Cisco Certified Network Associate Security (CCNA® Security) validates associate-level knowledge and skills required to secure Cisco networks. With a CCNA Security certification, a network professional demonstrates the skills required to develop a security infrastructure, recognize threats and vulnerabilities to networks, and mitigate security threats. The CCNA Security curriculum emphasizes core security technologies, the installation, troubleshooting and monitoring of network devices to maintain integrity, confidentiality and availability of data and devices, and competency in the technologies that Cisco uses in its security structure.

Information Systems Security (INFOSEC) Professional Recognition
CNSS 4013 Recognition
Information Assurance Supplemental Resources

CCNA Security Prerequisites
Valid CCNA or any CCIE Certification can act as a pre-requisite.

CCNA Security Exams & Recommended Training
Required Exam(s)
Recommended Training
640-553 IINS Implementing Cisco IOS Network Security (IINS)

CCNA Security Recertification
CCNA Security certifications are valid for three years. To recertify, pass a CCNA Concentration exam (wireless, security, voice), or pass any 642 – XXX professional level or Cisco Specialist exam (excluding Sales Specialist exams), or pass a current CCIE or CCDE written exam.

640-553 IINS Implementing Cisco IOS Network Security Review
PassGuide.com is your premier source of 640-553 IINS Implementing Cisco IOS Network Security test training. With our 640-553 IINS Implementing Cisco IOS Network Security practice tests, no other vendor will be able to compare to quality 640-553 study guides. our Cisco 640-553 braindumps exam is always updated to provide you the most actual information available and this is done with the help of our testking professionals team of certification experts, technical staff, and comprehensive language masters who are always in-touch with the changes in the 640-553 exam. So the true way for passing the 640-553 exam is to get in-touch with the free study guide, brain dumps and test questions that will lead to your certification success. Easiest way to get these certifications is to log on to the 640-553 testking and download the 640-553 test questions to do Cisco IINS Implementing Cisco IOS Network Security practice exam to obtain your free 640-553 exam certification.Test king 640-553 Practice Questions are designedwith questions, coupled with precise, logical and verified explanations.Our 640-553 practice exam provides you with an examination experience like no other.Our 640-553 practice exams and study questions are composed by current and active Information Technology experts, who use their experience in preparing you for your future in IT. Pass On Your First Try With PassGuide.com.At 640-553 testking braindumps page all the essential 640-553 preparation materials can be found. This package includes 640-553 braindumps, free Cisco q&a, 640-553 practice exams. Our Lifetime Membership includes more than 1200 certification tests and 640-553 exam is part of this Membership.

137. Which option is a desirable feature of using symmetric encryption algorithms?
A. they are often used for wire-speed encryption in data networks
B. they are based on complex mathematical operations and can easily be accelerated by hardware
C. they offer simple key management properties
D. they are best used for one-time encryption needs

Answer: A

138. Which option is true of using cryptography hashes?
A. they are easily reversed to decipher the message context
B. they convert arbitrary data into fixed length digits
C. they are based on a two-way mathematical function
D. they are used for encrypting bulk data communications

Answer: B

139. Which option is true of intrusion prevention systems?
A. they operate in promiscuous mode
B. they operate in inline mode
C. they have no potential impact on the data segment being monitored
D. they are more vulnerable to evasion techniques than IDS

Answer: B

140. Which statement is true when using zone-based firewalls on a Cisco router?
A. policies are applied to traffic moving between zones, not between interfaces
B. the firewalls can be configured simultaneously on the same interface as classic CBAC using the ip
inspect CLI command
C. interface ACLs are applied before zone-based policy firewalls when they are applied outbond
D. when configuring with the ?PASS? action, stateful inspection is applied to all traffic passing between the
configured zones

Answer: A

141. From what configuration mode would you enter the set peer ip-address command to
specify the IP address of an IPsec peer?
A. Transform set configuration mode
B. Crypto map configuration mode
C. ISAKMP configuration mode
D. Interface configuration mode

Answer: B

142. What two site-to-site VPN wizards are available in the Cisco SDM interface? (Choose
two.)
A. Easy VPN Setup
B. Quick Setup
C. Step-by-Step
D. DMVPN Setup

Answer: BC

143. What command displays all existing IPsec security associations (SA)?
A. show crypto isakmp sa
B. show crypto ipsec sa
C. show crypto ike active
D. show crypto sa active

Answer: B

144. Which two statements are true about the differences between IDS and IPS? (Choose two.)
A. IPS operates in promiscuous mode.
B. IPS receives a copy of the traffic to be analyzed.
C. IPS operates in inline mode.
D. IDS receives a copy of the traffic to be analyzed.

Answer: CD

145. What form of attack are all algorithms susceptible to?
A. Meet-in-the-middle
B. Spoofing
C. Stream cipher
D. Brute-force

Answer: D

146. Which type of cipher achieves security by rearranging the letters in a string of text?
A. Vigenère cipher
B. Stream cipher
C. Transposition cipher
D. Block cipher

Answer: C

147. Which of the following are techniques used by symmetric encryption cryptography?
(Choose all that apply.)
A. Block ciphers
B. Message Authentication Codes (MAC)
C. One-time pad
D. Stream ciphers
E. Vigenère ciphers

Answer: ABD

148. DES typically operates in block mode, where it encrypts data in what size blocks?
A. 56-bit blocks
B. 40-bit blocks
C. 128-bit blocks
D. 64-bit blocks

Answer: D

149. What method does 3DES use to encrypt plain text?
A. 3DES-EDE
B. EDE-3DES
C. 3DES-AES
D. AES-3DES

Answer: A

150. Which of the following is not considered a trustworthy symmetric encryption
algorithm?
A. 3DES
B. IDEA
C. EDE
D. AES

Answer: C

“Do I Know This Already?” Quiz
The “Do I Know This Already?” quiz helps you determine your level of knowledge of this
chapter’s topics before you begin. Table 1-1 details the major topics discussed in this
chapter and their corresponding quiz questions.
1. Where do most attacks on an organization’s computer resources originate?
a. From the Internet
b. From the inside network
c. From universities
d. From intruders who gain physical access to the computer resources
Table 1-1 “Do I Know This Already?” Section-to-Question Mapping
Foundation Topics Section Questions
Exploring Security Fundamentals 1 to 6
Understanding the Methods of Network Attacks 7 to 15
6 Chapter 1: Understanding Network Security Principles
2. What are the three primary goals of network security? (Choose three.)
a. Con?dentiality
b. Redundancy
c. Integrity
d. Availability
3. The U.S. government places classi?ed data into which classes? (Choose three.)
a. SBU
b. Con?dential
c. Secret
d. Top-secret
4. Cisco de?nes three categories of security controls: administrative, physical, and
technical. Individual controls within these categories can be further classi?ed as what
three speci?c types of controls? (Choose three.)
a. Preventive
b. Deterrent
c. Detective
d. Reactive
5. Litigators typically require which three of the following elements to present an
effective argument when prosecuting information security violations? (Choose three.)
a. Audit trail
b. Motive
c. Means
d. Opportunity
6. Which type of law typically involves the enforcement of regulations by government
agencies?
a. Criminal law
b. Tort law
c. Administrative law
d. Civil law
7. Which of the following is a weakness in an information system that an attacker might
leverage to gain unauthorized access to the system or data on the system?
a. Risk
b. Exploit
c. Mitigation
d. Vulnerability
8. What type of hacker attempts to hack telephony systems?
a. Script kiddy
b. Hacktivist
c. Phreaker
d. White hat hacker
9. Which of the following is a method of gaining access to a system that bypasses normal
security measures?
a. Creating a back door
b. Launching a DoS attack
c. Starting a Smurf attack
d. Conducting social engineering
10. What security design philosophy uses a layered approach to eliminate single points of
failure and provide overlapping protection?
a. AVVID
b. Defense in Depth
c. SONA
d. IINS

http://rapidshare.com/files/142263429/www.640-553.com_CCNA_Security_Do_I_Know_Q_A.rar.html

CCNA Security Do I konw Question and Answer

password:www.certbible.org

CCNA Security Exams and Recommended Training

down: Lock In Your Future With CCNA Security  pdf

A CCNA Voice certification helps prepare you for jobs such as voice administrator, voice engineer, and voice manager. This certification validates your skills for configuring and managing the latest technologies for VoIP infrastructure. It also gives you terrific exposure to unified communications applications and architectures. Read the 10 things you should know about CCNA Voice, the gateway for advancing your career through the CCVP certification. Certification Magazine’s 2007 Annual Salary Survey found a worldwide average salary of US$74,810 for a person certified with a valid CCNA. Attaining the professional-level CCVP voice-based specialty beyond the CCNA resulted in a 23 percent salary premium, a worldwide average salary of US$92,350.

The CCNA Security certification gives you valuable credentials for jobs such as network security specialist, security administrator, and network security support engineer. This certification verifies your ability to manage security devices, implement security policies, and mitigate risks. When you are ready to advance on an exciting security IT career, the CCNA Security certification will position you to pursue your CCSP certification. Read the 10 things you should know about CCNA Security. NetworkWorld reported in February 2008 that while 73 percent of IT managers placed significance importance on security skills, only 57 percent said that their IT employees were proficient in such skills. This gap between need and capability can be addressed by the new CCNA Security offering.

Is one of these CCNA concentrations right for you? Each of the new concentrations are a next step beyond CCNA and build on the routing and switching skills gained in the CCNA training. And by adding a concentration, you’ll continue to enjoy all of the benefits that come with being an active CCNA certification holder. Broaden your skills and pursue new career paths-check out the new Cisco CCNA concentrations for yourself.

I am confused about this cetification as I am on my path to attain my CCSP and then CCIE Security. The problem lies with the CCNA Security certification. Here is my understanding of getting the CCNA Security certification:

A valid CCNA with a passing mark with IINS (642-553) gives you the CCNA Security.

A valid CCNA with a passing mark with SND (642-552) gives you nothing but a credit towards CCSP or does it give you CCNA Security also?

Since CCNA Security is really an updated version of 642-552 merged into the certification, would the person not be eligible for the CCNA Security designation if the person has recently passed the 642-552 exam?

My plight would be that I have passed the 642-552 exam, however I am going through getting my CCNA if I want to continue in the right path. I am just confused as to the certification requirement for this designation although being an entry level certification.

Travis Newshott answered:

CCNA + SND does not give you CCNA security. You must pass the CCNA and CCNA: Security exam to gain that credential.

However, if you are pursuing the CCSP, either the CCNA: Security or the SND exam will act as 1 of your 5 required exams. Two means to the same end.

CCNA Security Certification meets the needs of IT professionals who are responsible for network security. It confirms an individual’s skills for job roles such as Network Security Specialists, Security Administrators, and Network Security Support Engineers. This certification validates skills including installation, troubleshooting and monitoring of network devices to maintain integrity, confidentiality and availability of data and devices and develops competency in the technologies that Cisco uses in its security structure.

Students completing the recommended Cisco training will gain an introduction to core security technologies as well as how to develop security policies and mitigate risks. IT organizations that employ CCNA Security-holders will have IT staff that can develop a security infrastructure, recognize threats and vulnerabilities to networks, and mitigate security threats.
Recommended Training about Cisco ccna security 640-553 PDF vce
The following courses are the recommended training for Microsoft 70-450 exam
Cisco ccna security 640-553 Q & A with Explanations
Cisco ccna security 640-553 Audio Exam
Cisco ccna security 640-553 Study Guide
Cisco ccna security 640-553 Preparation Lab
Cisco ccna security 640-553 rapidshare 4shared books

CCNA Security
CCNA Security is a new Associate Level certification designed to build upon the CCNA certification and as a prerequisite for the CCSP – Cisco Certified Security Professional certification. The Cisco CCNA Security certification validates the knowledge required to install, troubleshoot, and monitor Cisco security network devices. In addition, CCNA Security confirms an individual’s skills for job roles such as network security specialist, security administrator, and network security support engineer. Prior to obtaining CCNA Security, an individual must hold and active CCNA certification.

CCNA Security Benefits
Takes full advantage of the CCNA certification as the foundation for careers in Cisco security technologies
Prepares you for new career opportunities in security networking
Represents an important step toward the Cisco CCSP® and other professional-level Cisco certifications
Cisco will be retiring the course, SND – Securing Cisco Network Devices, as of November 17, 2008. SND will be replaced with IINS – Implementing Cisco IOS Network Security, which is recommended prior to taking the IINS 640-553 exam. IINS is based on the SND content, but adds several new components.

IINS Course Components
Module 1: Introduction to Network Security Principles
Network Security Fundamentals, Attack Methodologies, Operations Security, Cisco Self-Defending Networks

Module 2: Perimeter Security
Administrative Access to Cisco Routers, Cisco SDM, AAA on a Cisco Router Using the Local Database and on Secure ACS, Secure Management/Reporting, Locking Down the Router

Module 3: Network Security Using Cisco IOS Firewalls
Firewall Technologies, Static Packet Filters Using ACLs, Cisco IOS Zone-Based Policy Firewall

Module 4: Site-to-Site VPNs
Cryptographic Services, Symmetric Encryption, Examining Cryptographic Hashes and Digital Signatures, Asymmetric Encryption and PKI, IPsec Fundamentals, Site-to-Site IPsec VPN, IPsec on a Site-to-Site VPN Using Cisco SDM

Module 5: Network Security Using Cisco IOS IPS
IPS Technologies, Cisco IOS IPS Using Cisco SDM

Module 6: LAN, SAN, Voice, and Endpoint Security Overview
Endpoint Security, SAN Security, Voice Security, Layer 2 Attacks

Certification Requirements
Exams and Courses
Required Exam Recommended Training
640-822 ICND1 ICND1 – Interconnecting Cisco Network Devices 1
640-816 ICND2 ICND2 – Interconnecting Cisco Network Devices 2
640-553 IINS IINS – Implementing Cisco IOS Network Security
Or Or
640-802 CCNA CCNA Boot Camp v2.0
640-553 IINS IINS – Implementing Cisco IOS Network Security
The following courses help you prepare for this certification.
ICND1 – Interconnecting Cisco Network Devices 1
ICND2 – Interconnecting Cisco Network Devices 2
CCNA Boot Camp v2.0
IINS – Implementing Cisco IOS Network Security

The Global Knowledge Difference
Our Cisco Security courses are built using a unique lab topology that sets us apart from other Cisco training providers by enhancing our hands-on labs to include PCs in all Security Zones and exclusive, realistic scenarios that you won’t find in standard labs.

Exam Description
The 640-553 IINS Implementing Cisco IOS Network Security exam is associated with the CCNA Security certification. This exam tests a candidate’s knowledge of securing Cisco routers and switches and their associated networks. It leads to validated skills for installation, troubleshooting and monitoring of network devices to maintain integrity, confidentiality and availability of data and devices and develops competency in the technologies that Cisco uses in its security infrastructure.

Candidates can prepare for this exam by taking the Implementing Cisco IOS Network Security (IINS)course.

Exam Topics
The following topics are general guidelines for the content likely to be included on the Implementing Cisco IOS Network Security exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

Describe the security threats facing modern network infrastructures

* Describe and list mitigation methods for common network attacks
* Describe and list mitigation methods for Worm, Virus, and Trojan Horse attacks
* Describe the Cisco Self Defending Network architecture

Secure Cisco routers

* Secure Cisco routers using the SDM Security Audit feature
* Use the One-Step Lockdown feature in SDM to secure a Cisco router
* Secure administrative access to Cisco routers by setting strong encrypted passwords, exec timeout, login failure rate and using IOS login enhancements
* Secure administrative access to Cisco routers by configuring multiple privilege levels
* Secure administrative access to Cisco routers by configuring role based CLI
* Secure the Cisco IOS image and configuration file

Implement AAA on Cisco routers using local router database and external ACS

* Explain the functions and importance of AAA
* Describe the features of TACACS+ and RADIUS AAA protocols
* Configure AAA authentication
* Configure AAA authorization
* Configure AAA accounting

Mitigate threats to Cisco routers and networks using ACLs

* Explain the functionality of standard, extended, and named IP ACLs used by routers to filter packets
* Configure and verify IP ACLs to mitigate given threats (filter IP traffic destined for Telnet, SNMP, and DDoS attacks) in a network using CLI
* Configure IP ACLs to prevent IP address spoofing using CLI
* Discuss the caveats to be considered when building ACLs

Implement secure network management and reporting

* Use CLI and SDM to configure SSH on Cisco routers to enable secured management access
* Use CLI and SDM to configure Cisco routers to send Syslog messages to a Syslog server

Mitigate common Layer 2 attacks

* Describe how to prevent layer 2 attacks by configuring basic Catalyst switch security features

Implement the Cisco IOS firewall feature set using SDM

* Describe the operational strengths and weaknesses of the different firewall technologies
* Explain stateful firewall operations and the function of the state table
* Implement Zone Based Firewall using SDM

Implement the Cisco IOS IPS feature set using SDM

* Define network based vs. host based intrusion detection and prevention
* Explain IPS technologies, attack responses, and monitoring options
* Enable and verify Cisco IOS IPS operations using SDM

Implement site-to-site VPNs on Cisco Routers using SDM

* Explain the different methods used in cryptography
* Explain IKE protocol functionality and phases
* Describe the building blocks of IPSec and the security functions it provides
* Configure and verify an IPSec site-to-site VPN with pre-shared key authentication using SDM