Pulling It All Together
| We have now covered all the elements you need to understand to pass the Cisco SAFE Implementation (CSI) exam, Exam 642-541. This is an exam that is usually the last in a five-exam series to earn the Cisco Certified Security Professional (CCSP) designation. To earn this, Cisco requires you to hold a valid CCNA and have passed these other exams:
The CSI exam pulls all the pieces together into a single unit covering how to design and implement a secured network using Cisco security technologies and products. It assumes that you already have a substantial level of networking and security knowledge. However, there is no requirement to take Cisco's exams in any particular order; you might not yet have taken any of the exams listed previously. To maximize your chances , and to provide a review for those who have already covered that material (though perhaps not recently), we began with a three-chapter review of how to identify your information assets, what the threats to them are, and what a security policy does to help organize your thinking about both of these (remember, the SAFE Blueprints all assume that a security policy is already in place and either is being or will be adhered to). We followed that with a chapter on network-management protocols and how they work, with a particular eye to their security strengths and weaknesses. When you consider that much of the security in a secured network results from conscious management of what is allowed to happen and what traffic is allowed to flow, the significance of the management protocols (and especially secured versions of them) becomes apparent. We spent two chapters after that taking a high-level view of the various SAFE Blueprints. The first one, and the one that set the pattern for all which followed, is the Enterprise SAFE, suited to a large organization or one that engages in e-commerce. Another one that has great bearing on this exam is the SAFE VPN Blueprint, which goes into considerable detail on how to secure communications between separated locations. The IP Telephony and Wireless SAFE Blueprints are newer and not substantially relevant to the exam, so we did not spend too much time on them. We did pull together the fundamental concepts of the Enterprise SAFEminus the e-commerce and resiliency aspectsand the VPN SAFE to find that these concepts are the basis of the SMR Blueprint, which is the focus of the CSI exam. The assumptions, axioms, design fundamentals, and design alternatives for these three key Blueprints (Enterprise, VPN, and especially SMR) are things that you need to know to pass the exam. The exam is also about implementing the SAFE Blueprint with Cisco products, so we spent the next two chapters looking at the major products employed in a secured network: switches, routers, IDS, AAA, firewalls, the VPN concentrator, and the VPN client (both hardware and software). You should be able to configure each of these in a simulation using the preferred method (CLI for a router, switch, PIX firewall, and IDS, and the GUI for AAA and the VPN devices). At that point, after covering the background, the overall design ideas, and the products to make the designs work, we spent a chapter each on the details of the small, midsize, and remote- user networksthe SMR Model. None of these designs is cast in stone; all have alternatives that you should know. You are almost ready to take the exam, but before you do anything for real, it's always a good idea to practice it a few times. The next four chapters give you a chance to do just that: They contain a pair of practice tests and a pair of answer sets with explanations . They are as much like the actual exam as I can make them without violating the nondisclosure agreement. Review this chapter and then go through those practice tests to see how well you know the whole picture.  |
EAN: 2147483647
Pages: 177