CCNA
Cisco Press
ciscopress.com
$49.99 USA / $61.99 CAN
ISBN-13:
ISBN-10:
978-1-58720-566-8
1-58720-566-1
9781587 205668
54999
CCNA Security 210-260
Official Cert Guide
CCNA
CCNA
Security
210-260
Official Cert Guide
Learn, prepare, and practice for exam success
OMAR SANTOS, CISSP NO. 463598
JOHN STUPPI, CCIE NO. 11154
ciscopress.com
CCNA Security
210-260 Official Cert Guide
CCNA Security 210-260 Official Cert Guide is a best-of-breed Cisco exam study guide that
focuses specifically on the objectives for the CCNA Security Implementing Cisco Network
Security (IINS) 210-260 exam. Cisco Security experts Omar Santos and John Stuppi share
preparation hints and test-taking tips, helping you identify areas of weakness and improve
both your conceptual knowledge and hands-on skills. Material is presented in a concise man-
ner, focusing on increasing your understanding and retention of exam topics.
CCNA Security 210-260 Official Cert Guide presents you with an organized test-preparation
routine through the use of proven series elements and techniques. “Do I Know This Already?”
quizzes open each chapter and enable you to decide how much time you need to spend on
each section. A list of official exam topics makes referencing easy. Chapter-ending Exam
Preparation Tasks help you drill on key concepts you must know thoroughly.
The companion CD-ROM contains the powerful Pearson IT Certification Practice Test engine
that enables you to focus on individual topic areas or take complete, timed exams. The assess-
ment engine also tracks your performance and provides feedback on a chapter-by-chapter
basis, laying out a complete assessment of your knowledge to help you focus your study
where it is needed most. The CD also contains 90 minutes of video training on CCP, NAT,
object groups, ACLs, port security on a Layer 2 switch, CP3L, and zone-based firewalls.
Well regarded for its level of detail, assessment features, and challenging review questions
and exercises, this official study guide helps you master the concepts and techniques that will
enable you to succeed on the exam the first time.
CCNA Security 210-260 Official Cert Guide is part of a recommended learning path from
Cisco that includes simulation and hands-on training from authorized Cisco Learning Partners
and self-study products from Cisco Press. To find out more about instructor-led training,
e-learning, and hands-on instruction offered by authorized Cisco Learning Partners worldwide,
please visit http://www.cisco.com/web/learning/index.html.
Omar Santos, CISSP No. 463598, is the Cisco Product Security Incident Response Team
(PSIRT) technical leader. He mentors and lead engineers and incident managers during the inves-
tigation and resolution of security vulnerabilities in all Cisco products, including cloud services.
Omar has been working with information technology and cybersecurity since the mid 1990s.
Omar has designed, implemented, and supported numerous secure networks for Fortune 100
and 500 companies and the U.S. government. He is an active member of the security community,
where he leads several industry-wide initiatives and standard bodies. Omar holds the Certified
Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), and CCNP
Security, among other certifications. Omar is the author of several books, numerous whitepa-
pers, and articles and has delivered technical presentations at many conferences.
John Stuppi, CCIE No. 11154 (Security), is a technical leader in the Cisco Security
Solutions (CSS) organization at Cisco, where he consults Cisco customers on protecting
their networks against existing and emerging cybersecurity threats. In this role, John is
responsible for providing effective techniques using Cisco product capabilities to provide identifi-
cation and mitigation solutions for Cisco customers who are concerned with current or expected
security threats to their network environments. Current projects include helping customers lever-
age DNS and NetFlow data to identify and subsequently mitigate network-based threats. John has
presented multiple times on various network security topics at Cisco Live, Black Hat, and other
customer-facing cybersecurity conferences.
Category: Cisco Press–Cisco Certification
Covers: CCNA Security 210-260
This volume is part of the Official Cert
Guide series from Cisco Press. Books in
this series provide officially developed
exam preparation materials that offer
assessment, review, and practice to help
Cisco Career Certification candidates
identify weaknesses, concentrate their
study efforts, and enhance their confi-
dence as exam day nears.
The official study guide helps you master
all the topics on the CCNA Security
Implementing Cisco Network Security
(IINS) 210-260 exam, including
n
Security concepts and threats
n
Implementing AAA using IOS and ISE
n
Bring Your Own Device (BYOD)
n
VPN technology and cryptography
n
IP security
n
Implementing IPsec site-to-site VPNs
n
Implementing SSL remote-access
VPNs using Cisco ASA
n
Securing Layer 2 technologies
n
Network Foundation Protection (NFP)
n
Securing the management, data, and
control planes
n
Understand, implement, and configure
Cisco firewall technologies
n
Cisco IPS fundamentals
n
Mitigation technologies for e-mail,
web-based, and endpoint threats
Pearson IT Certification Practice Test minimum
system requirements:
Windows XP (SP3), Windows Vista (SP2), Windows
7, or Windows 8; Microsoft .NET Framework 4.0
Client; Pentium class 1GHz processor (or equiva-
lent); 512MB RAM; 650MB disk space plus 50MB
for each downloaded practice exam; access to
the Internet to register and download the exam
databases
The CD-ROM contains two free,
complete practice exams and 90
minutes of video training.
Companion CD-ROM
Includes Exclusive Offer for 70% Off
Premium Edition eBook and Practice Test
Santos
Stuppi
9781587205668_santos_ccna_security_ocg_cover.indd 1 5/1/15 12:15 PM
Cisco Press
800 East 96th Street
Indianapolis, IN 46240
CCNA
Security
210-260
Official Cert Guide
OMAR SANTOS, CISSP 463598
JOHN STUPPI, CCIE NO. 11154
9781587205668_BOOK.indb i9781587205668_BOOK.indb i 4/29/15 3:40 PM4/29/15 3:40 PM
CCNA Security 210-260
Official Cert Guide
Omar Santos
John Stuppi
Copyright© 2015 Pearson Education, Inc.
Published by:
Cisco Press
800 East 96th Street
Indianapolis, IN 46240 USA
All rights reserved. No part of this book may be reproduced or transmitted in any form or by any means,
electronic or mechanical, including photocopying, recording, or by any information storage and retrieval
system, without written permission from the publisher, except for the inclusion of brief quotations in a
review.
Printed in the United States of America
First Printing June 2015
Library of Congress Control Number: 2015938283
ISBN-13: 978-1-58720-566-8
ISBN-10: 1-58720-566-1
Warning and Disclaimer
This book is designed to provide information about the CCNA Security Implementing Cisco Network
Security (IINS) 210-260 exam. Every effort has been made to make this book as complete and as accu-
rate as possible, but no warranty or fitness is implied.
The information is provided on an “as is” basis. The authors, Cisco Press, and Cisco Systems, Inc. shall
have neither liability nor responsibility to any person or entity with respect to any loss or damages
arising from the information contained in this book or from the use of the discs or programs that may
accompany it.
The opinions expressed in this book belong to the authors and are not necessarily those of Cisco
Systems, Inc.
Trademark Acknowledgments
All terms mentioned in this book that are known to be trademarks or service marks have been appropriately
capitalized. Cisco Press or Cisco Systems, Inc., cannot attest to the accuracy of this information. Use of a
term in this book should not be regarded as affecting the validity of any trademark or service mark.
ii CCNA Security 210-260 Official Cert Guide
9781587205668_BOOK.indb ii9781587205668_BOOK.indb ii 4/29/15 3:40 PM4/29/15 3:40 PM
Special Sales
For information about buying this title in bulk quantities, or for special sales opportunities (which may
include electronic versions; custom cover designs; and content particular to your business, training goals,
marketing focus, or branding interests), please contact our corporate sales department at
[email protected] or (800) 382-3419.
For government sales inquiries, please contact [email protected].
For questions about sales outside the U.S., please contact [email protected].
Feedback Information
At Cisco Press, our goal is to create in-depth technical books of the highest quality and value. Each book
is crafted with care and precision, undergoing rigorous development that involves the unique expertise
of members from the professional technical community.
Readers’ feedback is a natural continuation of this process. If you have any comments regarding how we
could improve the quality of this book, or otherwise alter it to better suit your needs, you can contact us
through email at [email protected]. Please make sure to include the book title and ISBN in your
message.
We greatly appreciate your assistance.
iii
Publisher: Paul Boger
Associate Publisher: Dave Dusthimer
Business Operation Manager, Cisco Press: Jan
Cornelssen
Acquisitions Editor: Denise Lincoln
Managing Editor: Sandra Schroeder
Senior Development Editor: Christopher
Cleveland
Senior Project Editor: Tonya Simpson
Copy Editor: Keith Cline
Technical Editors: Scott Bradley, Panos
Kampanakis
Editorial Assistant: Vanessa Evans
Cover Designer: Mark Shirar
Composition: Bronkella Publishing
Indexer: Erika Millen
Proofreader: Chuck Hutchinson
9781587205668_BOOK.indb iii9781587205668_BOOK.indb iii 4/29/15 3:40 PM4/29/15 3:40 PM
About the Authors
Omar Santos is the technical leader for the Cisco Product Security Incident Response
Team (PSIRT). He mentors and leads engineers and incident managers during the
investigation and resolution of security vulnerabilities in all Cisco products. Omar has
been working with information technology and cybersecurity since the mid-1990s.
Omar has designed, implemented, and supported numerous secure networks for Fortune
100 and 500 companies and for the U.S. government. Prior to his current role, he was
a technical leader within the World Wide Security Practice and the Cisco Technical
Assistance Center (TAC), where he taught, led, and mentored many engineers within
both organizations.
Omar is an active member of the security community, where he leads several industry-
wide initiatives and standards bodies. His active role helps businesses, academic institu-
tions, state and local law enforcement agencies, and other participants that are dedicated
to increasing the security of the critical infrastructure.
Omar is the author of several books and numerous white papers, articles, and security
configuration guidelines and best practices. Omar has also delivered numerous technical
presentations at many conferences and to Cisco customers and partners, in addition to
many C-level executive presentations to many organizations.
John Stuppi, CCIE No. 11154 (Security), is a technical leader in the Cisco Security
Solutions (CSS) organization at Cisco, where he consults Cisco customers on protecting
their network against existing and emerging cybersecurity threats. In this role, John is
responsible for providing effective techniques using Cisco product capabilities to pro-
vide identification and mitigation solutions for Cisco customers who are concerned with
current or expected security threats to their network environments. Current projects
include helping customers leverage DNS and NetFlow data to identify and subsequently
mitigate network-based threats. John has presented multiple times on various network
security topics at Cisco Live, Black Hat, and other customer-facing cybersecurity confer-
ences. In addition, John contributes to the Cisco Security Portal through the publica-
tion of white papers, security blog posts, and cyber risk report articles. Before joining
Cisco, John worked as a network engineer for JPMorgan and then as a network security
engineer at Time, Inc., with both positions based in New York City. John is also a CISSP
(#25525) and holds an Information Systems Security (INFOSEC) professional certifica-
tion. In addition, John has a BSEE from Lehigh University and an MBA from Rutgers
University. John lives in Ocean Township, New Jersey (a.k.a. the “Jersey Shore”) with his
wife, two kids, and dog.
iv CCNA Security 210-260 Official Cert Guide
9781587205668_BOOK.indb iv9781587205668_BOOK.indb iv 4/29/15 3:40 PM4/29/15 3:40 PM
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
1
/
95
100%
![19 - Ccna Security Student Packet Tracer Manual [-PUNISHER-]](http://s1.studylibfr.com/store/data/010085743_1-c7d2e12514cf13ee2c8bc65cd9ac1f32-300x300.png)
