About the CCNP Security IPS v7.0 642-627 Official Cert Guide

This book maps to the topic areas of the 642-627 IPS v7.0 exam and uses a number of features to help you understand the topics and to prepare for the exam.

Objectives and Methods

This book uses several key methodologies to help you discover the exam topics on which you need more review, to help you fully understand and remember those details, and to help you prove to yourself that you have retained your knowledge of those topics. So, this book does not try to help you pass the exams only by memorization, but by truly learning and understanding the topics. The book is designed to help you pass the CCNP Security IPS v7.0 exam by using the following methods:

• Helping you discover which exam topics you have not mastered

• Providing explanations and information to fill in your knowledge gaps

• Supplying exercises that enhance your ability to recall and deduce the answers to test questions

• Providing practice exercises on the topics and the testing process through test questions on the CD

Book Features

To help you customize your study time using this book, the core chapters have several features that help you make the best use of your time:

• “Do I Know This Already?” quiz: Each chapter begins with a quiz that helps you determine how much time you need to spend studying that chapter.

• Foundation Topics: These are the core sections of each chapter. They explain the concepts for the topics in that chapter.

• Exam Preparation Tasks: After the “Foundation Topics” section of each chapter, the “Exam Preparation Tasks” section lists a series of study activities that you should do at the end of the chapter. Each chapter includes the activities that make the most sense for studying the topics in that chapter:

  - Review All the Key Topics: The Key Topic icons appear next to the most important items in the “Foundation Topics” section of the chapter. The Review All the Key Topics activity lists the key topics from the chapter, along with their page numbers. Although the contents of the entire chapter could be on the exam, you should definitely know the information listed in each key topic, so you should review these.
  
  

  - Complete the Tables and Lists from Memory: To help you memorize some lists of facts, many of the more important lists and tables from the chapter are included in a document on the CD. This document lists only partial information, allowing you to complete the table or list.
  
  

  - Define Key Terms: Although the exam is unlikely to ask a question such as “Define this term,” the CCDA exams do require that you learn and know a lot of networking terminology. This section lists the most important terms from the chapter, asking you to write a short definition and compare your answer to the glossary at the end of the book.
  
  

• CD-Based Practice Exam: The companion CD contains an exam engine that allows you to review practice exam questions. Use these to prepare with a sample exam and to pinpoint the topics where you need more study.

How This Book Is Organized

This book contains 24 core chapters—Chapters 1 through 24. Chapter 25 includes some preparation tips and suggestions for how to approach the exam. Each core chapter covers a subset of the topics on the CCNP Security IPS v7.0 exam. The core chapters are organized into parts. They cover the following topics:

Part I: Introduction to Intrusion Prevention and Detection, Cisco IPS Software, and Supporting Devices

• Chapter 1, “Intrusion Prevention and Intrusion Detection Systems”: This chapter covers evaluating and choosing approaches to intrusion prevention and detection.

• Chapter 2, “Cisco IPS Software, Hardware, and Supporting Applications”: This chapter covers Cisco IPS solution components available to satisfy policy and environmental requirements.

• Chapter 3, “Network IPS Traffic Analysis Methods, Evasion Possibilities, and Anti-evasive Countermeasures”: This chapter covers assessing IPS analysis methods, possibilities for evasion in an environment, and choosing the correct anti-evasion methods in a Cisco IPS solution.

• Chapter 4, “Network IPS and IDS Deployment Architecture”: This chapter covers choosing an architecture to implement a Cisco IPS solution according to policy environment requirements.

Part II: Installing and Maintaining Cisco IPS Sensors

• Chapter 5, “Integrating the Cisco IPS Sensor into a Network”: This chapter covers the most optimal method of integrating a Cisco IPS Sensor into a target network.

• Chapter 6, “Performing the Cisco IPS Sensor Initial Setup”: This chapter covers configuring the basic connectivity and networking functions of a Cisco IPS Sensor and troubleshooting its initial installation.

• Chapter 7, “Managing Cisco IPS Devices”: This chapter covers deploying and managing Cisco IPS Sensor management interfaces and functions.

Part III: Applying Cisco IPS Security Policies

• Chapter 8, “Configuring Basic Traffic Analysis”: This chapter covers deploying and managing Cisco IPS Sensor basic traffic analysis parameters.

• Chapter 9, “Implementing Cisco IPS Signatures and Responses”: This chapter covers deploying and managing the basic aspects of Cisco IPS signatures and responses.

• Chapter 10, “Configuring Cisco IPS Signature Engines and the Signature Database”: This chapter evaluates the Cisco IPS signature engines and the built-in signature database.

• Chapter 11, “Deploying Anomaly-Based Operation”: This chapter covers deploying and managing Cisco IPS anomaly-based detection features.

Part IV: Adapting Traffic Analysis and Response to the Environment

• Chapter 12, “Customizing Traffic Analysis”: This chapter covers deploying and managing custom traffic analysis rules to satisfy a security policy.

• Chapter 13, “Managing False Positives and False Negatives”: This chapter covers deploying and managing Cisco IPS Sensor features and approaches that allow the organization to optimally manage false positives and negatives.

• Chapter 14, “Improving Alarm and Response Quality”: This chapter covers deploying and managing Cisco IPS features that improve the quality of prevention and detection.

Part V: Managing and Analyzing Events

• Chapter 15, “Installing and Integrating Cisco IPS Manager Express with Cisco IPS Sensors”: This chapter covers installing the Cisco IPS Manager Express (IME) software, integrating it with a Cisco IPS Sensor, and managing related faults.

• Chapter 16, “Managing and Investigating Events Using Cisco IPS Manager Express”: This chapter covers the Cisco IME features to view, manage, and investigate Cisco IPS events.

• Chapter 17, “Using Cisco IPS Manager Express Correlation, Reporting, Notification, and Archiving”: This chapter covers using Cisco IME features to correlate and report on Cisco IPS events and create notifications.

• Chapter 18, “Integrating Cisco IPS with CSM and Cisco Security MARS”: This chapter covers configuring the Cisco IPS to integrate with Cisco Security MARS and choosing Cisco Security MARS features that enhance Cisco IPS event quality.

• Chapter 19, “Using the Cisco IntelliShield Database and Services”: This chapter covers choosing the features of and using the Cisco IntelliShield services to gather information about event meaning and response guidelines.

Part VI: Deploying Virtualization, High Availability, and High-Performance Solutions

• Chapter 20, “Using Cisco IPS Virtual Sensors”: This chapter covers deploying and managing Cisco IPS policy virtualization.

• Chapter 21, “Deploying Cisco IPS for High Availability and High Performance”: This chapter covers deploying and managing features for Cisco IPS redundancy and performance optimization.

Part VII: Configuring and Maintaining Specific Cisco IPS Hardware

• Chapter 22, “Configuring and Maintaining the Cisco ASA AIP SSM Modules”: This chapter covers performing initial configuration, installation, troubleshooting, and maintenance of the Cisco ASA AIP SSM hardware modules.

• Chapter 23, “Configuring and Maintaining the Cisco ISR AIM-IPS and NME-IPS Modules”: This chapter covers performing the initial configuration, installation, troubleshooting, and maintenance of the Cisco ISR NME and AIM hardware modules.

• Chapter 24, “Configuring and Maintaining the Cisco IDSM-2”: This chapter covers performing the initial configuration, installation, troubleshooting, and maintenance of the Cisco IDSM-2 module.

Part VIII: Final Exam Preparation

• Chapter 25, “Final Preparation”: This chapter identifies tools for final exam preparation and helps you develop an effective study plan.

Part IX: Appendixes

• Appendix A, “Answers to the “Do I Know This Already?” Quizzes”: This appendix includes the answers to all the questions from Chapters 1 through 24.

• Appendix B, “CCNP Security IPS 642-627 Exam Updates: Version 1.0”: This appendix provides instructions for finding updates to the exam and this book when and if they occur.

• Appendix C, “Memory Tables”: This CD-only appendix contains the key tables and lists from each chapter, with some of the contents removed. You can print this appendix and, as a memory exercise, complete the tables and lists. The goal is to help you memorize facts that can be useful on the exams. This appendix is available in PDF format on the CD; it is not in the printed book.

• Appendix D, “Memory Tables Answer Key”: This CD-only appendix contains the answer key for the memory tables in Appendix C. This appendix is available in PDF format on the CD; it is not in the printed book.