The goal of this five-day accelerated program for SNPA is to provide network security professionals with the knowledge and skills necessary to design and implement highly secure networked business systems. The Securing Networks with PIX and ASA exam is one of the exams associated with the Cisco Certified Security Professional and the Cisco Firewall Specialist certifications. Candidates can prepare for this exam by taking the SNPA v4.0 course. This exam includes simulations and tests a candidate's knowledge and ability to describe, configure, verify and manage the Cisco PIX and ASA security appliance products. Cisco Certified Security Professional Certification provides an individual with professional level recognition in designing and implementing Cisco security solutions using Cisco IOS^®, ACS, PIX^® Firewalls, the VPN 3000 Series Concentrators, IDS technologies and CiscoWorks VMS. The Community for National Systems Security (CNSS) now awards the "Information Systems Security Professional" (INFOSEC) certification for the successful completion of the program's first four Cisco certification exams. During the program, students will live, learn, and take the Cisco^® exams at one of our state-of-the-art education centers. This blended-learning program employs outcome-based (Lecture | Lab | Review)™ delivery - that focuses on preparing you with the real-world skills required to pass the simulator-based exams and to hit the ground running in your career.

With Training Camp, you will learn more. effectively. efficiently.

Security has always been a concern to organizations that perform business. As organizations expand their networks and interconnect, the emphasis on network security has moved to the forefront. The market for skilled network security professionals has never been better. Remembering that network security is simply security applied to networking, it only makes sense to hone your skills on products that are the most recognized in the industry when working toward a network security certification.

Overall, Cisco certification validates an individual’s achievement, increasing the holder’s professional credibility by ensuring high standards of technical expertise. In particular, Cisco CCSP certification indicates knowledge of Cisco security products and technologies, as well as the ability to use them to build integrated network security solutions. CCSP certification indicates that the holder can:

• Secure the network infrastructure using Cisco security products and integrated technologies.
• Deploy perimeter security, VPNs, and intrusion protection technologies and solutions.
• Monitor and detect relevant security events.
• Manage network security to protect productivity gains and reduce costs.

Cisco® certifications also afford you special membership benefits:

• A certificate of accomplishment.
• A wallet card, logo and designation for your personal promotion to clients or potential employers.
• Access to the secure Cisco^® on-line tracking system so you can download logos, and track your Cisco^® certification progress throughout your career.

Effective technical instruction must be highly varied and interactive to keep attention levels high, promote camaraderie and teamwork between the students and instructor, and solidify knowledge through hands-on learning.

What's Included:

The following information provides general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes the guidelines below may change at any time without notice.

Install and configure a security appliance for basic network connectivity

Configure a security appliance to restrict inbound traffic from untrusted sources

Configure a security appliance to provide secure connectivity using site-to-site VPNs

• Explain certificates, certificate authorities and how they are used
• Explain the basic functionality of IPSec
• Configure IKE with preshared keys
• Configure IKE to use certificates
• Differentiate between the types of encryption
• Configure IPSec parameters
• Configure crypto-maps and ACLs

Configure a security appliance to provide secure connectivity using remote access VPNs

• Explain the functions of EasyVPN
• Configure IPSec using EasyVPN Server/Client
• Configure the Cisco Secure VPN client
• Explain the purpose of WebVPN
• Configure WebVPN services: Server/Client
• Verify VPN operations

Configure transparent firewall, virtual firewall, and high availability firewall features on a security appliance

• Explain differences between L2 and L3 operating modes
• Configure security appliance for transparent mode (L2)
• Explain purpose of virtual firewalls
• Configure security appliance to support virtual firewall
• Monitor and maintain virtual firewall
• Explain the types, purpose and operation of fail-over
• Install appropriate topology to support cable-based or LAN-based fail-over
• Explain the hardware, software and licensing requirements for high-availability
• Configure the SA for active/standby fail-over
• Configure the SA for stateful fail-over
• Configure the SA for active-active fail-over
• Verify fail-over operation
• Recover from a fail-over

Configure AAA services for access through a security appliance

• Configure ACS for security appliance support
• Configure security appliance to use AAA feature
• Configure authentication using both local and external databases
• Configure authorization using an external database
• Configure the ACS server for downloadable ACLs
• Configure accounting of connection start/stop
• Verify AAA operation

Configure routing and switching on a security appliance

• Enable DHCP server and relay functionality
• Configure VLANs on a security appliance interface
• Configure routing functionality of security appliance including OSPF, RIP
• Configure security appliance to pass multi-cast traffic
• Configure ICMP on the security appliance

Configure a modular policy on a security appliance

• Configure a class-map
• Configure a policy-map
• Configure a service-policy
• Configure a ftp-map
• Configure a http-map
• Configure an inspection protocol
• Explain the function of protocol inspection
• Explain DNS guard feature
• Describe the AIP-SSM HW and SW
• Load IPS SW on the AIP-SSM
• Verify AIP-SSM
• Configure an IPS modular policy

Monitor and manage an installed security appliance

• Obtain and apply OS updates
• Backup and restore configurations and software
• Explain the security appliance file management system
• Perform password/lockout recovery procedures
• Obtain and upgrade license keys
• Configure passwords for various access methods: Telnet, serial, enable, SSH
• Configure various access methods: Telnet, SSH, PDM
• Configure command authorization and privilege levels
• Configure local username database
• Verify access control methods
• Enable ASDM functionality
• Verify a security appliance configuration via ASDM
• Verify the licensing available on a security appliance