CCSP My Thoughts
Pre-requisites:
If you have a CCNA and you have passed the SND exam you are got to go. If not you will need to clear the CCNA Security to satisfy the prerequisites.
Exams:
In addition to the pre-requisites you have to pass three required exams and choose one more from the elective exams. Any exam from the electives will satisfy the Certification requirements.
So lets see what you would need to pass these exams. I will also include the study materials that i will be using for each exam.
1) 642-504 SNRS Securing Networks with Cisco Routers and Switches (SNRS)
As the name suggests, securing networks with routers and switches. Expect to use a lot of CLI for this exam. You will be required to configure VPNs, IOS-IPS, layer-2 security and CBAC.
I think this is one of the hardest one in all the CCSP exams. Lots and lots of CLI configurations that surely will give you nightmares.
2.) 642-524 SNAF Securing Networks with ASA Foundation (SNAF)
This is like SNRS but all GUI based. Yup the foundation and the concepts are the same. But instead of using the CLI to perform the security functions you will be required to use a security appliance. You will be using ASDM to do most of the configurations, don’t get me wrong you will still be required to do CLI based configurations. You will be using ASDM to configure VPNs, AAA, L3/L4 protocol inspections and firewalls.
This just like SDM, you can either run ASDM on a pc or install it on the ASA device.
3) 642-533 IPS Implementing Cisco Intrusion Prevention System (IPS)
You will be required to deploy, configure, and administer Cisco IPS sensors to protect network devices as well as efficiently manage IPS alarms. This exam is all about IPS. So you have to dig deep and get into the core of Cisco IPS.
Once again you will be required to know how to configure IPS using CLI. There are other appliances also that you will need to use including Cisco IDM and IEV.
4) Elective Exams (Choose One)
a) 642-591 CANAC Implementing Cisco NAC Appliance (CANAC)
So what is NAC?
The NAC Appliance (Cisco Clean Access) is a “shrink-wrapped” network admission control solution that recognizes users, their devices and roles; evaluates the security posture of the endpoint and scans for vulnerabilities; and enforces policy in the network. In particular, prior to allowing users onto the network, the NAC Appliance (Cisco Clean Access) solution allows administrators to authenticate, authorize, interrogate and remediate users and their machines enforcing policy based access control on the network.
b.) 642-545 MARS Implementing Cisco Security Monitoring, Analysis and Response System (MARS)
One more security appliance to know off. Once again GUI based and a lot of configuration involved including installing and maintenance along with event and traffic inspections.
c) 642-515 SNAA Securing Networks with ASA Advanced (SNAA)
As the name suggests it is basically SNAF on steroids. You will be required to configure advance features on ASA, including configuring the ASA 5505 dual-ISP support, configuring ASA 5505 VLANs, configuring policy NAT, installing and configuring the Cisco Secure Desktop, configuring the security appliance to pass multicast traffic, configuring Layer 7 class maps and policy maps, and initializing the AIP-SSM and CSC-SSM.
Note: For a complete list of exam objective please visit the cisco’s website.
Certification Notes: (things you will need)
i) If you are using GNS3, make sure you are using IOSs with version 12.4(6)T and newer.
ii) ASA and PIX Security Appliance 8.0 AKA ASA 5500 Rev 8.
iii) Adaptive Security Device Manager (ASDM) Version 5.0(2) or 6
Now don’t get confused here Cisco ASA are devices, security devices. Using ASA you can configure NAT, VPNs and IPS.
Related Posts
- JN0-331 dumps
- 642-591 self-study training
- Securing Cisco Network Devices Exam(SND)
- Securing Networks with Cisco Routers and Switches
- Securing Networks with PIX and ASA
Tags: CCSP