Librería Portfolio

CCNP Security SISAS 300-208 Official Cert Guide

CCNP Security SISAS 300-208 Official Cert Guide from Cisco Press enables you to succeed on the exam the first time and is the only self-study resource approved by Cisco. Cisco security experts Aaron Woland and Kevin Redmon share preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills.

This complete study package includes

A test-preparation routine proven to help you pass the exam
"Do I Know This Already?ö quizzes, which enable you to decide how much time you need to spend on each section
The powerful Pearson IT Certification Practice Testsoftware, complete with hundreds of well-reviewed, exam-realistic questions, customization options, and detailed performance reports
A final preparation chapter, which guides you through tools and resources to help you craft your review and test-taking strategies
Study plan suggestions and templates to help you organize and optimize your study time
Well regarded for its level of detail, study plans, assessment features, challenging review questions and exercises, video instruction, and hands-on labs, this official study guide helps you master the concepts and techniques that ensure your exam success.

Aaron T. Woland, CCIE No. 20113, is a Principal Engineer and works with the largest Cisco customers all over the world. His primary job responsibilities include Secure Access and Identity deployments with ISE, solution enhancements, standards development, and futures. Aaron is the author of Cisco ISE for BYOD and Secure Unified Access (Cisco Press) and many published white papers and design guides. He is one of the first six members of the Hall of Fame for Distinguished Speakers at Cisco Live, and is a security columnist for Network World, where he blogs on all things related to Identity.

Kevin Redmon is a Systems Test Engineer with the Cisco IoT Vertical Solutions Group, specializing in all things security. Previously with the Cisco Systems Development Unit, Kevin supported several iterations of the Cisco Validated Design Guide for BYOD and is the author of Cisco Bring Your Own Device (BYOD) Networking Live Lessons (Cisco Press). Since joining Cisco in October 2000, he has worked closely with several Cisco design organizations, and as Firewall/VPN Customer Support Engineer with the Cisco Technical Assistance Center (TAC). He holds several Cisco certifications and has an issued patent with the U.S. Patent and Trademark Office.

The official study guide helps you master topics on the CCNP Security SISAS 300-208 exam, including the following:

Identity management/secure access
Threat defense
Troubleshooting, monitoring and reporting tools
Threat defense architectures
Identity management architectures
The CD contains 150 practice questions for the exam and a study planner tool.



Contents

Introduction xxxi

Part I The CCNP Certification

Chapter 1 CCNP Security Certification 3

CCNP Security Certification Overview 3

Contents of the CCNP-Security SISAS Exam 4

How to Take the SISAS Exam 5

Who Should Take This Exam and Read This Book? 6

Format of the CCNP-Security SISAS Exam 9

CCNP-Security SISAS 300-208 Official Certification Guide 10

Book Features and Exam Preparation Methods 13

Part II "The Triple Aö (Authentication, Authorization, and Accounting)

Chapter 2 Fundamentals of AAA 17

"Do I Know This Already?ö Quiz 18

Foundation Topics 21

Triple-A 21

Compare and Select AAA Options 21

Device Administration 21

Network Access 22

TACACS+ 23

TACACS+ Authentication Messages 25

TACACS+ Authorization and Accounting Messages 26

RADIUS 28

AV-Pairs 31

Change of Authorization 31

Comparing RADIUS and TACACS+ 32

Exam Preparation Tasks 33

Review All Key Topics 33

Define Key Terms 33

Chapter 3 Identity Management 35

"Do I Know This Already?ö Quiz 35

Foundation Topics 38

What Is an Identity? 38

Identity Stores 38

Internal Identity Stores 39

External Identity Stores 41

Active Directory 42

LDAP 42

Two-Factor Authentication 43

One-Time Password Services 44

Smart Cards 45

Certificate Authorities 46

Has the Certificate Expired? 47

Has the Certificate Been Revoked? 48

Exam Preparation Tasks 51

Review All Key Topics 51

Define Key Terms 51

Chapter 4 EAP Over LAN (Also Known As 802.1X) 53

"Do I Know This Already?ö Quiz 53

Foundation Topics 56

Extensible Authentication Protocol 56

EAP over LAN (802.1X) 56

EAP Types 58

Native EAP Types (Nontunneled EAP) 58

Tunneled EAP Types 59

Summary of EAP Authentication Types 62

EAP Authentication Type Identity Store Comparison Chart 62

Network Access Devices 63

Supplicant Options 63

Windows Native Supplicant 64

Cisco AnyConnect NAM Supplicant 75

EAP Chaining 89

Exam Preparation Tasks 90

Review All Key Topics 90

Define Key Terms 90

Chapter 5 Non-802.1X Authentications 93

"Do I Know This Already?ö Quiz 93

Foundation Topics 97

Devices Without a Supplicant 97

MAC Authentication Bypass 98

Web Authentication 100

Local Web Authentication 101

Local Web Authentication with a Centralized Portal 102

Centralized Web Authentication 104

Remote Access Connections 106

Exam Preparation Tasks 107

Review All Key Topics 107

Define Key Terms 107

Chapter 6 Introduction to Advanced Concepts 109

"Do I Know This Already?ö Quiz 109

Foundation Topics 113

Change of Authorization 113

Automating MAC Authentication Bypass 113

Posture Assessments 117

Mobile Device Managers 118

Exam Preparation Tasks 120

Review All Key Topics 120

Define Key Terms 120

Part III Cisco Identity Services Engine

Chapter 7 Cisco Identity Services Engine Architecture 123

"Do I Know This Already?ö Quiz 123

Foundation Topics 127

What Is Cisco ISE? 127

Personas 129

Administration Node 129

Policy Service Node 129

Monitoring and Troubleshooting Node 130

Inline Posture Node 130

Physical or Virtual Appliance 131

ISE Deployment Scenarios 133

Single-Node Deployment 133

Two-Node Deployment 135

Four-Node Deployment 136

Fully Distributed Deployment 137

Communication Between Nodes 138

Exam Preparation Tasks 148

Review All Key Topics 148

Define Key Terms 148

Chapter 8 A Guided Tour of the Cisco ISE Graphical User Interface 151

"Do I Know This Already?ö Quiz 151

Foundation Topics 155

Logging In to ISE 155

Initial Login 155

Administration Dashboard 161

Administration Home Page 162

Server Information 162

Setup Assistant 163

Help 163

Organization of the ISE GUI 164

Operations 165

Authentications 165

Reports 169

Endpoint Protection Service 170

Troubleshoot 171

Policy 173

Authentication 173

Authorization 173

Profiling 174

Posture 175

Client Provisioning 175

Security G