Course Description: SNPA - Securing Network with Cisco PIX and ANA

This course is provided by our partner, The Training Camp.

Instructor: Richard Deal - Richard teaches many classes and has over 15 years of experience in the computing and networking industry, including networking, training, systems administration, and programming. Richard has written the following networking books: CCNP BCMSN Exam Cram 2; CCNA Secrets Revealed!; Cisco PIX Firewalls; CCNP: Remote Access Exam Prep; CCNP: Switching Exam Cram; CCNP: Cisco LAN Switching Configuration; and Cisco Router Firewall Security. See all of his books here.

The goal of this five-day accelerated program for SNPA is to provide network security professionals with the knowledge and skills necessary to design and implement highly secure networked business systems. The Securing Networks with PIX and ASA exam is one of the exams associated with the Cisco Certified Security Professional and the Cisco Firewall Specialist certifications. Candidates can prepare for this exam by taking the SNPA v4.0 course. This exam includes simulations and tests a candidate's knowledge and ability to describe, configure, verify and manage the Cisco PIX and ASA security appliance products. Cisco Certified Security Professional Certification provides an individual with professional level recognition in designing and implementing Cisco security solutions using Cisco IOS^®, ACS, PIX^® Firewalls, the VPN 3000 Series Concentrators, IDS technologies and CiscoWorks VMS. The Community for National Systems Security (CNSS) now awards the "Information Systems Security Professional" (INFOSEC) certification for the successful completion of the program's first four Cisco certification exams. During the program, students will live, learn, and take the Cisco^® exams at one of our state-of-the-art education centers. This blended-learning program employs outcome-based (Lecture | Lab | Review)™ delivery - that focuses on preparing you with the real-world skills required to pass the simulator-based exams and to hit the ground running in your career.

With Training Camp, you will learn more. effectively. efficiently.

Security has always been a concern to organizations that perform business. As organizations expand their networks and interconnect, the emphasis on network security has moved to the forefront. The market for skilled network security professionals has never been better. Remembering that network security is simply security applied to networking, it only makes sense to hone your skills on products that are the most recognized in the industry when working toward a network security certification.

Overall, Cisco certification validates an individual’s achievement, increasing the holder’s professional credibility by ensuring high standards of technical expertise. In particular, Cisco CCSP certification indicates knowledge of Cisco security products and technologies, as well as the ability to use them to build integrated network security solutions. CCSP certification indicates that the holder can:

Secure the network infrastructure using Cisco security products and integrated technologies.
Deploy perimeter security, VPNs, and intrusion protection technologies and solutions.
Monitor and detect relevant security events.
Manage network security to protect productivity gains and reduce costs.

Cisco® certifications also afford you special membership benefits:

A certificate of accomplishment.
A wallet card, logo and designation for your personal promotion to clients or potential employers.
Access to the secure Cisco^® on-line tracking system so you can download logos, and track your Cisco^® certification progress throughout your career.

Effective technical instruction must be highly varied and interactive to keep attention levels high, promote camaraderie and teamwork between the students and instructor, and solidify knowledge through hands-on learning.

What's Included:

Training Camp offers the highest quality technical education and certification training in an all-inclusive course package specifically designed for the needs and ease of our students. We attend to every detail so our students can focus solely on learning and certification objectives.

Our Dual Certification Program includes:

Intensive Hands-on Training Utilizing our (Lecture | Lab | Review)™ Delivery
Comprehensive Study Materials and Pre-Class Mentoring, Program Courseware, and Self-Testing Software
Optional Package of Five (5) Days of Hotel Accommodations
Breakfast and Lunch, Unlimited Beverages, Snacks, and Freshly-brewed Coffee
24-Hour Instructor Access
Examination Vouchers & On-site Certification Testing
Examination Passing Policy

Our expert-level instructors teach to accommodate every student’s learning needs through individualized instruction, hands-on labs, lab partner and group exercises, independent study, self-testing, question and answer drills. Training Camp has dedicated, well-equipped educational facilities where you will attend instruction and labs and have access to comfortable study and lounging rooms. Our students consistently say our facilities are second-to-none.

Examination Passing Policy. Should a student complete a Training Camp Program without having successfully passed all vendor examinations, the student may re-attend that program for a period of one year. Students will only be responsible for accommodations and vendor exam fees.

What You'll Learn:

The following information provides general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes the guidelines below may change at any time without notice.

Install and configure a security appliance for basic network connectivity

Describe the Security Appliance hardware and software architecture
Determine the Security Appliance hardware and software configuration and verify if it is correct
Use setup or the CLI to configure basic network settings, including interface configurations
Use appropriate show commands to verify initial configurations
Configure NAT and global addressing to meet user requirements
Configure DHCP client option
Set default route
Configure logging options
Describe the firewall technology
Explain the information contained in syslog files
Configure static address translations
Configure Network Address Translations: PAT
Configure static port redirection
Configure a net static
Set embryonic and connection limits on the security appliance
Verify network address translation operation

Configure a security appliance to restrict inbound traffic from untrusted sources

Configure access-lists to filter traffic based on address, time, and protocols
Configure object-groups to optimize access-list processing
Configure Network Address Translations: Nat0
Configure Network Address Translations: Policy NAT
Configure java/activeX filtering
Configure URL filtering
Verify inbound traffic restrictions

Configure a security appliance to provide secure connectivity using site-to-site VPNs

Explain certificates, certificate authorities and how they are used
Explain the basic functionality of IPSec
Configure IKE with preshared keys
Configure IKE to use certificates
Differentiate between the types of encryption
Configure IPSec parameters
Configure crypto-maps and ACLs

Configure a security appliance to provide secure connectivity using remote access VPNs

Explain the functions of EasyVPN
Configure IPSec using EasyVPN Server/Client
Configure the Cisco Secure VPN client
Explain the purpose of WebVPN
Configure WebVPN services: Server/Client
Verify VPN operations

Configure transparent firewall, virtual firewall, and high availability firewall features on a security appliance

Explain differences between L2 and L3 operating modes
Configure security appliance for transparent mode (L2)
Explain purpose of virtual firewalls
Configure security appliance to support virtual firewall
Monitor and maintain virtual firewall
Explain the types, purpose and operation of fail-over
Install appropriate topology to support cable-based or LAN-based fail-over
Explain the hardware, software and licensing requirements for high-availability
Configure the SA for active/standby fail-over
Configure the SA for stateful fail-over
Configure the SA for active-active fail-over
Verify fail-over operation
Recover from a fail-over

Configure AAA services for access through a security appliance

Configure ACS for security appliance support
Configure security appliance to use AAA feature
Configure authentication using both local and external databases
Configure authorization using an external database
Configure the ACS server for downloadable ACLs
Configure accounting of connection start/stop
Verify AAA operation

Configure routing and switching on a security appliance

Enable DHCP server and relay functionality
Configure VLANs on a security appliance interface
Configure routing functionality of security appliance including OSPF, RIP
Configure security appliance to pass multi-cast traffic
Configure ICMP on the security appliance

Configure a modular policy on a security appliance

Configure a class-map
Configure a policy-map
Configure a service-policy
Configure a ftp-map
Configure a http-map
Configure an inspection protocol
Explain the function of protocol inspection
Explain DNS guard feature
Describe the AIP-SSM HW and SW
Load IPS SW on the AIP-SSM
Verify AIP-SSM
Configure an IPS modular policy

Monitor and manage an installed security appliance

Obtain and apply OS updates
Backup and restore configurations and software
Explain the security appliance file management system
Perform password/lockout recovery procedures
Obtain and upgrade license keys
Configure passwords for various access methods: Telnet, serial, enable, SSH
Configure various access methods: Telnet, SSH, PDM
Configure command authorization and privilege levels
Configure local username database
Verify access control methods
Enable ASDM functionality
Verify a security appliance configuration via ASDM
Verify the licensing available on a security appliance

< Prev		Next >

2009s Press Release