuring the Certificate Template
        4. Publishing the Certificate Template
        5. Editing the Registry
      3. Useful Links
    3. Appendix C. Using the Dogtag CA for BYOD
      1. What Is Dogtag, and Why Use It?
        1. Prerequisites
        2. Installing Packages with yum
        3. Configuring Proxy (if Needed)
      2. Updating System Packages with yum
      3. Installing and Configuring the NTP Service
      4. Installing the LDAP Server
      5. Installing the PHP Services
      6. Installing and Configuring Dogtag
        1. Modifying the Firewall Rules (iptables)
        2. Creating a New CA Instance
        3. Enabling and Configuring SCEP
        4. Preparing Apache
      7. Configuring ISE to Use the New Dogtag CA
        1. Adding Dogtag to the SCEP RA Profiles
    4. Appendix D. Sample Switch Configurations
      1. Catalyst 2960/3560/3750 Series, 12.2(55)SE
      2. Catalyst 3560/3750 Series, 15.0(2)SE
      3. Catalyst 4500 Series, IOS-XE 3.3.0/15.1(1)SG
      4. Catalyst 6500 Series, 12.2(33)SXJ
  21. Glossary
  22. Index
  23. Code Snippets

Product information

  • Title: CCNP Security SISAS 300-208 Official Cert Guide
  • Author(s): Aaron Woland, Kevin Redmon
  • Release date: May 2015
  • Publisher(s): Cisco Press
  • ISBN: 9780133888751